32th CSEC Group Meeting

Date

March 16, 2006

March 17, 2006

Location

Saga University

Transportation

32th CSEC Group Meeting Program

(1) A Remote Access Method of Continuous Media Data with High Transparency and Portability Using File Systems

Masayuki Kato (Graduate School of Natural Science and Technology Okayama University)
Nariyoshi Yamai (Information Technology Center Okayama University)
Kiyohiko Okayama (Information Technology Center Okayama University)
Ryosuke Kubo (SHARP Corporation)
Toshio Matsuura (Graduate School of Creative Cities Osaka City University)

NFS-based services have been proposed for transferring continuous media data. However, on a network environment like WAN that does not have enough bandwidth, NFS-based services are not suitable since they do not provide QoS function. To solve this problem, our research group proposed a remote access method of continuous media data by modifying file access APIs. However, the coverage of this method is limited. In this paper, we propose a remote access method of continuous media data using file system which provides QoS function. To solve the problem of the method with file access APIs, when a quality of media data need to be deteriorated, the file system of our method supplements data with padding according to the format of continuous media data so that file size of continuous media data will not be changed. This paper also discuss a design and implementation of the proposed method and shows that our method is effective even on narrow band network environment.

(2) An Anti-Phishing Method by Detecting Hijacked Brand Names in Spoofed Emails

Kensuke Shibata (NTT Information Sharing Platform Laboratories NTT Coporation)
Yosuke Aragane (NTT Information Sharing Platform Laboratories NTT Coporation)
Osamu Shionoiri (NTT Information Sharing Platform Laboratories NTT Coporation)
Atsushi Kanai (NTT Information Sharing Platform Laboratories NTT Coporation)

In recent years, many people use email and various online services by the wide use of Internet. In that context, phishing attacks which aim at users' personal information become a serious threat. In this paper, we propose an anti-phishing method. This proposal method has a function of URL verification by using white list of legitimate web sites. To counter the social engineering technique, we focus attention on the hijacked brand name in spoofed emails. We show the prototype system of our method and the evaluation about precision in detecting the hijacked brand names.

(3) Proposal of an AntiPhishing system by the HTTP request analysis that used proxy

Motohiko Nakamura (Graduate School of Science Engineering Chuo University)
Masato Terada (Research and Development Initiative Chuo University)
Yuji Chiba (Research and Development Initiative Chuo University)
Norihisa Doi (Graduate School of Science Engineering Chuo University)

Phishing is a type of deception designed to steal your personal data and damage by it is reported to have spread over these years. Some preventive measure has been proposed but their effect is not satisfactory. Because most of them cannot detect Phishing sites they does not know as they find Phishing sites based on blacklist. To solve this problem, we propose a method to detect unknown phishing sites by watching HTTP request using proxy to detect the characteristics of the Phishing sites (short continuation period, and so on) to warn the HTTP client how suspicious the target site is. We evaluated effectiveness of the proposed method by using the prototype system we have implemented.

(4) A Study on a Method for Observation of Mail Sender

Tetsuro Kito (Hitachi Ltd.)
Hiroshi Kawasaki (Hitachi Ltd.)
Tomoaki Yamada (Hitachi Ltd.)
Masato Terada (Hitachi Ltd.)

E-mails tend to be the base of various types of attacks such as phishing frauds and mass-mailing worms. Based on the idea that it is necessary to construct a system which we can observe senders of abuse mails over a wide area, in this paper, we studied on a system that we can observe senders of abuse mails using information such as flow statistics information, spam mail information and virus mail information, and we can look down upon correlation over several areas. By using this system, we can figure out the trend of various types of attacks and detect steppingstone computers.

(5) Virtual and Real Presence Information Integrated with RFID and Instant Messaging Agent

Yuichi Nakamura (Tokai University)
Hiroaki Kikuchi (Tokai University)

We developed a presence information management system which uses RFID and instant messaging agent as a representative "push" type communication. With our system, noticing dual online status in both real and virtual spaces, a better quality of user support is provided.

