19th CSEC Group Meeting

Date

December 20, 2002

Location

Information Processing Society of Japan (IPSJ) Meeting Room

Shibaura-Maekawa Bldg. 7F, 3-16-20, Shibaura, Minato-ku, Tokyo 108-0023, JAPAN

Transportation

JR Tokyo - (8 minutes JR Yamanote Line) - JR Tamachi

19th CSEC Group Meeting Program

(1) Automatic Encryption Key Management function for Crypt-Mail Secretary

Takao OHTA
Masahiko HATANAKA

We had been studying automatic cryptograph system for mail to reduce personal troublesome work of mail encryption (ex. management of encryption keys), and constructing some alpha-version mail-proxy systems (Crypt-Mail Secretary: CMS). In a current CMS system, CMS administrator in an encryption-domain must exchange to the encryption keys manually with the ones in other domains. So the number of encryption-domains is increased, the administrator must take a lot of time to exchange encryption keys. In this report, we propose an automatic encryption key exchange and management procedure for CMS, which is based on IPsec, to reduce labor of CMS administrator. And, we show an implementation of the proposed CMS system which automatically exchanges the encryption key scheduled by each key's date of validity.

(2) Proposal for Uunder The Door Communication on the network

Tetsuya Tomita
Yuko Murayama

In this research we try and implement communication systems using the metaphor of a door on the World Wide Web (WWW) as a media for informal communications. We call those informal communications through a door "on-door-communications". This paper introduces a system for the under-the-door communication. We present its model design and implementation. Finally, we discuss on its security issues.

(3) A Behavior-Based Intrusion Prevention System for Web-servers.

Masayuki NAKAE (Internet Systems Research laboratories, NEC Corp.)
Masaya Yamagata (Internet Solution Platform Development Division, NEC Corp.)
Kazuo YANOO (Internet Systems Research laboratories, NEC Corp.)
Ryuichi Ogawa (Internet Systems Research laboratories, NEC Corp.)

In order to prevent unknown attacks from external networks, the concept of dynamic defense has been proposed. The system employs intrusion detection and filtering technologies to take adaptive measures against anomalies detected on the network. However it cannot guarantee that internal servers are securely protected against attacks. To solve this problem we propose a new dynamic defense model called "prudent dynamic defense (PDD)," that separates the internal network into two parts: monitoring area and protected area. This reports describes the outline of the model and its experimental implementation.

(4) Traffic Analysis on Mass Mailing Worm and DNS/SMTP

Yasuo Musashi (Center for Multimedia and Information, Kumamoto University.)
Kenichi Sugitani (Center for Multimedia and Information, Kumamoto University.)
Ryuichi Matsuba (Center for Multimedia and Information, Kumamoto University.)

The name resolving UDP packet traffic between the domain name system (DNS) server and the electronic mail (E-mail) server of Kumamoto University was statistically investigated when several PC terminals were infected by the mass mailing worm (MMW), such as Myparty, KLEZ, or Yarner. A. The interesting results are: (1) An abnormally large peak of the number of DNS query access emerges when the number of the SMTP access increases drastically. (2) The SMTP access peak occurs at the same point of the DNS access peak. (3) Also, this SMTP access peak is taken to be as the same peak point as the number of the SMTP access for a user. (4) From our survey, the PC terminal of the user is infected by MMW. Consequently, we can detect an owner and/or an IP address of the MMW-infected PC terminal by observing the DNS query traffic from the E-mail server to the DNS server.

(5) Digital Watermarking of Vector Digital Maps by Using Mesh-Spectral Transform

Hiro Ueda (Graduate School of Eng, Yamanashi University)
Ryutarou Ohbuchi (Computer Science Department, Yamanashi University)
Shu Endo (IBM Japan)

With the increased use of geographical information systems, it has become ever more important to protect intellectual property rights of 2D vector digital maps. In this paper, we propose to apply digital watermarking in order to protect intellectual property of digital maps. The algorithm proposed in this paper embeds a watermark by modifying the geometry of the map in its "frequency" domain by using a technique called mesh spectral analysis. The watermark obtained by using this method show resiliency against such attacks as additive random noise, vertex insertion, rotation, scaling, translation, and cropping.

(6) An Watermark Embedding Method which Takes Post-Processing into Consideration

Koichi Kamijo

Watermark technology is focused as a solution for rights management of digital contents. In watermarking, robustness and fidelity are very important technology items, but they are trade-offs, and it's an important research item to analyze how to improve the robustness under the restricted fidelity. Many of the papers which deal with this problem target to achieve the maximum watermark strength just after embedded, but the real problem is how to keep the robustness after each post-processing is performed. In this paper, we propose an watermark embedding method which takes post-processing into consideration to improve the robustness, and report the experimental results which prove the effectiveness of the method.

