30th CSEC Group Meeting

Date

July 21, 2005

July 22, 2005

Location

Iwate Prefectural University

Transportation

30th CSEC Group Meeting Program

(1) A Proposal of Worm Detection System by Taking a Statistics of Series of Packets to Honey pot

Maki KATAOKA (National Security Business Unit, Public Business Sector, NTT Data Corporation)
Yumiko ISHIGE ( National Security Business Unit, Public Business Sector, NTT Data Corporation )
Nobutaka MANTANI (Hi-Tech Crime Technology Division, Information Communications Bureau, National Police Agency)
Humiharu OHASHI ( ;Hi-Tech Crime Technology Division, Information Communications Bureau, National Police Agency)

A worm detection system tells us when an unknown worm occurs as well as its attributes. In the proposed system, traffic from the Internet to the honey pot is divided into a series of packets, which include some established TCP connections. The similarity between one series of packets and another are calculated by using the vector space model and the edit distance. As a result, we were able to know that how many times each incident happened and how similar each incident was to others incident. finally ,we were able to find some unknown worms and their attributes.

(2) A Study on Implementation of the Worm Prevention System Following the Infection Process

Shusuke MAEDA (Research and Development Headquarters NTT Data Corporation)
Tatsuya BABA ( Research and Development Headquarters NTT Data Corporation)
Hisamichi OHTANI ( Research and Development Headquarters NTT Data Corporation)
Masataka KADO ( Research and Development Headquarters NTT Data Corporation)
Tsutomu INADA ( Research and Development Headquarters NTT Data Corporation)

The network incidents caused by Internet worms are increasing every year. Infection of worms that exploit the vulnerabilities can be prevented by applying software. However, it is impossible to prevent an infection of worms that exploit unknown-vulnerabilities. Although enhancements of security measures at the network boundaries such as firewalls are effective, such enhancements cannot prevent the internal-infection caused by connecting infected terminals to the intranet. In this paper, we propose a system that prevents infections of unknown-worms and internal infections, applying "the dynamic VLAN control" and "the worm detecting method following the infection process"

(3) A Study on a Method for Malware Quarantine in a Multi-OS Environment

Tatsuya BABA (Research and Development Headquarters NTT Data Corporation)
Hiroshi FUJIMOTO ( Research and Development Headquarters NTT Data Corporation)
Masataka KADO ( Research and Development Headquarters NTT Data Corporation)
Tsutomu INADA ( Research and Development Headquarters NTT Data Corporation)

Recently, infections of malware such as Internet worms and spy ware are becoming a serious problem. To prevent damage from these malware, there are "quarantine systems" that check the installed anti-virus software and the applied security patches on the client PCs when they are connected to the enterprise network. They have a problem, however, that almost all existing quarantine systems work on Microsoft Windows systems only. In this paper, we propose a network quarantine system which has functionalities such as malware quarantine, extermination, protection on network side without depending on client software in Multi-OS environment.

(4) A Consideration of Spy ware Detection using Traffic Analysis

Akira YONAHARA (NTT Data Corporation)
Hisamichi OHTANI ( NTT Data Corporation)
Tatsuya BABA ( NTT Data Corporation)
Tsutomu INADA ( NTT Data Corporation)

Currently, the damage of the spy ware has expanded rapidly. However, countermeasures of spy ware have not spread, because many users were not aware of its risk, and it's cleverly hiding from users notice. Recently countermeasure of spyware is installing the anti-spy ware software in computer. However, the spy ware cannot be completely prevented in countermeasures of the terminal computer only.It is thought that countermeasures different from terminal's is necessary. In a word, countermeasures on the network are necessary. This paper reports on the analysis of spy ware and the possibility of spy ware detection using traffic analysis.

(5) Evaluation of the quarantine system usin" in the wild "viruses

Osamu TANAKA (Institute of Information Security University)
Katuya UCHIDA ( Institute of Information Security University)

Computer virus such as Code Red comes to widen infection on a large scale in a short time after 2001.The damage of such a computer virus is not confined to only an individual and a problem only for an organization and I go through Internet and give arious places big influence. For such situation, it is the present conditions by measures only by anti-virus measure software of conventional measures method that cannot finish coping. On this account the quarantine inspection network which is the only thing method for a maneger to carry out computer virus measures activery begins to attract attention in future. Real inspection is necessary to build an effective quarantine inspection network. On this account I consider precision and a problem of inspection environment to confirm how computer virus spreads by this report in a network by I build environment to let you develop infection, and evaluating Slammer which raged in 2003.

(6) A Note of Intrusion Detection using Alteration of Data

Fumiaki NAGANO (Graduate School of Information Science and Electrical Engineering, Kyushu University)
Kohei TATARA ( Graduate School of Information Science and Electrical Engineering, Kyushu University)
Toshihiro TABATA (Graduate School of Natural Science and Technology, Okayama University; Faculty of Information Science and Electrical Engineering, Kyushu University)
Kouichi SAKURAI ()

These days, Attacks which alter data in memory illegally are one of the most serious security threats. Although a lot of detection systems have been proposed so far, most of the systems have the problem that only a part of the alteration of data in memory can be detected. And, some detection systems use secret data. But, if an execution code has a bug like format string bug which enable attackers to read data in memory, data in memory might be altered illegally because the secrete data might be guessed by the attackers. Then, we propose a system which detects the alteration of arbitrary data in memory by attackers. Moreover, this system doesn't have the vulnerability that exist the systems which use secret data.

(7) Comparison of Error Probabilities of The Miller-Rabin Test by Experimental Measurement Value and Theoretical Upper Bound

Toshiya NAKAJIMA

We compare theoretical upper bounds of error probability of the Miller-Rabin test(probability that a strong probable prime is a strong pseudo prime)with experimental results for randomly generated odd integers of 100-300 bit length. The number of strong probable primes we test is the theory-conjectured number in which about sixteen strong pseudo primes would be found for each bit length. After the experiment, no strong pseudo primes were found. Analyzing this result by statistical inference, we estimate with 95% upper confidence limit that the real error probability for the range of tested bit length is less than 1/4 of the minimum theoretical upper bound.

(8) On Security of Superelloptic Curves and C ab Curves Based Cryptosystems against GHS Weil Descent Attack

Tsutomu IIJIMA
Mahoro SHIMURA
Jinhui CHAO
Shigeo TSUJII

The GHS Weil descent attack by Gaudry, Hess and Smart was originally proposed to elliptic curves whose function fields of characteristic two. In this paper, we consider GHS Weil descent attacks to algebraic curves whose function fields are Galois extensions of the rational function field. Lower bounds of genera of the function fields of their Weil restrictions are obtained when the function fields of the curves are tame Galois extensions. This class of curves can be divided into cyclic Galois extensions which contain superelliptic curves as a special case and non-cyclic Galois extensions which contain C ab Curves. If we restrict ourselves to genus four or three cases, there are only two such C ab Curves: C 92, C 43. Therefore, a detailed analysis on security against such attacks is shown for cryptosystem based on superelliptic curves and on C 92, C 43. such Analysis is based on the above theoretical results and computational complexity comparisons between Pollard's rho algorithm, Gaudry's variant of the ADH algorithm and Gaudry-Enge version of the ADH algorithm.

