20th CSEC Group Meeting

Date

February 27, 2003

February 28, 2003

Location

Campus Plaza Kyoto

Transportation

20th CSEC Group Meeting Program

(1) Design and Management of Kyoto Wireless Internet Project MIAKO-Net

FUJIKAWA Kenji (Kyoto University)
KOMURA Takaaki (ASTEM)
OKABE Yasuo (Kyoto University)

We are developing wireless Internet access experiment MIAKO-Net based on wireless LANs in Kyoto. MIAKO-Net provides wireless Internet access with fixed IP address assignment, high-level security, access to a Community Area Networks (CAN), and location-dependent contents. This paper describes the basic policy of MIAKO-Net, and design and management of its network.

(2) The wide-area wireless internet by using Ad-Hoc networks and wireless LANs

Kota KANBE (The graduate school of Science and Engineering, Ritsumeikan University)
Ryozo KISHIMOTO (College of Science and Engineering, Ritsumeikan University)

Although there are demands that many users want to enjoy internet services in the wide-area wireless internet, transparency and mobility aren't supported in today's IPv4 networks. Mobile IP or cellular IP were proposed as the macro- and micro-mobility protocols. However, there are severe problems such as packet losses and QoS controls at call setup and handover, when these protocols are applied to the wide-area fixed-zone wireless networks. In this paper, new wide-area seamless wireless network architecture is proposed by using wide-area wireless ad-hoc networks, wireless LANs and mobile agent protocols, which is capable of solving these problems. This proposed architecture is capable of providing robust and fault-tolerant networks whose communication services are uninterrupted even if the access points of wireless LANs break down.

(3) Ad-hoc ITS Architecture used GIS Concept

Hiroyuki ENDO (The graduate school of Science and Engineering, Ritsumeikan University)
Ryozo KISHIMOTO (College of Science and Engineering, Ritsumeikan University)

Now, ITS (Intelligent Transport Systems) Service is spreading as ETC, VICS, Car Navigation in Japan. But they are only local update and one direction. Next ITS service will need to use more Dynamic update and more big scale. Because there are 70 million cars in Japan, next ITS service is made into them. So this time, there are various information and big traffic on ITS. If present system accept the next service, it is very difficult to have various information and big traffic on ITS. So I propose the ITS Architecture to use GIS's Concept and Ad hoc network. Ad hoc network correspond the big traffic and various information to distributing processing. And, to introduce GIS's concept into network, network architecture will based of Geographic information.

(4) Geography dependence mobile network architecture using GIS

Makoto ISHIYAMA
Ryozo KISHIMOTO

If the environment to be able to connect the mobile terminal with the Internet in all situations is arranged, various favors can usually be received in the life. However, it is necessary to consider the characteristic of the mobile terminal deeply to actually construct the environment. Information that the user demands is often root information in the place where the user exists where it sits. For instance, disaster information, traffic report, and information on shopping and the drive, etc. In a word, it is necessary to consider user's positional information by some methods to do a flexible dissemination. In addition, it is thought that the present network architecture can be caught by another aspect by consider geography information, and it can propose various problem solving technique for specializing in a wireless network. This text describes the network construction technique, the handover processing, and the access control technique using geography information.

(5) MCPA with Inter-cell Interference Prediction (MCPA/ICIP) in Voice/Data integrated Reservation-type CDMA Packet Radio Communications for Cellular Systems

Koji NAKAMURA
Hideyuki UEHARA
Mitsuo YOKOYAMA

Hybrid TDMA/CDMA protocol has attracted attention as a multimedia commnication since it can provide flexible and efficient packet transmission. In this paper, we propose a novel TDMA/CDMA protocol which employs a method of scheduling the transmission of multimedia packets and power allocation according to their transmission rate, SIR requirements and the interference power from adjacent cells. We evaluate the voice packet dropping probability and data packet delay through computer simulation. As a result, the proposed scheme has better performance compared with the conventional scheme.