(6) Positioning Techniques with RFtags for Mobile Terminals

Miho MIZUTANI (Graduate School of Information Shizuoka University)
Kazuo HIDA (Graduate School of Information Shizuoka University)
Hiroshi MINENO (Faculty of Information Shizuoka University)
Naoto MIYAUCHI (Mitsubishi Electoric Corporation)
Tadanori MIZUNO (Faculty of Information Shizuoka University)

Many Positioning Technology for indoor have been researched. But there is no technology in popular use as if GPS in outdoors. We propose that location technique MobiTra(Mobile Detectors' Location Tracking System) for solving cost and devices problems. In this paper, we describe Positioning Technique for Mobile Terminals using information from RFID readers' variable signal area.

(7) Information Retrieval Platform on Sensor Network

Rui Kubo (NTT Cyber Space Laboratories NTT Corporation)
Yoshifumi Manabe (NTT Cyber Space Laboratories NTT Corporation)
Satoshi Moriai (NTT Cyber Space Laboratories NTT Corporation)

This paper proposes a sensor information retrieval platform which exploits information generated by ubiquitous sensors. Our platform improves the usability of sensor information, because our platform stores and searches meta information generated by each ubiquitous artifact. This paper describes some of the core functionalities of the system: binding artifacts and programs to acquire meta information, aggragateing meta information generated by each artifact. We prototype a sensor information retrieval system on our platform and show effectiveness of our platform.

(8) A Packet Filtering Rules Compression by Decomposing into Matrixes

Katsushi MATSUDA

Packet filters are essential for organizations that are connected to the Internet. Network administrators have to understand precisely complicated rules to manage the packet filter. Management cost, however, will rise gradually as the number of the rules increase at daily operation. In this paper, we propose a novel model called "matrix decomposition" which enables to analyze rules of filtering, and a rule set compression method using this model. We formulated three techniques, removable rules detection, revisable rules detection and rules combination, and implemented a prototype system. The experiment using an actual rule set showed that our system could reduce the number of rules from 525 to 348, namely the compression ratio was 66.3%.

(9) Internet Broadcasting System with Fingerprint for Detterrence of Unauthorized Duplication

Hiroki Onishi
Tetsutaro Uehara
Takashi Satoh
Katsunori Yamaoka

Internet-based content distribution systems are now providing new business opportunities. Given this background, this paper discusses the fingerprinting, which act as a psychological deterrent to illegal copying and distribution of copyrighted contents. As a fingerprint code, this paper assumes the use of TA code because it is superior in term of tolerance for collusion. We also present fingerprinting method to prevent leakage of content that has not yet had watermarks embedded. In proposed method, content are scrambled at the server and are descrambled at the receiver. However, some are left scrambled. The scrambled positions in the content constitute the fingerprint. Implementation of an application system is also described. We demonstrate that an Internet-based pay broadcasting system can be implemented efficiently using proposed fingerprinting to protect copyrighted contents.

(10) Stealth-Lin6 : Anonymizing IPv6 mobility communication

Takahiro Ichikawa
Ayumi Banno
Fumio Teraoka

This paper proposes a protocol called Stealth-LIN6 (SLIN6) which provides mobility and anonymity in IPv6. SLIN6 is based on LIN6, a mobility protocol in IPv6. It achieves anonymity of node's identity in the IP layer by dynamically generating addresses at each transmission and also achieves anonymity of node's location by introducing proxies specific to SLIN6. SLIN6 was implemented on FreeBSD. The measured results show that SLIN6 has negligible overhead in communication.

(11) Fingerprinting System Depending On An Anonymous Third Party Authentication Using An Assumption of Computationally Measurable Obfuscation

Kazuo OHZEKI
CONG Li

The authors propose an fingerprinting system which hides embedding method and disclose detection software. The system depends on anonymous the third party in open area for detecting embedded fingerprint. The obfuscation is assumed to be computationally measurable. The detection software is able to have an arbitrary complex level by iteratively adopting the obfuscating process.

(12) Campus PKI in Osaka University

Shingo OKAMURA (Cybermedia Center Osaka University)
Yuuichi TERANISHI (Cybermedia Center Osaka University)
Toyokazu AKIYAMA (Cybermedia Center Osaka University)
Ken-ichi BABA (Cybermedia Center Osaka University)
Hirotaka NAKANO (Cybermedia Center Osaka University)

In Osaka University, a campus-wide authentication infrastructure based on public keys, called Campus PKI, is being constructed to make computer systems more secure. A public key authentication is more secure against password cracking than a password authentication. At the constructing of the Campus PKI, some issues of operations and applications of the Cam-pus PKI are discussed. In this paper, the discussions are described and the configuration of the Campus PKI is shown.