(9) Performance of Prime Order Elliptic Curve Generation based on y-twist

Mayumi OBARA (The graduate school of natural science and technology, Okayama University)
Yasuyuki NOGAMI ( The graduate school of natural science and technology, Okayama University)
Yoshitaka MORIKAWA ( The graduate school of natural science and technology, Okayama University)

This paper proposes a new twist technique and then shows some necessary conditions for prime order curves in the formy2=x3 + a. Then, by combining x-twist and y-twist, we consider six elliptic curves. For these six elliptic curves, when the characteristic p of the definition field Fq satisfres that p�„3 and 3�b(p - 1),we show that it is possible for only two elliptic curves among the six curves defined over Fq, q = p2i3j to have prime orders, I, j are non-negative integers. Then, we show an example of prime order curve. After that, compared to the complex multiplication method, we evaluate the performance of the proposed method.

(10) Defeating Simple Power Analysis on Koblitz Curves

Katsuyuki OKEYA
Tsuyoshi TAKAGI
Camille VUILLAUME

Koblitz curves belong to a special class of binary curves on which the scalar multiplication can be computed very efficiently. For this reason, they are suitable candidates for implementations on low-end processors. However, such devices are often vulnerable to side channel attacks. In this paper, we propose two countermeasures against side cannel attacks on Koblitz curves. Both of them utilize a fixed-pattern recoding to defeat simple power analysis. Our first technique extends a known countermeasure to the special case of Koblitz curves. In our second technique, the scalar is recoded from left to right, and can be easily stored or even randomly generated.

(11) Development of power analysis evaluation platform for 32bit processor

Koichi FUJISAKI (Corporate Research and Development Center, Toshiba Corporation)
Hideo SHIMIZU ( Corporate Research and Development Center, Toshiba Corporation)
Atsushi SHIMBO ( Corporate Research and Development Center, Toshiba Corporation)

There is problem that we can't evaluate threats or countermeasures of the attacks in papers, because there is no standard evaluation platform for side channel attacks. So the temper-resistance standardization research committee, established by INSTAC(Information Standardization Center) within the Japanese Standards Association(JSA),designed a specification of evaluation platform with 32bit CPU. This paper reports the actual experiment of DPA(Differential Power Analysis)against DES and SPA(Simple Power Analysis)against RSA using a board based on the specification.

(12) Study of the Incident Tendency Detection Method on Frequency Analysis

Hirofumi NAKAKOJI (Systems Development Laboratory, Hitachi, Ltd.)
Masato TERADA ( Systems Development Laboratory, Hitachi, Ltd.)
Kenichi SAKAMOTO ( Central Research Laboratory, Hitachi, Ltd.)

It may have the periodic character in the virus, worm and unauthorized access, which form a threat on a network according to the factors, such as a routine work and a rhythm of life. For this reason, although it is thought that periodicity will be appear in the event logs observed by the intrusion detection system or the firewall system day by day, most analytic reports about the periodicity are not exhibited. In this paper, we refer the periodic characteristics of the typical worm, which forms a threat with performing characterization based on periodicity to event log of the firewall system actually observed on the Internet.

(13) A Study on Host Profiling for Incident Analysis

Kazuya OHKOUCHI
Kenji RIKITAKE
Koji NAKAO

Profiling is a process to disclose implicit characteristics of a pre-processed data set as the attribute columns. In this paper, we first propose the issues to resolve and applicable scenarios for profiling the implicit characteristics of a security attack based on the packet-capture logs including the IP address of the attacking of source. We then show a specific example of a DDoS attack analysis, which disclosed implicit characteristics of the involving computer virus by applying the proposed profiling method.

(14) A Simulation-based UDP Traffic Analysis of DNSSEC

Kenji RIKITAKE (Security Advancement Group, NICT, Japan)
Koji NAKAO ( Information Security Department, KDDI Corporation)
Shinji SHIMOJO ( Cybermedia Center, Osaka University)
Hiroki NOGAWA ( Information Center for Medical Sciences, Tokyo Medical and Dental University)

DNSSEC, an authentication method of DNS (Domain Name System), increase the payload length of DNS answer datagrams by adding digital signatures. The payload-length increase causes fragmentation and larger loss rate of the IP datagrams which carry the DNS UDP payloads, and reduces the reliability of DNS resolver-server transactions. In this paper, we propose a model of the length distributions of DNS UDP payloads estimated from real-world traffic samples and recalculation of the payload length values after adding DNSSEC signatures. We then propose the network traffic simulation procedure to estimate the rates of loss and fragmentation of IP datagrams between DNS resolvers and servers.

(15) Research of Epidemiologic Approach for Anti Computer Viruses - 2 ? Application on a model of anti mass-mail viruses ?

Satoshi SEKI (Global Information and Telecommunication Institute, Waseda University:: School of Engineering, Tokyo Denki University)
Ryoichi SASAKI ( Graduate School of Asia-Pacific Studies, Waseda University)
Mitsuru IWAMURA ( Tokyo Denki University)
Hiroshi MOTOSUGI ()

Epidemiologic methods that are the research technique of the living thing field are applied to the anti-virus of mass mail type from various similarities of the computer virus of the living thing field. Infection is not noticed easily as for the computer virus of the mass mail type because direct damage is not given to the user of infected PC too much, and expecting measures and disinfestation by the user is not suitable. We propose the concept of the method of converting the destination port of SMTP in LAN and the method of controlling the traffic of the virus with the gateway under a specific condition as measures techniques for not depending on the user, and we confirm whether the simulation that is one of the theoretical epidemiology techniques can be applied to the verification of the effect by these measures techniques.

(16) Extension and Evaluation of Check Function for Improper Sending of Personal Information in Encrypted Mail System

Kenji YASU (Tokyo Denki University)
Yasuhiko AKAHANE ( Nippon System Development Co., Ltd.)
Masami OZAKI ( Hitachi Infonet Co., Ltd.)
Koji SEMOTO ( Diamond Computer Service Co., Ltd.)
Ryoichi SASAKI ( Tokyo Denki University)

We have been developing the system to check the improper sending of personal information in encrypted e-mail system. This system could not check improper sending of personal information, if mail was encrypted with weal cryptography before encrypting with S/MIME. We have designed and implemented a system for solving such problems using POPFile software which was based on Bayesian theory and developed to check the Spam mail. Experiments to detect personal information were concluded using the implemented system, and we were able to confirm the basic effectiveness of the system. This paper reports on those results.