(6) Performance Evaluation of Dynamic Multi-Parth IP Transmission

Takanori Saitou
Tadato Horiike
Shinji Osada
Masamitsu Miyazaki
Hiroaki Higaki
Hidetoshi Morita
Hiromi Saitou

For achieving secure communication against snooping, encryption is applied in the TCP/IP Internet. It is based on that too much computation is required for snooper to get an original data from an encrypted data. Hence, the higher performing computers are developed, the more complex encryption algorithms have to be designed and implemented. This paper prpposes a nevel methodology that IP datagrams are transmitted through multiple paths detected dynamically. Since no additional function is introduced in routers, it is highly applicable. Finally, we evaluate overhead on the router in which ICMP encapsulated packeted are processed and the result shows the proposed method is reasonablly implemented in the Internet.

(7) Secure data communication over hybrid channels

Toshinori Ohsugi
Masakatsu Nishigaki
Masakazu Soga
Itsukazu Nakamura

This paper proposes to use multiple data communication channels for secure data communication. Especially, we here focus on a portable phone and the Internet, that is, the hybrid channel by means of "a secure and narrow channel" and "an unsecure and wide channel" . By explaining some secure communication schemes and secure communication systems achieved with the hybrid channel communication, it is shown that data communication over hybrid channels is efficient for a secure/effective/functional data transmission.

(8) New scheme for passive OS fingerprinting using DHCP message

Shin Shirahata (Keio University, Faculty of Environmental Information)
Yasuo Tsuchimoto (Keio University, Graduate School of Media and Governance)
Jun Murai (Keio University, Faculty of Environmental Information)

At this point, many scheme are proposed for OS fingerprinting. In these scheme is an assumption that the combination of the OS information and the IP address are never changed. Unfortunately, is a dynamic IP address allocation environment, an IP address that os allocated to a certain node could be reallocated to another node with the passage of time. Therefore, there may be a contradiction between the combination of the OS information and the IP address from fingerprinting. To resolve this contradiction, We introduce a new passive OS fingerprinting scheme that focus attention on the dynamic IP address allocation by sniffing DHCP messages. We have implements a new OS fingerprinting tool using this scheme, and evaluated it on a working network.

(9) Hyper-decentralized Authentication Architecture for ubiquitous environment

Takahiro Mizuno (Research and Development Headquarters, NTT DATA Corporation)
Toshimichi Fuda (Research and Development Headquarters, NTT DATA Corporation)
Takashi Hayashi (Research and Development Headquarters, NTT DATA Corporation)
Shigefumi Takahashi (Research and Development Headquarters, NTT DATA Corporation)

With the coming of the Ubiquitous Society, a huge increase in number of non-PC appliances connecting with a network and intercommunication between these appliances without a user are to be expected. One of recent major authentication architecture is Centralized Authentication Architecture in which a server manages authentication data, and this may cause a problem of a load concentration on the server under the above environment. In this paper, we propose Hyper-decentralized Authentication Architecture which eases a load concentration on the server by transferring the server function to a number of appliances under user control. Moreover, we examine the scalability of the proposed architecture in comparison with the conventional architecture based on numerical calculation, and present security requirements for operating securely based on threat analysis.

(10) Customizable ASN.1 Encoder Generator

Bintatsu NODA (FUJITSU LABORATORIES Ltd.)
Masahiro KOMURA (FUJITSU LABORATORIES Ltd.)
Nobuyuki KANAYA (FUJITSU LABORATORIES Ltd.)
Yuko NAKAYAMA (FUJITSU LABORATORIES Ltd.)

ASN.1 is commonly used to specify data formats for X.509 certificates and other protocols. To deal with data encoded in such formats, an application must have a program routine that converts the encoded data into a data structure suitable for a programming language. We developed a generator that can automatically generate such program routines from specifications, in a highly-customizable manner.

(11) Resolution Conversion System for Cellular Phone

Hiroaki Yoshikawa
Takahiro Takanashi
Osamu Uchida
Junji Nakazato
Shohachiro Nakanishi

In case images are distributed to users of cellular phone via the Internet, administrators have to prepare the optimal images for every model of cellular phone, because there are various kinds of resolution for cellular phones. In this paper, we propose a system which generates the image with optimal size for each model automatically by getting the information about the user's model of cellular phone at every access. Using this system, storage space of the server and loads of administrators can be saved. Moreover, adding the image uploading system for cellular phone users, it is possible to exchange optimal images between users.