(13) Channel Reservation Protocol for High Throughput in Multi-channel Wireless Multihop Networks

Hiromi Tsurumi (Tokyo Denki University)
Minami Narasawa (Tokyo Denki University)
Hiroaki Higaki (Tokyo Denki University)

Mobile wireless networks such as ad-hoc networks, sensor networks and wireless multihop access networks consist of multiple mobile computers with wireless communication modules. Here, for achieving higher connectivity even with limitted battery capacity, wireless multihop message transmission is adopted. For providing higher end-to-end throughput to network applications which require large-scale data transmission such as sensor data and multimedia data, this paper proposes a novel method of channel assignment for wireless multihop networks. Here, it makes clear restrictions of channel assignment for avoiding contention and collision of wireless signal transmission and designs a channel reservation protocol according to the restrictions.

(14) Reduction of Location Acquisition Overhead in Greedy Routing Protocol

Mika Watanabe, Minami Narasawa, Hiroaki Higaki

For development of ad-hoc networks and sensor networks where wireless multihop message transmission among multiple mobile computers, design and implementation of routing protocols with lower communication overhead are critical. Here, characteristics and performance of a routing protocol primarily depend on the method for transmission of Rreq to a destination mobile computer. Many ad-hoc routing protocols apply flooding of an Rreq message. Greedy routing protocol transmits an Rreq message without flooding. Each mobile computer receiving an Rreq message determines its next hop mobile computer only by location of neighbor mobile computers. Here, it is required for each mobile computer to exchange its location repeatedly since up-to-date location of all neighbor mobile computers is used for determination of a next hop mobile computer. This paper proposes a novel ad-hoc routing protocol NB-Greedy (No Beacon Greedy) routing protocol which determines a next hop mobile computer without location of neighbor mobile computers.

(15) Reduction of Location Acquisition Overhead in FACE Routing Protocol

Minami Narasawa (Tokyo Denki University)
Hiroaki Higaki (Tokyo Denki University)

For development of ad-hoc networks and sensor networks where wireless multihop message transmission among multiple mobile computers, design and implementation of routing protocols with lower communication overhead are critical. Here, characteristics and performance of a routing protocol primarily depend on the method for transmission of Rreq to a destination mobile computer. Many ad-hoc routing protocols apply flooding of an Rreq message. FACE routing protocol transmits an Rreq message without flooding. Though each mobile computer receiving an Rreq message determines its next hop mobile computer only by location of neighbor mobile computers, it surely detects a message transmission route; i.e. no deadend. However, it is required for each mobile computer to exchange its location repeatedly since up-to-date location of all neighbor mobile computers is used for determination of a next hop mobile computer. This paper proposes a novel ad-hoc routing protocol NB-FACE (No Beacon FACE) routing protocol which determines a next hop mobile computer without location of neighbor mobile computers and achieves the same message transmission route as FACE.

(16) Dynamic Modification of Malthop Transmission Route for Higher Reliabilty in Wireless Ad-Hoc Networks

Mina Shimada (Tokyo Denki University)
Minami Narasawa (Tokyo Denki University)
Yuya Numata (Tokyo Denki University)
Hiroaki Higaki (Tokyo Denki University)

In a mobile ad-hoc network, network topology changes dynamically due to mobility of computers, battery consumption and failure of mobile computers. Until now, many ad-hoc routing protocol tolerating such changes of network topology have been proposed. Here, all data messages are forwarded by all mobile computers included in a message transmission route detected by an ad-hoc routing protocol. No intermediate mobile computers are added and removed other than in route repair and switching. This paper proposes a dynamic modification of a message transmission route for achieving higher reliable end-to-end data message transmission in an ad-hoc network. Here, data messages are retransmitted not by a previous hop mobile computer but by another mobile computer which receives them correctly and is the nearest to a next hop mobile computer. This paper shows a routing protocol and a data message transmission protocol for the dynamic route modification according to the surrogate of retransmission.