(17) Guardian watch support system for the children's Web access

Tasumi UEDA (Graduate school of information Science and Technology, Hokkaido University)
Yoshiaki TAKAI ( Information Initiative Center, Hokkaido University)

The Internet is very widespread in late years, and children's acquiring information from the Internet has increased. There is danger of encountering the problem that a defamation remark is done on the mis-sending individual information by contact to not the intention by tracing the link but harmful information and the operation mistake and bulletin boards, etc. and control doesn't attach though profitable can be obtained in the Internet. It explains the guardian watch support system that supports the protection of children in this paper from harmful Web contents, and deepens of understating to guardian's children in addition, and mounting and the operation experiment with Windows are described.

(18) Sharing and Circulation of Nonwritten Cultural Materials in COE

Keiko KINOSHITA
Yasuhiro INAZUMI
Hirotsugu KINOSHITA
Tetsuya MORIZUMI

Recently, the research of Ontology has come to be performed actively in the field of the knowledge system. Commonness and Mutual agreement are enumerated as a character of Ontology. But, Ontology is constructs neither the meaning nor the intention of the different object world. Therefore, it is necessary to define meaning information based on Ontology and the extraction of intention specifying and systematically. Ontology Construction offers an effective base in the knowledge processing. The contribution concerning intellectual information processing that centers on sharing and circulation of knowledge is expected. This paper is Ontology Construction was done based on the theory of Ontology Basic theory of Kanagawa University 21st Century COE Program "Systematization of Nonwritten Cultural Materials for the Study of Human Societies" . The possibility of Sharing and Circulation of Nonwritten Cultural Materials is discussed with effectiveness by the considered thing.

(19) Systematizing of Information Forensics

Kouichi MUKOUYAMA (INSTITUTE of INFORMATION SECURITY)
Katsuya UCHIDA ( INSTITUTE of INFORMATION SECURITY)

It can be said that the environment for which our country can easily use the computer system network by the IT advance in technology is in order. However, the case that has been rolled in the computer crime in the place where the user doesn't know comes to be seen here and there. This can be said that the user should recognize the behavior of the self, and it proves validity. Moreover, how the computer system network in the organization corporate is used should be managed and be audited duly though begins to be recognized the importance of the security audit from the viewpoint of internal management in the organization corporate. It is an activity that examines from the viewpoint as the extension of the audit of the enterprise and the organization for the trial, and systematizes the a series of action in information law department study (Information Forensics). In the main discourse, it was an Australian standard when the systematization of the information law department study was considered, and "Guidelines for the management of IT evidence" (HB171-2003) was investigated, and it was considered what to examined for evidence collection in the future.

(20) Consideration about intellectual property rights in university graduation thesis and production created by students ? Case Study in Faculty of Software Engineering, Iwate Prefectual University ?

Ryuju HAMADA (Graduate School of Information Sciences, Tohoku University)
Norihisa SEGAWA ( Faculty of Software and Information Science)
Yuko MURAYAMA ( Faculty of Software and Information Science)

In recent years, at the university in Japan, the rule for dealing with intellectual property rights is defined, and there is a tendency by which a clear indicator is shown about maintenance of intellectual property headquarters, the handling of the personnel's duties invention, etc. However, about other kind of intellectual property rights, like copyrights, which those who are not faculty stuffs create, sufficient right processing is not performed in many universities. In this paper, we introduce and discuss the legal problems on the new rule of intellectual property agreement in Faculty of Software Information Engineering, Iwate Prefectual University. It should contribute to processing of the intellectual property rights of a graduation thesis or a graduation production created by students.

(21) The Diretion of Japan's CMVP II

Yuichi HAGIWARA (C4 Technology, Inc., Consulting Department, R&D Division)
Travis Spann ( InfoGard Laboratories, Inc.)
Tatsuaki TAKEBE ( Yokogawa Electric Corporation, Development Infrastructure Department)

As Japan now has her own e-government recommended cipher list, is seeking the possibilities to have her own Cryptographic Module Validation Program (CMVP). We investigate the original CMVP established by National Institute of Standards and Technology (NIST) and Communications Security Establishment (CSE) as well as transition plans proposed by the Information-Technology Promotion Association Japan (IPA), and suggest the most beneficial directions.

(22) On the Standardization of Information Security ? Report on the Vienna Meeting in April, 2005 ?

Atsuko MIYAJI (JAIST)
Takeshi CHIKAZAWA ( Mitsubishi Electric Corp.)
Toshio TATSUTA ( IBM Japan, Ltd.)
Akira OTSUKA ( IPA/AIST)
Kan YASUDA ( NTT)

Secure information systems are absolutely required in various situations. The international standardization is one of the important factors for the spread of secure systems. The purpose of the ISO/IEC JTC 1/SC 27/WG 2 is giving the international standardization for technology of information security such as algorithms and protocols. In this report, we explain the present issues of ISO/IEC JTC 1/SC 27/WG 2 and report the recent meeting results held at the Vienna in April 2005.

(23) Oblivious Signature, Revised

Nobuyuki SHIINA
Takeshi OKAMOTO
Eiji OKAMOTO

An oblivious signature scheme consists of three entities: a signer S, a recipient R and a verifier V. In this scheme, R can obtain k signatures from n messages whereas S cannot know which messages R close. Therefore, such a scheme can be used to keep the user's privacy. In this paper, we formalize the notion of oblivious signature and propose two efficient schemes: DSA and ECDSA based schemes. We also give the relation between oblivious signatures and oblivious transfer. Finally, we discuss the properties of our schemes by evaluating communication cost, computational cost and so on.

(24) Partially Blind Signatures with Traceability

Koji CHIDA (NTT Information Sharing Platform Laboratories)
Miyako OHKUBO ( NTT Information Sharing Platform Laboratories)
Osamu SHIONOIRI ( NTT Information Sharing Platform Laboratories)
Ichizo NAKAMURA ( NTT Information Sharing Platform Laboratories)
Atsushi KANAI ( NTT Information Sharing Platform Laboratories)

Until now, it is not sufficiently discussed about how to construct a provably secure "partially blind signature with traceability" (PBST) by which functions of both the partially blind signature and the fair blind signature. This paper describes an application that the function of PBST is actually demanded, and specifically defines PBST and some security requirements of it. Subsequently. This paper proposes two kinds of PBST protocols and then considers the security of these according to the security requirements where they area previously defined.