(12) Score-Based Camerawork Planning for Orchestra Shooting

Sadayuki Shiba (School for Open and Envionmental Systems, Graduate School of Science and Technology, Keio University)
Akifumi Inoue (School for Open and Envionmental Systems, Graduate School of Science and Technology, Keio University)
Junko Hiraishi (School for Open and Envionmental Systems, Graduate School of Science and Technology, Keio University)
Hirofumi Takaku (School for Open and Envionmental Systems, Graduate School of Science and Technology, Keio University)
Hiroshi Shigeno (Faculty of Science and Technology, Keio University)
Ken-ichi Okada (Faculty of Science and Technology, Keio University)

Shootings have been receiving increasing attention even from those who have poor experiences about video making. In this paper, we propose an effective camerawork planning method to shoot a scenario-based scene. First, subjects are picked out from the scenario. Second, a camera is allocated to each subject in accordance with the priority calculated from its role, previous shooting state and cameras location. Herewith camerawork which reacts to the shift of shooting environment and to the variety of users' edit requirements becomes possible. The proposal method applies to an orchestra shooting.

(13)

Akihiro Miyakawa (Board of Education, Tatsuruhama, Ishikawa Perfecture)
Kaoru Sugita (Faculity of Software and Information Science, Iwate Prefectural University)
Yoshitaka Shibata (Faculity of Software and Information Science, Iwate Prefectural University)

It is the description language that a base disposes sensitivity word about furniture disposing a housing pert in the begining and done space, and, in DCML(Digital Crafting Markup Labguage) tradition industrial arts database description language expansion imagination space, architecture of a language to provide a library in order a sensitivity search to be done at user interface making easily, and to do is proposed.

(14) Comparision of Binary and Multiple-classes Decision Trees for classification of Webpage

Kazunori Yoneyama (Graduate Sclool of Engineering, Tokai university)
Isao Takasaki (Graduate Sclool of Engineering, Tokai university)
Hiroaki Kikuchi (Graduate Sclool of Engineering, Tokai university)
Shohachiro Nakanashi (Graduate Sclool of Engineering, Tokai university)

A web directry is usuful service for retrieving webpages. howver a dassification of webpages is commonly made human opperator's subjective. In order for autmatic classification of webpages, given a set of keywords extracted from webpages we apply to a decision tree learning algorithm includin the ID3 algolithm. There are two possible approaches to classify webpages into c classes - a binary tree and a multiple-class tree. A multiple-class tree is of c diferent kind leaves and classififiers webpages by just one tree. A binary tree is a tree in which leaves are '+' or '-'. A set of c independent tree gives an integretedd classification of webpages. In this paper we estimate these performance and accuracy for some training data.

(15) An audit-assisting tool for writing secure Java code

Hisashi Kojima (FUJITSU Lab Ltd.)
Yuko Nakayama (FUJITSU Lab Ltd.)
Satoru Kawashima (FUJITSU INFO SOFTWARE TECHNOLOGIES LIMITED)
Ryoko Fujikawa (FUJITSU LIMITED)

As web applications become common, the number of security breaches continues to grow steadily. Particularly, security of signed Java applets are quite important because users will suffer directly if they are exploited, and it is known that there are some typical coding defects that allow such exploitation. Although Source code auditing is a good way to find such defects, it is incomprehensive and inefficient to do it manually, and there is no good assisting tool suitable for our purpose. To cope with this problem, we have developed a tool to assist in auditing Java applet source code in security aspects.

(16) Development of an Unknown Computer-Virus Detection Program

Saeko Matsuura (Shibaura Institute of Technology Department of Electronic Information Systems)
Michiko Kato (Kanri Kougaku Kenkyuusyo,Ltd)
Ryo Ojima (Kanri Kougaku Kenkyuusyo,Ltd)

An unknown computer-virus was caught with "a program with malicious behavior patterns", and a model which detects the behavior patterns was built. A detection program which operates on the Windows was developed based on this model, and a detection experiment of an existing virus was conducted. This paper explains the detection model, and reports the detection experiment.

(17) A technique of supporting to set up a machine in Integrated Security Management System

Mariko Kasai (Systems Development Laboratory, Hitachi, Ltd.)
Makoto Kayashima (Systems Development Laboratory, Hitachi, Ltd.)
Yoshinori Watanabe (Systems Development Laboratory, Hitachi, Ltd.)
Yoshiyuki Nakano (Hitachi Systems & Services, Ltd.)