(17) A consideration of a NAT detection technique using IPid

Teruaki TAKAHASHI (Department of Infomatics Graduate School of Engineering Science Kogakuin University)
Toshifumi KAI (Advanced Technologies Development Laboratory Matsushita Electric Works Ltd.)
Katsuyuki SHINOHARA (Computer Science and Communication Engineering Kogakuin University)

When a PC which the connection is not being granted the permission is connected with an in-house network, a malicious user might thieve private information, even if a user not malicious, confusion might be caused by the virus. Therefore, some technologies that detect unapproved PC connection in the network as the MAC addresses of all connected PC are registered beforehand are developed. However, there is a problem that it is possible to escape from detection by using NAT (Network Address Translator) and the NAT detection technology is necessary to prevent this. We arrange the problem concerning the NAT detection using IPid in this text, and we propose a technique for overcoming them. In addition, we evaluate the number of observations of packets and the correct answer rate of the NAT judgment by the simulation.

(18) A Case of On-demand VPN with a Method for Communication between Independent Private Network Areas Using Virtual Address

Kuniharu ARIMA (NTT DATA Corporation)
Hiroaki KAMODA (NTT DATA Corporation)
Tomoyuki HOSHIKAWA (NTT DATA Corporation)
Masaki YAMAOKA (NTT DATA Corporation)

On-demand VPN (Virtual Private Network) system makes it possible to set up and control a VPN simply and securely between any set of routers on the Internet, as needed. However, it is impossible for the On-demand VPN system to communicate between different private network areas, if same local IP addresses are used in the two private network areas. In this paper, we propose a method for communication between independent private network areas using virtual address. We also evaluate the functionality and performance of the method by using On-demand VPN router prototype.

(19) Estimation of a Number of Malicious Hosts Based on the Scan Logs Observed by Internet Scan Data Acquisition System

Hiroaki Kikuchi (Tokai University)
Naoya Fukuno (Tokai University)
Masato Terada (Hitachi, Ltd.)
Daisuke Kikuchi (Chuo University)
Norihisa Doi (Chuo University)

In this paper, based on the scan logs observed by JPCERT/CC ISDAS, we try to exactly estimate a number of maliscious hosts which are infected with worm or computer virus in the Internet.

(20) Practice and Problems of Information Security Education by Industry-University Cooperation

Ryoichi Sasaki (Tokyo Denki University)
Tsuyoshi Matsuda (HUCOM)
Eiji Itoh (HUCOM)

To solve a problem of threads to the security that increased with the spread of Internet, information security education is becoming essential. However, in the year 2003, the situation was inferior in comparison with foreign countries. Therefore, authors decided to start the education for members of society and university in cooperation with the security education organization and university. This paper deals with the practice and problems on information security education performed in 2004 and 2005 by SEA/J and Tokyo Denki University.

(21) Exploring Security Countermeasures along the Attack Sequence

Taketoshi Sakuraba (Hitachi,Kyushu University)
Seiichi Domyo (Hitachi)
Koichi Sakurai (Kyushu University)

A systematic method of exploring security countermeasures is proposed. For each attack, one can consider the moments along the time sequence of the attack, and for each of the moment, one can define the approach of counter measure which is effective at the moment against the attack. One could extract new approaches from the existing countermeasures, and think of new countermeasures based on the new approaches against other threats and attacks.

(22) The suggestion of the security solution in the company which used IT base effectively

Hidenobu SENOO

Recently, the measure against security attracts attention as a social problem. Specific types of industry, such as IT related company, are not asked, but the importance of the measure against security is recognized in the large range. IT is utilized in many scenes of corporate activity, such as formation of a pay palace of an E-mail or information. And the information is managed by IT system. The measure against security from the viewpoint of the measure against security as a company to these IT systems is important. However, as the measure against security of IT system, the optimization of the range of a security function or the investment program of systematization which should be systematized has been a subject. The measure against security to IT system is a prevention disposal-means against an information leak, and is not investment for the purpose of an operating process improvement. If premised on the present condition to which IT system became wide range, it can be said that judgment of the investment efficiency of the security measure expense to IT system is a difficult situation. In this report, the future security IT systems configuration optimal as a company is discussed. Moreover, the importance of a security systems configuration is proposed to the CIO and CEO of a company or an organization.