(25) Proposal on SUMI coating method which can change the coating parts to protect against insider attacks

Takanobu MASUBUCHI (School of Engineering, Tokyo Denki University)
Hajime NAKAMURA ( School of Engineering, Tokyo Denki University)
Saneyuki ISHII ( School of Engineering, Tokyo Denki University)
Noriko OGAWA ( School of Engineering, Tokyo Denki University)
Hiroshi KASHIMURA ( School of Engineering, Tokyo Denki University)
Ryouichi SASAKI ()

Digital signatures do not allow any alternation of a document. However, for some signed documents ‚’r' appropriate' ' alteration should be allowed when other security concerns arise. Disclosure of official information is a typical example of this. Such sensitive information as private information, when it is disclosed, should be sanitized from the original digitally signed document. ‚’r' The digital document sanitizing problem' ' occurs when the signed document cannot be verified since part of the signed document is concealed. The already proposed sanitizing scheme[4] can solve the digital document sanitizing problem. In this paper we assume the acceptance of a suggestion to change the sanitizing phrase. We proposed on SUMI coating method which can change the coating parts to protect against insider attacks.

(26) Exact t-out-of-n Signer-Ambiguous Signature

Eiichiro FUJISAKI (NTT Laboratories)
Koutarou SUZUKI ( NTT Laboratories)

We propose a novel threshold ring signature scheme, where the verifier can be convinced that the signatures, as ordinary threshold (ring) signatures, were produced by collaboration of at least t anonymous signers (among n possible signers), while he can be also convinced that the number of the collaborators was at most t' (t �… t'). We formalize the notion of this threshold signature scheme, denoted a (t, t', n)-ranged threshold signature scheme. In case t = t', we call it an exact t-out-of-n threshold signature scheme. Our scheme can be constructed based only on an ordinary discrete-logarithm setting. No stronger primitives such as pairing cryptosystems are necessary.

(27) An (N, K) Threshold Signature Scheme with Public Keys of Small Size

Masao KASAHARA (Osaka Gakuin University)
Ryuichi SAKAI ( Osaka Electro-Communication University)

In this paper, we propose a new class of threshold group signature schemes. In this scheme the group signature can be constructed when the K members among N members of the group G agree to sign a message, where K is an appropriately chosen member. We show that in our proposed scheme, the total size of the public keys for the group signature scheme can be made very small even when the number of group members takes on the large value. In a modified version of our proposed scheme, a large fraction of public keys of both center and members can be substituted by a public hash function whose input variables are ID information of center and members. We also show that, by assuming the existence of independent centers who are not cooperative, any person including a center who was strongly involved when generating the public and secret keys of all the individual members and the group G itself, cannot forgery the publicized group signature signed by the K members of the group G.

(28) Meta Ring Signature

Hiroyuki OKAZAKI
Ryuichi SAKAI
Masao KASAHARA

In this paper, we propose a new concept "Meta Ring Signature" . Suppose that a signature text work as a public key, we may achieve a new digital signature "Meta Signature" such that, the signer of a signature text, in this paper we call basic signature, can sign on to another message by using the basic signature text as the public key of Meta signature scheme. First, we present a concept of Meta Ring Signature such that both basic signature and meta signature are Ring Signature. We then show the example of the way how to construct Meta Ring Signature from LSAG signature and it's application.

(29) An Information Hiding System for Word 2003 XML Documents

Muneyuki KITANO
Hidetaka MASUDA
Hiroshi NAKAGAWA

We are considering an information hiding technique for the following situation: 1) The original writer applies the digital signature to the part of the document where she /he wants to protect. 2) The signature will be embedded in the entire document itself without being noticed by the relayed third party. 3) After the final recipient received it, she/he can detect whether the protected portion is tampered or not. Our target is XML format document which can be output by the widely used editor: Microsoft Word 2003. We propose technique which is hard for third party to perceive whether some data are embedded by an information hiding system with modifying color attribute of XML element, even if the document with the embedded information was displayed on Word 2003. We implemented a prototype system which embeds the hidden information and detects whether tampered or not.

(30) A Note on Application of Program Obfuscation Scheme using Random Numbers to Complicate Control Flow

Tasuya TOYOFUKU (Graduate School of Information Science and Electrical Engineering, Kyushu University)
Toshihiro TABATA, Kouichi SAKURAI ( Graduate School of Natural Science and Technology, Okayama University)

For the security technology that has been achieved with software in the computer system and the protection of the intellectual property right of software, software protection technology is necessary. One of that technique is called obfuscation. Which converts program to make analysis difficult while preserving its function. In this thesis, we examine the applicability of our program obfuscation scheme to complicate control flow and study the tolerance against program analysis.

(31) A Text hiding by Visual Secret Sharing with Natural Images

Takashi MIYAKI (Graduate School of Informatics, Shizuoka University)
Kazuya SHIODA ( Graduate School of Science and Engineering, Shizuoka University)
Hideki YOSHIDA ( NTT Data Corp.)
Masaharu OZAWA ( ChanceLab. Corp.)
Masakatsu NISHIGAKI ( Faculty of Informatics, Shizuoka University)

The information in digital document can flow out easily by copy & paste, print out, etc. "Text Secret Sharing Scheme Using Visual Secret Sharing" which have proposed by the authors is a solution to the problem. In this scheme, the secret text image can be perceived by displaying two or more random dot images in rapid succession. In each random dot image, information on the text image doesn't exist at all. This paper improves the scheme so that the secret text image can be perceived with "Natural images" instead of random dot images. In this paper, the prototype system is implemented and a basic experiment is carried out.

(32) Evaluation of Memory Protecting Scheme in Multitask OSes ? A Cryptographic memory System for Resource-poor Platforms & Tampering Detection ?

Yu INAMURA (Multimedia Laboratory, NTT DoCoMo, Inc.)
Toru EGASHIRA ( Multimedia Laboratory, NTT DoCoMo, Inc.)
Atsushi TAKESHITA ( Multimedia Laboratory, NTT DoCoMo, Inc.)

The authors have been proposing a method, called Cryptographic Memory System (CMS), to protect the data stored in the address space of a process in the typical modern multi-task operating systems. Recently we have reported two new schemes, one of which optimizes the kernel memory usage by decreasing the number of the keys used and the other makes it possible to detect the tampering attack from another process. Here we will present a new proof-of-concept implementation for these new schemes integrated and also reveal the evaluation results from this implementation.

(33) A description model for data access control in Salvia operating system

Yoshimi ICHIYANAGI (Graduate School of Science and Engineering, Ritsumeikan University)
Kazuhisa SUZUKI ( Graduate School of Science and Engineering, Ritsumeikan University)
Koichi MOURI ( College of Information Science and Engineering, Ritsumeikan University)
Eiji OKUBO ( College of Information Science and Engineering, Ritsumeikan University)

The Leakage of privacy information such as customer's information in the computers of enterprises becomes a serious problem, because the Personal Data Protection Act has been enforced. We have been developing a privacy-aware operating system Salvia to prevent user programs from leaking privacy information. To protect privacy information, it is necessary that users can specify the policy to protect their information from leaking. In Salvia, users specify contexts and access authorities in the protection policy so that they can decide how to protect their information. Contexts consists of parameters that represent "Who" , "When" , "Where" , and "How" to use data. Access authorities consist of permissions of each system call.