Recently the threat on the Internet is increasing. And, the scale of the system is growing large. For this reason, it is difficult for system administrators and security managers to consider and implement security measures which cover a design to operation in total. Corresponding to such a problem, we have proposed the "Integrated Security Management System" which supports consistently the construction phase and the operation phase from the design phase. The one of the purpose of the system is to support applying to the machine precisely. Reality, however, is not that simple.Then, this paper proposes the technique of supporting to set up a machine without trouble.

(18) An Autonomic Security Management System with Prevention and Recovery (1)

Kazumasa OMOTE (Fujitsu Laboratories Ltd.)
Satoru TORII (Fujitsu Laboratories Ltd.)

Many tools for security management are proposed to keep a network system secure. However, it will be hard for a security administrator to manage a network system because it becomes large and complicated by developed and spread network/PC. In this paper, we propose a framework of autonomic security management system, which manages to keep a network system secure and prevents it from intrusion by decision the best measure based on information. We mention the state of network system and list some requirements for security management. Then, we define the autonomy to solve these requirements and state the necessity of prevention and recovery. Finally, we propose a security management system model and mention that our model is autonomic.

(20) A great leap of Digital Archives

Hirokazu Shimizu

Kyoto City Government developed the "Kyoto Digital Archives Concept" in April, 1997. In the promotion of the Kyoto Digital Archives Project, the Kyoto Digital Archives Promotion Organization was established in 1998, then as a succeeding body of this organization, we started the Kyoto Digital Archives Research Center in August, 2000.Then, what does Kyoto City Government aim at, and how do we proceed for archiving, and by what method do we do? The members of the National Council for Regional Digital Archives Promotion, for which Kyoto Digital Archives Research Center took the lead and appealed all over the country, are increasing in number rapidly. At the same time, we can not look aside a move of study group of digital archives in central government, digital archives subcommittee of Liberal Democratic Party and so on. With these circumstances above, I would like to describe my comment and view based on our practices, and a future prospect of my own.

(21) The method of detecting the administrator authority capture by a script attack

Masashi Iwata
Tomokazu Yamamoto
Masanori Tanaka
Takehiko Abe
Haruhiko Kimura

The purpose of this research is to build an intrusion detection system, which detects the administrator authority capture by a script attack. The script attack is the attack technique which acquires the administrator authority of the personal computer by sending and performing a script in the personal computer for invasion. In Windows, user information is recorded on the class type database called registry. In this paper, we propose a new database named the user information database and use it to record the user information which is the same information recorded on the registry. The system can detect an inaccurate user by comparing the user information on the registry with the user information on the user information database.

(22) A Concept and Design of DDoS attack generator

Shinsuke Miwa (Emergency Communications Group, Information and Network Systems Division, Communications Research Laboratory)
Osamu Takizawa (Emergency Communications Group, Information and Network Systems Division, Communications Research Laboratory)
Hiroyuki Ohno (Emergency Communications Group, Information and Network Systems Division, Communications Research Laboratory)

security experiment. Because DDoS attacks send massive traffic to a target, to replay DDoS attack must generate massive traffic. Therefore replaying DDoS attack is difficult on experiment. In this paper, we describe a concept and design of DDoS attack generator using a traffic generator system.

(23) A Design and Implementation of the Integrated Telecommunication Crisis Management Research Facility

Hiroyuki Ohno (Emergency Communications Group, Information and Network System Division, Communications Research Laboratory)
Fumiko Matsumoto (Emergency Communications Group, Information and Network System Division, Communications Research Laboratory)
Yasuhiro Yamazaki (Emergency Communications Group, Information and Network System Division, Communications Research Laboratory)

The Emergency Communications Group, Communications Research Laboratory(ECG/CRL) has strted the research on Info-communication Crisis Manegement in 2001 and has benn developing the facility for the Integrated Telecommunication Crisis Management(ITCM) since then. In this thesis, we are reporting the design and implementation of the opertion facility among the ITCM. The operation facility has named SD room and it contains tow major role. One is to support operation for many servers and their related equipment for crisis management, the other is to support the decision making for crisis managemant.