(23) Proposal of network operation support system for secure Intranet operation

Mitsuhiro HATADA (NTT Communications Corporation)
Hirofumi NAKAKOJI (Hitachi, Ltd.)
Masaya YAMAGATA (NEC Corporation)

In Intranet such as a corporate network, the site that is the network of the branch and each section is connected mutually, and various problems in the security management exist. In this paper, as one of the solutions, we propose the network operation support system that achieves secure Intranet operation by sharing the quantity evaluation of the vulnerability and the threat of the site between sites.

(24) Proposal of novel countermearsure against the Selfish Node by using the DHT in Ad Hoc network

Takeshi Ogino
Shin-ichiro Kaneko
Shintaro Ueda
Hiroshi Shigeno
Ken-ichi Okada

With the rapid deployment of mobile electronic devices with wireless interfaces, mobile computing networks are growing. Therefore Ad Hoc networks where packets are forwarded among users will become more common. However, the existence of selfish nodes which act uncooperatively, will effect the fairness of the Ad Hoc network and even may eventually make the network fall. This is a nontrival issue in Ad Hoc networks in the terms of security perspectives. Therefore in this paper we will propose a method where selfish nodes are not expeled from the network but stimulated to cooperate with the other nodes.

(25) The Inspection of Large Scale Mobile Ad hoc Network Proof Experiment at EXPO 2005 AICHI, JAPAN

Kenji Ito (Nagoya Institute of Technology)
Kimitake Wakayama (Nagoya Institute of Technology)
Akira Iwata (Nagoya Institute of Technology)
Hidekazu Umeda (Skyley Networks,Inc.)

From June to July 2005, we have executed an experiment of large scale mobile ad hoc networks using 130 mobile wireless LAN terminals as "IT Proof Experiment" at "EXPO 2005 AICHI, JAPAN". The purpose of this experiment is to examine our position estimation method on ad hoc networks, and secure communication protocol based on authentication and encrypted communication (PKI). It has been confirmed that multi hop communications between many moving terminals were possible, but the more terminals using, the more packet collisions occurred because of message increasing. A method to change routing parameters dynamically is proposed in this paper. It has been investigated the proposed method can reduce messages than conventional method using static parameters though keeping same delay time.

(26) Evaluation of Checkpoint Protocol for Mobile Ad Hoc Network

Masakazu Ono (Tokyo Denki University)
Hiroaki Higaki (Tokyo Denki University)
Akeo Adachi (Tokyo Denki University)

For achieving mission-critical network applications, checkpoint recovery protocols have been researched and developed. In coventional protocols for wired networks, stable storages to store state information are assumed and enough bandwidth is assigned to synchronize a sender and a receiver computers of a message in order to avoid that the message becomes inconsistent, i.e. neither orphan nor lost. In this paper, we propose a novel checkpoint protocol in ad hoc networks without stable storage and enough communication bandwidth. Here, a checkpoint request message is delivered by flooding. State information of a mobile computer is carried by this message and stored into neighbor mobile computers. A candidate of a lost message is detected and stored by intermediate mobile computer on its transmission route. Here, communication overhead for taking global checkpoint is reduced. Additionally, in this paper, evaluations of between the proposal protocol and previous protocols are shown.

(27) RIN-XML Signature Tool which Enables Ring Signature to Guarantee Anonymity

Mari Ueyama (Dept. of Info. Media Technology, School of Info. Technology and Electronics, Tokai University)
Hiroaki Kikuchi (Dept. of Info. Media Technology, School of Info. Technology and Electronics, Tokai University)

We implemented a ring signature tool on Java that guarantees anonymity. This tool combines RSA with Schnorr signature to construct a ring signature. We adopt an XML signature format to sign on various objects. In this paper, we show the performance of the tool which proves the practicality of a ring signature.