(34) A Case Study of Gordon-Loeb Model on Optimal Security Investments

Kimio KURAMITSU

Gordon and Loeb (2002) presented an economic model of characterizing an optimal investment in information security. The model provides us with a persuasive insight, but the security breach probability functions introduced in their paper are too abstract to evaluate an actual information system. We have developed an incremental simulation method of the function to analyze the target system. One of the new findings is that an optimal investment depends on the order of security measures. In addition, we will show that our method provides us a useful measure to better composition of security functions. This paper will report the Incremental Gordon-Loeb method with a case study.

(35) A Group Key Management Scheme for Secure Multicast Increasing Efficiency of Key Distribution in Leave Operation

Alireza NEMANEYPOUR (The University of Electro-Communications, Graduate School of Information Systems)
Kazuya KUMEKAWA ( The University of Electro-Communications, Graduate School of Information Systems)
Toshihiko KATO ( The University of Electro-Communications, Graduate School of Information Systems)
Shunichi ITOH ( The University of Electro-Communications, Graduate School of Information Systems)

This paper proposes an efficient model and the associated algorithm for the group key management in secure multicast. In our model, the group key is built using secret values (secret keys) assigned to individual members. This inverse values of the secret keys are also used for key management. When a new member joins a group, the group key is changed by key server, and the new group key and the inverse value of the new member are sent to members by exploiting IP multicast. When a member leaves, the key server only informs remaining members who is leaving. Then, the group key is changed by each of the remaining members using the inverse values. In this way, we have shifted changing the group key from the server side to users' side. Using this model, we can change the group key efficiently after a leave. In this model, each member of the multicast group needs to keep the inverse values of the other members except its own. In order to reduce the number of the inverse values which each member needs to keep, we use a hierarchical approach for this model. In this approach, the group is divided into some subgroups logically. This paper describes the details of our model and algorithm.

(36) Murakami-Kasahara ID-based Key Sharing Scheme Revisited

Yasuyuki MURAKAMI
Masao KASAHARA

In Sept. 1990, the present authors firstly discussed DLP over composite number and presented an ID-based Key Sharing Scheme referred to as MK1. In 1991, Maurer and Yacobi presented the similar scheme, referred to as My, which is similar to our scheme, MK1. Unfortunately the schemes MK1 and MY are not secure, In Dec. 1990, the present authors presented a secure ID-based key sharing scheme referred to as MK2. With a rapid progress of computer power for a last 15 years, our proposed scheme would have more chance to be applied practically. Regrettably, it is not widely known the fact that (i) the schemes MY and MK1 are not secure, (ii) there exists a secure scheme, MK2. At this time, present authors review MK2 and clarify the difference between MK2 and other schemes from the standpoint of security.

(37) Efficient N-Party Password-based Authenticated Key Exchange Protocol

SeongHan SHIN (Institute of Industrial Science, The University of Tokyo)
Kazukumi KOBARA ( Institute of Industrial Science, The University of Tokyo)
Hideki IMAI ( Institute of Industrial Science, The University of Tokyo )

In this paper, we propose an efficient N-party password-authenticated key exchange (so-called N-PAKE) protocol after showing the intermediate step. For that. We propose another 3-party PAKE protocol that is a basis of the N-PAKE protocol. The N-PAKE protocol is remarkably, efficient rather than the previous works and a per-client computational cost is independent on the group size. Specifically, each client involved in the protocol is required only four exponentiations and some negligible operations.

(38) Relations Among Notions of Security for Identity Based Encryption Schemes

Peng Yang
Goichiro HANAOKA
Yang Cui
Rui Zhang
Nuttapong Attrapadung
Kanta MATSUURA
Hideki IMAI

We prove the equivalencies among indistinguishability, semantic security and non-malleability under adaptive chosen identity and adaptive chosen ciphertext attacks. It relies on these equivalencies that the researches on identity based encryption schemes are blossoming over past several years. We also describe formal definitions of notions of security for identity based encryption schemes.

(39) On a secure circuit evaluation protocol using ElGamal encryption

Go YAMAMOTO
Koji CHIDA
Anderson NASCIMENT
Koutarou SUZUKI
Shigenori UCHIYAMA

We propose a protocol for implementing secure function evaluation based on the homomorphic threshold ElGaml encryption scheme. To the best of our knowledge, our solution is more efficient in terms of computational complexity than previous solutions existent in the literature.

(40) An efficiently-verifiable zero-knowledge argument for proofs of knowledge

Go YAMAMOTO
Eiichiro FUJISAKI
Masayuki ABE

We present zero-knowledge interactive arguments for proofs of knowledge in which the communications traffic and the amount of computation and storage for the verifier are much smaller than the size of prover's knowledge. In black box simulation zero-knowledge proofs, it is strongly unlikely that there is an interactive protocol such that the communications traffic is smaller than the size of prover's knowledge. To realize such a protocol, we introduce a few non-standard computational assumptions, which are factoring versions of non-standard assumptions that appeared in [2], [4], [8]. Our zero-knowledge simulator and knowledge extractor for the proposed protocols are both constructed in a way of "non-black-box simulation" .

(41) Development of a certificate path cache method for Certificate Validation Service

Yoko HASHIMOTO (Hitachi, Ltd.)
Takahiro FUJISHIRO ( Hitachi, Ltd.)
Tadashi KAJI ( Hitachi, Ltd.)
Shingo HANE ( Hitachi, Ltd.)
Satoru TEZUKA ( Hitachi, Ltd.)

Recently, many certification authorities (CAs) have been built as the base of an electronic commerce and an electric application. In the Japanese Government, many certification services including the Government Public Key Infrastructure (GPKI) have been launched. Because of such many CAs like GPKI, there is problem that the certificate validation processing is complicated. Therefore, we proposed the Certificate Validation Server (CVS) which provides certificate validation service to users. Users can validate the certificate simply and fast by using CVS. We propose the certification path cache from as a technique which speeds up validation processing more. And we report a result of an examination of the way of managing certification pass cashes.

(42) A Status Detection of Secure Communication in Secure Service Platform

Osamu TAKATA (Hitachi, Ltd.)
Yuko SAWAI ( Hitachi, Ltd.)
Kazuyoshi HOSHINO ( Hitachi, Ltd.)
Tadashi KAJI ( Hitachi, Ltd.)
Keisuke TAKEUCHI ( Hitachi, Ltd.)
Takahiro FUJISHIRO ( Hitachi, Ltd.)
Satoru TAKEUSHI ( Hitachi, Ltd.)