(24) An Intrusion Detection Strategy Based on Data Aggregation and Shannon Entropy

Nobuhisa Fujita
Norio Shiratori

We have devised a general algorithm for classifying audit data into clusters associated with different types of network activities, in view of developing a more robust way of profiling network entities for intrusion detection. The method is based on the aggregation of the network hosts. The capability of the algorithm is examined by analyzing some log data of SNORT. A probable advantage of our algorithm lies in its ability to discern distributed attacks more effectively than any of the existing algorithms.

(25) Pre-Processing of Primality Test of Large Integer

Aiko Tanaka (Graduate School of Systems and Information Engineering, University of Tsukuba)
Akira Kanaoka (Graduate School of Systems and Information Engineering, University of Tsukuba)
Eiji Okamoto (Insitute of Information Sciences and Electronics, University of Tsukuba)

It is generally known that a large integer has small prime numbers. Hence dividing the large number by small primes is an effective pre-processing of the primality test. This paper evaluates the pre-processing and gives an optimal upper bound of the small primes.

(26) A study of the anonymous authentication management

Yasuhiro IIDA (NTT Information Sharing Platform Laboratories)
Masami Ueno (NTT Information Sharing Platform Laboratories)
Yuji AGAWA (NTT Information Sharing Platform Laboratories)

The anonymous authentication system makes it difficult for a service provider to relate a user's profile and his or her for a service provider, which can protect the user's privacy. In this paper, we describe some requirements and a technical problem when we apply the anonymous authentication system to business situations. We also describe its operation models and clarify that there can be a user whose anonymity is no longer retained in a certain time sequence of issuing/using a certificate. To solve this problem, we propose a novel method that introduces a Trusted Counter (TC) which counts certificates.

(27) Proof of Signer and Privacy Revocation in Ring Signature Protocol

Hiroaki Kikuchi
Minako Tada
Shohachiro Nakanishi

A ring signature is one of the group signature scheme which allows member of a group to sign message such that the resulting signature does not reveal their identity for all users. But, even if a problem occurs and the signer is necessary to be detected, anyone can't determine who signed it. In this paper, we propose an extended protocol of ring signature in which both the group administrator and a signer can indicate who signed on the message. The security of the proposed protocol is based on an assumption of the discrete logarithm problem and a secure hash function.

(28) Formalization of Merger and Decentralization Methods of Certification Authority

Satoshi KOGA (Department of Electrical Engineering and Computer Science, Kyushu University.)
Kouichi SAKURAI (Faculty of Information Science and Electrical Engineering, Kyushu University)

Public Key Infrastructures(PKIs) are very important techniques to support secure electronic commerce and digital communication on network. In real world, various PKI trust models exist and they need to be merge for some reasons. While, Certification Authority(CA) that issues the public key certificates need to be decentralize considering the aspect of security and system. In this paper, we study some methods of merger and decentralization CA and formalize these operations.

(29) A Mechanism to Detect Tampering on Mobile Agents with Trusted Hosts

Yuki KOTEGAWA (Department of Electrical Engineering and Computer Science, Kyushu University, 6-10-1 Hakozaki, Higashiku, Fukuoka City, Japan)
Kouichi SAKURAI (Faculty of Information Science and Electrical Engineering, Kyushu University, 6-10-1 Hakozaki, Higashiku, Fukuoka City, Japan)

Mobile agent technologies are powerful mechanism. An agent owner can leave processing of the task which used the network to a mobile agent instead of oneself by using mobile agent technology. However, major problem of mobile agent paradigm is protecting mobile agents from malicious hosts. In this paper, we propose a mechanism to detect tampering on mobile agents with trusted hosts.

(30) Design and Implementation of Transactional Agents

Masashi Shiraishi (Tokyo Denki University)
Takao Komiya (Tokyo Denki University)
Tomoya Enokido (Tokyo Denki University)
Makoto Takizawa (Tokyo Denki University)

Mobile agents move around object servers where the agents manipulates objects. A transactional agent is an agent which manipulate objects in one or more than one object server so as to satisfy some constraints. There are some types of constraints depending on applications. ACID is an example of the constraints, which shows traditional atomic transactions. There are other constraints like at-least-one constraint where a transaction can commit if at-least-one object server is successfully manipulated. We discuss how transactions with types of constraints can commit. We discuss how to implement transactional agents.