(28) On the Security of the Sanitizable Signature Scheme PIAT

Tetsuya Izu
Masahiko Takenaka

Sanitizable signature scheme allows specific entities (called sanitizers) to alter a message (sanitization) after generating a signer's signature on the message which is valid for the altered message. PIAT is the sanitizable signature scheme proposed by Takenaka et al. Although Izu et al. studied the unforgeability of PIAT, they did not consider dishonest sanitizers well. In this paper, we propose two attacks and discuss the security of original and improved PIAT in detail. Especially, we show that PIAT combined with the general aggregate signature establishes the high security against proposed attacks.

(29) Group Signature Scheme with An Efficient Revocation

Daiji TANAKA (School of Information Science,Japan Advanced Institute of Science and Technology(JAIST))
Atsuko MIYAJI (School of Information Science,Japan Advanced Institute of Science and Technology(JAIST))

The group signature scheme with efficient computational cost of verification and signature length that uses bilinear maps is proposed. But these scheme is problem that computational cost of verification depends on revoked member. So we propose the group signature scheme that doesn't depend on revoked member. This scheme divides a member into a sub-group and controlls it. By using proposed scheme, cost of signature verification depends on revoked member who belongs to sub-group.

(30) Invited Presentation

Eitarou Hamuro

(31) A Proposal of Policy based VPN using Virtualized Network method

Kooshin IWATA
Minoru NAKAZAWA
Yasushi SENGOKU
Shimmi HATTORI

A VPN is a technology which connects two hosts by a virtual private line. It enables us to safely access Intranet of a company or a university via Internet from our house or out-of-doors. The VPN which constructs a virtual network interface on the machine communicates with remote networks without needing to correct the program. However, this particular VPN automatically rewrites the routing table of the network, which might influence other programs during communication. In this paper, we propose a policy-based-VPN which constructs a virtual network environment at each program, which does not influence other programs during communication.

(32) Section Packing Mechanism with Threshold for ULE Encapsulation and its effectiveness in IP over DVB satellite

Zul Hilmi Zulkifli (Department of Frontier Informatics, Graduate School of Frontier Sciences, University of Tokyo)
Masaya Nakayama (Department of Frontier Informatics, Graduate School of Frontier Sciences, University of Tokyo)

As an open standard DVB system provides an affordable mean to use satellite for last one mile connection. MultiProtocol Encapsulation (MPE) is currently the standard to encapsulate IP packet into DVB format. However due to many unnecessary overhead involve in MPE, Ultra Light Encapsulation (ULE) has been proposed as the replacement and currently under standardization process. ULE explicitly defines 2 modes of IP packet encapsulation i.e. padding mode and section packing mode. Section packing mode is significantly more efficient than padding mode. Nevertheless, it has packing delay (PD) drawback that may not preferable for time-sensitive applications. Previously no work has been done to evaluate PD in actual IP traffic pattern and their characteristic. In this paper we propose utilizing both padding and section packing mode simultaneously using section packing threshold setting based on PD limitation to overcome or at least reduce packing delay problems and at the same time maintaining high encapsulation efficiency associated with section packing mode. We do evaluation based on client-server traffic model for the proposed method. We show that our proposal is as efficient as section packing without threshold and over 50% more efficient compare to padding mode in client traffic and over 10% more efficient in server traffic.

(33) Property Analysis of Heavy-tailed Traffic by Simulator

Takuo Nakashima (Department of Information Science Kyushu Tokai University)
Mamoru Tsuichihara (Department of Information Science Kyushu Tokai University)

The scale-invariant burstiness or self-similarity has been found in real network. Relation between self-similarity and network and/or system parameter is mainly discussed in the context of end-to-end data transmission environment, and this self-similarity is mainly caused by the file size of Web servers or the duration of user sessions On the other hand, the accesses to Web servers are not uniformly distributed, but are confined to specific Web servers such as search engine sites or portal sites, and other elements of network parameters are not clearly described in the context of self-similarity. In this paper, we have investigated the property of self-similar traffic varying the network environment using the network simulator. After analyzing the simulated results, following properties were extracted. Firstly, heavy-tailed distribution of file size induces self-similarity,especially in the case of small alpha. Secondly, distribution with power law of data rate emphasize self-similarity. Finally, greater error rate induces to activate the fluctuation of the throughput, and remains self-similar property.