SSP (Secure Service Platform) is a platform that mediates secure communication. The secure communication using SSP needs two steps. First, the two entities negotiate through SSP. Second the entities exchange encrypted application data without SSP mediation. To detect status (e.g. start and end) of secure communication, SSP must watch both negotiation procedure and the application data exchange. This study shows the architecture of status detection in secure communication with SSP. The entities detect status of secure communication, and make communication log, and transmit the log to the SSP.

(43) Development of Combined Authentication System

Shinji HIRATA (Hitachi, Ltd., System Development Laboratory)
Masahiro MIMURA ( Hitachi, Ltd., System Development Laboratory)
Kenta TAKAHASHI ( Hitachi, Ltd., System Development Laboratory)
Yoshiaki ISOBE ( Hitachi, Ltd., System Development Laboratory)

For the spread of the services using mobile terminals, such as the E-commerce, WEB service, and so on, the user authentication of a mobile terminal is important. We cannot however use all the service with mobile terminal which has just one authentication module, because of the different requirements for authentication, like the processing time, the accuracy, etc. In this paper, we suggest the new authentication system, namely Combined Authentication System, that combines different authentication module, biometrics, password, etc., and meets the various requirements of different Services.

(44) A Framework of Remote Biometric Authentication with Assuring Validity or Personal Repository

Yoshifumi UESHIGE (Institute of System & Information Technology/KYUSHU)
Kouichi SAKURAI ( Department of Computer Science and Communication Engineering, Kyushu University)

Biometric authentication is remarkable with respect to identification legitimate users. Biometric authentication is hopeful of service on the internet as reinforcement for conventional authentication such as ID and password, however, biometric information ?acquisition raw data and template data- is unrenewable even though the data is compromised. We propose a framework of online biometric authentication with verification of validity of user's personal repository based on PKI. In this framework, information of biometrics authentication (certificate of templates) is related to not process by verifying validity of the user's personal repository.

(45) On Shared Attribute Certification

Tsutomu MATSUMOTO (Graduate School of Environment and Information Sciences, Yokohama National University)
Junji SHIKATA ( Graduate School of Environment and Information Sciences, Yokohama National University)
Takenobu SEITO ( Graduate School of Environment and Information Sciences, Yokohama National University)
Takahiro FURUE ( Graduate School of Environment and Information Sciences, Yokohama National University)
Makiko UEYAMA ( Graduate School of Environment and Information Sciences, Yokohama National University)

In this paper, we extract and study the basic scheme about the shared attribute certification in consideration of user's privacy protection that the entity, which certificates user's identity, does not have all of the user's information. That is, we show a basic model of shared attribute certification. Which introduce shared attribute authorities and the modules called user assistant. In this model, the shared authorities manage the user's attribute information by using secret sharing schemes, and the user assistants, which can select the range about the user's attribute information for generating the attribute credentials. In addition, we propose a basic protocol of shared attribute certification.

(46) Critical cryptoanalysis for Y-00

We clarify our claim that Y-00 protocol, which was proposed as a protocol achieving "secure communication based on quantum noise" , does not actually provide higher security than a classical stream cipher. We have already discussed the claim in our previous paper [1] but we found that there are still misunderstanding on our argument. In the present article, we describe the essence of our idea in a bit more formal way than our previous paper.

(47) Cheater Identifiable Quantum Secret Sharing Schemes

Yumiko MURAKAMI
Masaki NAKANISHI
Shigeru YAMASHITA
Katsumasa WATANABE

In this paper, we show that there exists a cheater identifiable (k, n) threshold secret sharing schemes for a quantum secret. Suppose that there are at most t cheaters (k�†3t + 1), k ore more participants can identify who are cheating. Our scheme utilizes authentication codes based on an orthogonal array and stabilizer codes, which are unconditionally secure. Moreover, we discuss the relation between n and t.

(48) Improvement of the Security against Photon Number Splitting Attacks

Yoshifumi NISHIDA (Graduate School of Science and Technology, Kobe University)
Hidenori KUWAKADO ( Faculty of Engineering, Kobe University)
Masakatsu MORII ( Faculty of Engineering, Kobe University)
Hatsukazu TANAKA ( Kobe Institute of Computing)

Since it is difficult for practical optical devices to output a single-photon pulse, a weak laser pulse is often substituted for it in implementations of a single-photon quantum key distribution protocol. It should be noted that the use of the weak laser pulse allows an adversary to eavesdrop communications by photon number splitting attacks. To improve the security against photon number splitting attacks, we propose a quantum key distribution protocol such that the probability that a sender chooses a base from two bases is not 1/2. It follows that the adversary can guess the chosen base with probability greater than 1/2. Hence, the choice with the unequal probability has not been used in single-photon quantum key distribution protocol. However, we show that the choice with the unequal probability is effective in improving the security against photon number splitting attacks and the guess attack in terms of the amount of transmitted bits for generating the key.

(49) Analysis on the Clockwise Transposition Routing for Dedicated Factoring Devices

Tetsuya IZU
Noboru KUNIHIRO
Kazuo OHTA
Takeshi SHIMOMURA

Recently, dedicated factoring devices have attracted much attention since it might be a threat for a current RSA-based PKI. In some devices, the clockwise transposition is used as a key technique, however, because of the lack of theoretic proof of the termination, some additional circuits are required. In this paper, we analyze the packet exchanging rule for the clockwise transposition and propose some possible alternatives with keeping the "farthest-first" property. Although we have no theoretic proof the termination, experimental results show actual availability in the clockwise transposition. We also propose an improvement on the routing algorithm for the relation finding step, which establishes two times speed-up.

(50) Improved Collision Attack on MD4 with Probability Almost 1

Yusuke NAITO (The University of Electro-Communications)
Yu SASAKI ( The University of Electro-Communications)
Noboru KUNIHIRO ( The University of Electro-Communications)
Kazuo OHTA ( The University of Electro-Communications)

In EUROCRYPT 2005, a collision attack on MD4 was proposed by Wang et. al.. Wang et. Al. Claimed that collision messages are found with probability 2-6 to 2-2 , and the complexity is less than 28 MD4 hash operations. However, there were typos and oversights in the method of Wang et. al.. In this paper, (1) We will evaluate the exact success probability again, (2) We will pint out the typos and oversights in Wang's method, and (3) We will new message modification in third round of MD4. From (1), we proved that the method of Wang et. al. Can find collision messages with success probability 2-5.61 . From (2), we are able to find collision messages with the probability 2-2 . Also by combining the results of (2) and (3), our improved method is able to find collision messages with the probability al0most 1. This complexity is less than 3 repetitions of MD4 hash operations. We confirmed that the improved method is about 85 times as fast as method of Wang et. al.