(31) Proposal of Access Control Mechanism and Protocol for Domain Name Systems

Tatsuya BABA (Research and Development Headquarters, NTT Data Corporation)
Takayoshi KUSAKA (Research and Development Headquarters, NTT Data Corporation)
Masaki YAMAOKA (Research and Development Headquarters, NTT Data Corporation)
Shigeyuki MATSUDA (Research and Development Headquarters, NTT Data Corporation)

DNS (Domain Name System) plays an important role in the Internet. It provides the mechanism for translating internet domain names for network hosts into IP addresses, for email routing, and for other information. As the Internet has grown to become a business infrastructure, security extensions to the DNS have been discussed and developed. However, any sort of access control lists or other means to differentiate inquirers are not provided in these extensions. In this paper, we propose a mechanism and a protocol for access control in DNSs.

(32) Securing Public DNS Communication

Kenji Rikitake (KDDI R&D Laboratories, Inc.)
Koji Nakao (KDDI R&D Laboratories, Inc.)
Hiroki Nogawa (Cybermedia Center, Osaka University)
Shinji Shimojo (Cybermedia Center, Osaka University)

The DNS (Domain Name System) has a fundamental weakness on the transport layer, which may affect the overall security of the Internet. The DNS database transaction is mostly performed over UDP, which makes the whole system susceptible to denial-of-service attacks. In this paper, we first discuss the risk of providing DNS service through UDP access on publicly-exposed Internet gateway systems. We then propose introducing T/TCP (Transactional TCP) to the DNS transport layer as an alternative. We evaluate an experimental implementation and show how T/TCP is effective to improve the controllability of the DNS traffic while the performance degradation is minimal.

(33) Statistical Analysis in Logs of DNS Traffic and E-mail Server

Yasuo Musashi (Center for Multimedia and Information Kumamoto University)
Ryuichi Matsuba (Center for Multimedia and Information Kumamoto University)
Kenichi Sugitani (Center for Multimedia and Information Kumamoto University)

The DNS query (Dq) traffic between the DNS and E-mail servers of Kumamoto University was statistically investigated when a lot of PC terminal were infected by the mass mailing worm (MMW) like Frethem. K. The interesting results are: (1) The number of the deferred E-mail (stat=Deferred) increases when the MMW infected-PC terminal increases. (2) The Dq traffic increases in appearance when the number of the deferred E-mail increases. This is because a lot of E-mail servers are frequently closed to the E-mail receiving after detection of an unknown MMW. Therefore, we can detect an increase in MMW-infection by monitoring the Dq traffic from the E-mail server to the DNS server and the SMTP syslog of the E-mail server.)

(34) Design of high-available middleware for large-scale distributed systems

Kazuhiro Murayama
Shinichi Ochiaiy

Recently, high performance computing (HPC) clusters can be applied to mission-critical systems, such as telecommunication systems and radar information processing systems. To use HPC clusters for those systems, it is required to adopt the software mechanism that can support high-performance and non-stop operation in case of failure. For this reason, we have been developing the high-availability middleware which has two distinctive features about fault tolerant management; (1) automatic recovery from failure, (2) dynamic system configuration on MPI. In this paper, we describe the design of our middleware, MPI/SP.

(35) Proposal of redundancy and load balancing between gateways

Takashi Shimizu (Faculty of Environmental Information, Keio University)
Yasuhiro Ohara (Graduate School of Media and Governance, Keio University)
Masaki Minami (Faculty of Environmental Information, Keio University)
Jun Murai (Faculty of Environmental Information, Keio University)

In our research, we focus on redundancy of connectivity and load sharing of traffic from a LAN to outside networks. Typically, a LAN has only a single outgoing connection, where its component router and/or circuit failure causes the entire LAN to disconnect. Such points where single failure causing the entire service to terminate is referred to as "single point of failure". Although the single point of failure is very common in today's Internet, the redundancy of outgoing connections should be ensured by provisioning multiple connections to the LAN. In our research, we study the redundancy of outgoing connectivities and the traffic load sharing, together with its transparency and scalability. Furthermore, we design a new system with consideration of the potential problems in existing researches.

(36) Flexibility in Group Communication

Tomoya Enokido ()
Makoto Takizawa (Tokyo Denki University)

A group protocol is required to support applications with enough quality (QoS) and types of service in change of QoS supported by the underlying network and required by applications. A flexible group service is supported for applications by cooperation of multiple autonomous agents. A group protocol to coordinate the cooperation among agents is realized in a collection of functions like retransmission and receipt confirmation. Each agent dynamically and autonomously takes a class of module for each protocol function consistent with, not necessarily same as, the other agents in change of QoS supported by networks and required by application.