(7) Various Models of Collusion Secure Codes

Katsunari YOSHIOKA (Yokohama National University)
Junji SHIKATA (Yokohama National University)
Tsutomu MATSUMOTO (Yokohama National University)

For fingerprinting and traitor tracing schemes, several collusion secure codes have been proposed to enhance resilience against collusion attacks. However several models of collusion secure codes, according to their applications, have been defined without consistency. In this paper, in order to treat them with generality we define various models for collusion secure codes including those models, and analyze them in details. In particular, we reveal some relations among the classes of collusion secure codes under consideration.

(8) A Vulnerability Assessment Tool Using First-Order Predicate Logic

KAWAUCHI Kiyoto
KITAZAWA Shigeki
NAKANO Hatsumi
OHKOSHI Takehiro
FUJII Seiji
KAWAKI Motokazu

Attackers often intrude their target sites by using one or more vulnerabilities found in victim hosts. Also, they can use viruses to put backdoors into target sites. Security scanners which are commonly used for security assessment cannot detect such risks described above, because they can just enumerate vulnerabilities. In this paper, we propose a vulnerability assessment tool, which can simulate whole possible activities taken by attackers. This is achieved by applying an inference engine based on first-order predicate logic to decide attack scenarios.

(9) Authentication Methods for Mobile Phones

Shoji Sakurai (Information Technology R&D Center, Mitsubishi Electric Corporation)
Wataru Takahashi (Mitsubishi Electric Information Systems Corporation)

For user authentication using a mobile phone, it is difficult to input a complicated password from a keypad. So, it is widely used to input a 4-digit number as a password. But in mobile environment, there is a risk of shoulder hacking which is the simplest way to steal a password. This paper presents authentication methods using challenge-response technique which protect password leak. By using these authentication methods, it is possible to input authentication data from a keypad safely whenever malicious people watch the input.

(10) A Study on flexible payment system

Satoru Saigo (NTT DoCoMo Multimedia Laboratories Co., Ltd.)
Fumiaki Miura (NTT DoCoMo Multimedia Laboratories Co., Ltd.)
Osamu Takahashi (NTT DoCoMo Multimedia Laboratories Co., Ltd.)

To realize an anonymous payment on the internet, many payment mechanisms (SET and Ecash are typical ones) were already proposed [1,2]. By the mechanisms only one client can buy some contents from a merchant, but multiple clients can't do, because a target of the mechanisms is the only forward case. While by the paper-based payment we generally use, multiple clients can flexibly distribute their amounts, and easily accept flexible account services (ex. a group discount service). This paper proposes a new payment system that is partly based on Ecash, to realize an above flexible payment for multiples clients.

(11) eTRON: Entity and Economy TRON

KOSHIZUKA, Noboru
SAKAMURA, Ken

This article proposes a wide area distributed system architecture, called Entity and Economy TRON, eTRON, which incorporates with distributing value entities in secure. Recently, computers are embedded in various equipments for our everyday use, as seen in various ubiquitous computing scenarios. However, the number of cracking and illegal accesses for computers via the Internet is increasing in these years. For the improvement of this situation of computerized society, we are developing eTRON for providing an infrastructure for secure computing and networking that everyone can use it without difficulty. This article overviews basic concepts and architecture of eTRON, as well as its key components, eTRON chips, tamper resistant nodes in the eTRON architecture.

(12) Securely Transferable Entity Platform for Mobile Communications

Hiroshi Aono (Multimedia Laboratories, NTT DoCoMo, Inc.)
Kazuhiko Ishii (Multimedia Laboratories, NTT DoCoMo, Inc.)
Kensaku Mori (Multimedia Laboratories, NTT DoCoMo, Inc.)
Sadayuki Hongo (Multimedia Laboratories, NTT DoCoMo, Inc.)
Noboru Koshizuka (Information Technology Center, The University of Tokyo/)
Ken Sakamura (Interfaculty Initiative in Information Studies, The University of Tokyo.)

Recently, we can buy digital value such as an electronic ticket using E-Commerce in the Internet. But we can't transfer digital value between terminals directly for the viewpoint of the security. We research the secure platform that can transfer digital entities between mobile terminals directly in the Internet and real world. We applied eTRON architecture which is the secure distributed architecture based on tamper-resistant technology for our securely transferable entity platform for mobile communications (STeP). In this paper, we describe about the design policy and structure of STeP, and introduce concrete system using STeP.

---

[home]