(51) 1-out-of-L E-voting System with Efficient Computational Complexity Based on r-th Residue Encryption

Yong-Sork HER (Graduate School of Information Science and Electrical Engineering, Kyushu University)
Kenji IWAMOTO ( Graduate School of Information Science and Electrical Engineering, Kyushu University)
Kouichi SAKURAI ( Faculty of Information Science and Electrical Engineering, Kyushu University)

In this paper, we propose an e-voting system with a ballot-cancellation property. The exited voting systems had overlooked about the ballot cancellation scheme. There is the reason that the ballot is cancelled according to an election law. For example, when a right of casting the ballot is Election Day, the ballot-cancellation scheme is needed for an absentee voter. Usually, the absentee voter casts a ballot before Election Day. If the absentee voter which cast a ballot die or lost the right of casting the ballot before Election day, the ballots of absentee voters should be cancelled according to the election law. When ballot is cancelled. The ballot-cancellation scheme should satisfy privacy and verifiability. Cramer et al. proposed a very efficient multi-authority election schemes which guarantee privacy, robustness, and universal verifiability at Eurocrypt'97. Yamaguchi et al. pointed out that the e-voting system based on multi-party has much computing resources, and proposed the two-centered e-voting protocol based on r-th residue encryption and RSA cryptosystem. However, their system is just yes-no voting. First, we propose a 1-out-of-L e-voting based on Yamaguchi et al.'s scheme. Second, we extend this 1-out-of-L e-voting to the ballot-cancellation scheme.

(52) New Construction of Anonymous Communication Scheme with Return Receipt

Shinji YAMANAKA

Proof of delivery (or return receipt) is a certificate of reception on network transaction from message sender to receiver. Anonymous communication system can hide ones action such as data transfer or communication on the network, which will protect privacy of the correspondents. These two properties, delivery certificate and anonymity, are very useful for online activity. However it is not easy to build a system which has both two properties without Trusted Third Party or without confidence of message receiver. We propose a new construction of such anonymous communication scheme with return recipient, and we consider the anonymity of our scheme and compare the message size of our scheme with that of Onion Routing scheme.

(53) Reducing Communication Complexity of the Private Data Retrieval Protocol with Consistent Results

Satoshi NAKAYAMA
Maki YOSHIDA
Shingo OKAMURA
Akira FUJIWARA
Toru FUJIWARA

A data retrieval protocol between a database server, who has a database, and a user, who has an index, allows the user to obtain an item in the database. Security requirements for data retrieval are the privacy of a user, the privacy of the database server, and the consistency of an answer. We have proposed a data retrieval protocol which satisfies the three security requirements. The server uses Merkle tree to generate a commitment and a proof which enable the user to verify the consistency of an answer, and publishes the commitment. The user executes Oblivious transfer (OT) with the server to obtain not only the item but also the proof. To make the protocol efficient, the server transforms a query for the item into a query for the proof and uses it. However, the size of an answer for a query obtained by transformation is linear in the size of database. That is, the previous protocol is inefficient. In this paper, we propose an efficient OT such that the size of an answer for the query obtained by the transformation is not linear in the size of the database, and realize an efficient data retrieval protocol by using the proposed OT.

(54) A note on cryptographic schemes using collision-resistant functions based on factoring

Jumpei WADA
Hajime KANZAKI
Shoichi HIROSE
Susumu YOSHIDA

A many-to-one function is called collision-resistant if it is infeasible to find two distinct inputs which correspond to the same output. Collision-resistant functions are used for a lot of cryptographic schemes such as encryption, digital signature and identification. In this paper, we consider a few cryptographic schemes using two collision-resistant functions based on factoring: The Schmidt-Samoa function and the Shamir-Tauman function. First, we consider commitment schemes using these functions and discuss the security of the schemes. We also compare them with the one using a collision-resistant function based on discrete logarithm. Then, we present a scheme to improve the efficiency of the fail-stop signature using the Schmidt-Samoa function for multiple messages. We also prove the security of this scheme.

(55) Security of DOM Knapsack PKC against Low-Density Attack by Computer Experiment

Takeshi NASAKO (Department of Telecommunications and Computer Networks, Osaka Electro-Communication University)
Yasuyuki MURAKAMI ( Department of Telecommunications and Computer Networks, Osaka Electro-Communication University)

The low-density attack (LDA) is an effective attack to the knapsack cryptosystems when the density is low. We proposed the DOM knapsack cryptosystem (DOM PKG) as a high-density knapsack cryptosystem in SCIS 2005. We think DOM PKG is secure against the low-density attack because the density of DOM PKG can be made above 1. In this paper, we confirm that DOM PKG is secure against the low-density attack with computer experiments.

(56) Improving the security of S-boxes in DES using Genetic Algorithm

Atsushi KOYAMA (Department of Telecommunications and Computer Networks, Osaka Electro-Communication University)
Yasuyuki MURAKAMI ( Department of Telecommunications and Computer Networks, Osaka Electro-Communication University)

As for the Feistel cipher, it is known that the security of DES depends on the strength of S-box. DES is broken with the differential attack and the linear attack. Genetic Algorithm (GA) to design secure S-boxes against the differential attack was proposed and reported. In this paper, we shall propose a new method of improving the security of S-box by using GA. We introduce a new method of the coding, the crossover, and the mutation. We also proposed a new fitness value by using sum of the maximum differential probability and maximum linear probability. We confirm that the proposed GA is effective to design S-boxes which have a higher security than usual against both of the differential attack and the linear attack.

(57) Improvement of the False Negative Error Probability for Correlation Based Watermark Detection Ensuring the False Positive Error Probability

Takaaki FUJITA (Graduate School of Information Science and Technology, Osaka University)
Kunihiro OKAMOTO ( Graduate School of Information Science and Technology, Osaka University)
Maki YOSHIDA ( Graduate School of Information Science and Technology, Osaka University)
Toru FUJIWARA ( Graduate School of Information Science and Technology, Osaka University)

To use result of watermark detection, a detection error probability is required to be low enough. We have derived a property satisfied commonly by correlation based watermarking schemes, and have proposed a method to ensure the false positive error probability for correlation based watermarking scheme. The watermark detection is regarded as a hypothesis testing of the hypothesis on the derived property in the method. In general hypothesis testing, the false negative error probability can be reduced by employing a large sample size while ensuring the false positive error probability. However, in the method, a large sample size cause increase of the false positive error probability, that is, the false positive error probability is not ensured. In this paper, we solve this problem and propose and method to ensure the false positive error probability for correlation based watermarking which reduces the false negative error probability.