(37) Notes on Copyright Management for Digital Image Distribution System

Satoshi HASUO
Hiroyuki INABA

Many contents distribution systems with copyright management have been realized using by cryptography and/or fingerprint technology. However, few systems have examined a collusion problem. In this paper, first we propose a new algorithm which trace illegal users by using embedded user information from an illegal contents made by a collusion. Second, we show a new file exchange system with copyright management which permits data transfer between users.

(38) Notes on a Digital Watermarking Technique for Audio Data by Haas Effect

Kei Yamamoto
Hiroyuki Inaba

Recently network distribution of digital contents have been widely used, and the problem of copyright protection for digital contents becomes more important. In this paper,we propose a new digital watermarking technique for audio data which have a high quality in auditory feeling. The new method is realized by using Haas effect which is one of the mentality auditory characters. By computer experiment,we confirm the audio quality of the embedded audio and the tolerance to MP3 coding.

(39) A Method of Time Certification using Time Evidence

Shigeyoshi SHIMA ()
Ayako KOMATSU (NEC Corporation, Internet Solution Platform Development Division)

A Time-Stamp is evidence of Proof-of -existence of digital documents and issued by Time-Stamping Authority (TSA) of Trusted Third Party. Time of Time-stamp is used by a local clock of TSA. Time Authority (TA) audits a local clock accuracy of TSA, but don't detect tempering of time. In this paper, we propose method of Time Certification which detects tampering of a local clock of TSA and verifies audit logs of local time after audit of local time of TSA.

(40) Transitive Time-Stamping Scheme

Hiroaki Kikuchi
Naoaki Sugihira
Shohachiro Nakanishi

In the age when documents are mainly dealt with digital media, a requirement of time stamping services are increasing in order to fulfill a proof existence and an integrity of digital documents. The Linear Linking Scheme proposed by Harber, the chain structure using the one way hash function, has a problem that verification cost is proportional to the number of timestamps. This paper proposes a time a stamping scheme based on discrete logarithm problem. The main feature of the proposed scheme is an efficiency for verification of which is a constant size for communication This scheme has transition when verification.

(41) On An FTP Proxy Server with Mirror Selecting Features

Junichi Funasaka (Hiroshima City University)
Masato Bito (Horizon Digital Enterprise, Inc.)
Kenji Ishida (Hiroshima City University)
Kitsutaro Amano (Hiroshima City University)

A lot of mirror servers are operated and managed to reduce loads on popular file servers. Most of existing methods can not satisfy the following two conditions simultaneously: (1)getting the latest version of file and (2)retrieving the file from the nearest mirror server. We propose an FTP proxy server with mirror selecting features and evaluate it in detail. From our evaluations, it is confirmed that the proposed system has high forwarding performance, raises the availability of FTP service, and reduces the amount of traffic.

(42) Design of OS Migration Mechanism among Real Computers

Hirokuni Yano (Corporate Research and Development Center,Toshiba Corp.)
Kiyoko Sato (Corporate Research and Development Center,Toshiba Corp.)
Seiji Maeda (Corporate Research and Development Center,Toshiba Corp.)

In this paper, we propose OS migration mechanism, which can transfer an existing OS among real computers without stopping or suspending a kernel. OS migration is enabled by status managing driver inserted between the OS and device drivers. Status managing driver keeps states of devices and restores them to the devices on destination of migration. If the devices on the computers are different, Status managing driver hides their differences between them so that the OS works continuously. In addition, after the migration, location managing driver enables to use the devices on the previous computer.

(43) Experiment of Biometric Recognition by Hash Function

Tomohiro Nakamura (Gunma University)
Noriaki Yoshiura (Gunma University)
Yoshikuni Onozato (Gunma University)

In recent years,exact individual recognition is demanded from the increase in the electronic commerce by the spread of the internet etc. In the present condition, recognition with a password is main stream ,but biometric recognition through the internet increase from now on. Although biometric data is encrypted and saved in the existent recognition system, it may be decrypted, and then the biometric data itself may be stolen. This paper experiments of biometric recognition by proposing the method of treating the biometric data by hash function.

---

[home]