(58) A secure Reversible Watermark Using Predictive Coding

Minoru KURIBAYASHI
Masakatsu MORII
Htsukazu TANAKA

The watermark that restores the exact original image from the watermarked one is called reversible watermark. Firstly, the LSB data embedding method had been proposed and the variants using integer transform and wavelet transform were proposed. In this paper, a watermark is embedded into prediction errors calculated using a predictive coding technique in JPEG-LS to increase the information to be embedded with less degradation. Since the predictor is strongly dependent on the previous pixel value, a tiny change in one pixel value propagates to the following prediction values. Based on the property, we propose a secure reversible watermarking scheme such that a watermark cannot be recovered without a secret key used at the embedding operation.

(59) On Multiple-bit Embedding in Asymmetric Watermark

Mitsuo OKADA (Graduate School of Engineering, Tokai University)
Hiroaki KIKUCHI ( Graduate School of Engineering, Tokai University)

A new method of efficient multi-bit asymmetric watermark algorithm is proposed in this paper. Our methodology applies to the achievement of efficient multi-bit embedding for secure digital watermark detection that exposes no secret information to a watermark verifier. Furukawa proposed a secure watermark detection scheme [5] in 2004 using the Paillier encryption, but this method is not suitable for multi-bit embedding due to its heavy overhead in extraction processing time. We proposed a consideration for an efficient multi-bit watermark embedding method.

(60) Robust watermarking scheme for copied, rotated and clipped documents

Kurato MAENO
Masayuki SUTO

With the recent enactment of Privacy Protection Law in Japan, there has been an increasing interest in technologies for deterring information leakage in a variety of different areas. One of these technologies for deterring leakage allows users to control copiers or identify perpetrators when such incidents occur by watermarking information about who printed the document on the printed-paper. In this paper, we propose a watermarking scheme that enables synchronization on printed documents using correlation between 2-dimensional synchronization codes, in which Gabor filters are used for pattern detection. The experimental results indicated that, compared to traditional schemes, our watermarking scheme is much more effective for deterring information leakage by enabling higher robustness against copying, rotating and clipping of documents while preserving image quality.

(61) An Implementation of Partial Integrity Assurance Technology for Image Data

Masahiko TAKENAKA (FUJITSU LABOR/ATORIES LTD.)
Takashi YOSHIOKA ( FUJITSU LABOR/ATORIES LTD)

We report that the Partial Integrity Assurance Technology (PIAT), proposed in FIT2004 by us, can be applied to compressed image files such as JPEG. In this paper, we propose the technology the assurance of partial integrity of the image data. And even if the part of the image is changed or is sanitized, the integrity of the other path can be assured. In addition, we implement a prototype of this technology. Images that are put on a paper scanner are signed with our prototype, and a part of the image is sanitized. Therefore, we can detect and indicate the changed part and can confirm constancy in other parts.

(62) Study on an Anti-Tracking RFID Tag System

Atsushi SAKAI (FUJITSU LABOR/ATORIES LTD)
Masahiko TAKENAKA ( FUJITSU LABOR/ATORIES LTD)

We study on an anti-tracking RFID tag system. An ordinary RFID tag sends out a fixed tag-ID signal. Therefore, users with the tags can be tracked and their privacy information can be identified by cooperation of the plural RF-ID observers. An ordinary RF-ID system has these problems, so that an anti-tracking function is required in the system. In this paper, we propose protocols using tags with one-time anonymity ID. Therefore study and evaluate anti-tracking and anonymity on our RF-Id tag system.

(63) Proposal and evaluation of digital forensic logging system using USB Device

Yuki ASHINO (Tokyo Denki University)
Hirohito KOKAWA ( Tokyo Denki University)
Tsukasa SATO ( Tokyo Denki University)
Ryoichi Sasaki ( Tokyo Denki University)

With development of Internet society, Digital Forensic which is the technology and social structure to prepare digital evidence for a lawsuit attracts against illegal attack has been paid attention recently. In order to achieve the accountability of company from now on, we thought that the evidence that financial accounting information must be not altered and that proof must be secured become important in order to cope with a lawsuit. We developed the system which use (1) USB device and (2) hysteresis signature technology, and can prove (a) that logging is obtained only when user operate the PC, (b) that log is not changed. In addition, we report the system and results evaluated by using the prototype program.

(64) A study of wireless location privacy protection considering communication quality

Hiroshi YAMANE (The University of Tokyo)
Leping Huang ( Nokia Resarch Center Tokyo)
Kanta MATSUURA ( The University of Tokyo The University of Tokyo)
Kaoru SEZAKI ()

The advance of radio-based tracking systems extends the application of location-based service (LBS), but it also threatens users' location privacy. We have proposed a method silent period to protect users' a privacy by dynamically switching on/off of radio. By this method, user receives privacy at the cost of communication time. Through simulation study, we noticed that user can only receives very limited privacy level in real environment if they don't want to disturb the Quality of Service (QoS) of their application. As a result, we extend our silent period method, which is modeled as a mix, to a mix cascade. By using the extended method, user can keep its communication quality, and guarantee high-level privacy simultaneously. Through simulation and analytical study, we found that the optimal configuration of mix-cascade which depends on environment and proved the effectiveness of mix-cascade style protection method.

(65) Personal Information Management System based on Linkability Control

Yoshinori SATO (System Development Laboratory, Hitachi, Ltd.)
Akihiko KAWASAKI ( System Development Laboratory, Hitachi, Ltd.)
Toyohisa MORITA ( System Development Laboratory, Hitachi, Ltd.)
Takashi FUKUMOTO ()

This paper proposes a personal information management system based on linkability control which divides user data into the two tables; the real name part and the pseudonym part respectively, and only the smart card can permit a join operation between the two tables. The idea could contribute to deterrence of illegal data use and reduction of damage from information leak. In this paper, we describe overview of the proposed system.

(66) Identity Control Method considering Privacy

Hajime MORITO (Systems Development Laboratory, Hitachi, Ltd.)
Akihiko KAWASAKI ( Systems Development Laboratory, Hitachi, Ltd.)
Toyohisa MORITA ( Systems Development Laboratory, Hitachi, Ltd.)
Kazuo TAKARAGI ( Systems Development Laboratory, Hitachi, Ltd.)

With the complete introduction of the law for protecting personal information in April 2005, the needs concerning protection of privacy have become ever more demanding. Accordingly, in this paper, the authors propose an "identity control" method that can (I) set the disclosure level for revealing the real name and pseudonym from the antonym according to the receiver's authority and (ii) select the real name, pseudonym or antonym according to the will of the sender.

(67) A Report on the 4th Annual PKI R&D Workshop

Kenji IMAMOTO (Graduate School of Information Science and Electrical Engineering, Kyushu University)
Kouichi SAKURAI ( Faculty of Information Science and Electrical Engineering, Kyushu University)

This paper reports the 4th Annual PKI Research Workshop held on April 19-21st, 2005 (http://http://middleware.internet2.edu/pki05/), and IEEE 1363 Study Group Meeting on Pairing based Cryptography and Identity based Encryption held on April 16th , 2005 in NIST.

---

[home]