(34) A Proposal of Spyware Detection using Traffic Analysis

Akira YONAHARA (NTT Data Corporation)
Hisamichi OHTANI (NTT Data Corporation)
Tatsuya BABA (NTT Data Corporation)
Tsutomu INADA (NTT Data Corporation)

Currently, The damage of the spyware expands rapidly,its threat is expected to extend to the enterprise network in the future. However,spyware intrude so as not to be discivered by the user and hide cleverly,therefore countermeasures for spyware have been becoming difficult. The general countermeasures for spyware is the method of introducing anti-spyware software into all PC. In the enterprise network,there is a problem that the introduction and management is difficult. In this paper,we propose spyware traffic detection and prevention using traffic analysis.

(35) A countermeasure against insider with detection of suspicious behavior (part2)

Hirokazu Maruoka (Graduate School of Informatics, Shizuoka University)
Toshifumi Sugiura (Research Institute of Electronics, Shizuoka University)
Masakatsu Nishigaki (Faculty of Informatics, Shizuoka University)

We proposed a real-time detection of internal fraud by sensing insider's suspicious behavior in our previous work, but in which we found that experimented insiders could be able to control their behavior and avoid detection of their fraud. Therefore, in this paper, we introduce to detect heartbeat interval of insiders. It is well known that when human being gets nervous, his/her heartbeat interval will immediately change. Since it is impossible for human being to control heartbeat, it is expected that using heartbeat interval as a suspicious behavior makes it more difficult for even experienced insiders to avoid detection. By conducting some experiments, we evaluate its effectiveness.

(36) A keylogger detection using dynamic API inspection

Tomohiro Takami
Koichi Suzuki
Tatsuya Baba
Shusuke Maeda
Takaaki Matsumoto
Masakatsu Nishigaki

This paper proposes a keylogger detection scheme by monitoring APIs employed by keylogger to capture user's keyboard input. API inspection is one of efficient ways for keylogger detection, since the use of keyboard-input-related APIs is a typical behavior found in keyloggers. To achieve this, we create a modified DLL which can detect the use of these APIs. By executing a program with the modified DLL, we can check whether the program includes any of these APIs or not. We can say that this scheme is in the category of dynamic heuristic virus detection (in dynamic heuristic detection, programs are executed in "virtual" machine to check virus behavior; in the proposed scheme, programs are executed with virtual DLL to check keylogger behavior). This paper carries out basic experiments to evaluate its detection rate and false detection rate.

(37) Implementation and Its Evaluation of Distributed Hash Tables for the Ubiquitous Network.

Motohiro TOKUHAMA (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)
Minoru NAKAZAWA (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)
Shimmi HATTORI (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)

This paper describes the applicability of the P2P system which uses the distributed hash table for participation and secession of the node assumed by ubiquitous network. The distributed hash table is a method for the decentralization of information to the node. There are various methods to form the distributed hash table. We explain the composition and implementation method of the routing table form and the tree structure form of the P2P system. We compared the performance of node retrieval when the node of the system participates, secedes, and during its regular operation by computer simulation. As a result, it turned out that the system of the tree structure form doesn't decrease the node retrieval performance.

(38) A Proposal of DRM System over P2P Network using Mobile Agents

Takehiko SAITO (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)
Yasuna NAKANO (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)
Minoru NAKAZAWA (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)
Shimmi HATTORI (Graduate Program in Systems for Intellectual Creation, Kanazawa Institute of Technology)

In this paper, we propose the Digital Rights Management System which employs Active-Safety technology together with Passive-Safety technology to control distribution of contents over peer-to-peer networks. The former is used for prevention of improper transfer of digital contents in case of the violation of use conditions or tampering with digital contents. The later is used for pursuing illegal peers by mobile agents in case of tampering with digital content information files, tracing the record of its transfer path. We have verified its feasibility over JXTA peer-to-peer network.

(39) Design and Implementation of Multiuser Voice Chat System Applying 3D Sound Space Emphasized by Visual Information

Jun Ohashi (Graduate School of Information Science, Nara Intsitute of Science and Technology)
Takahiro Hirofuchi (Graduate School of Information Science, Nara Intsitute of Science and Technology)
Eiji Kawai (Graduate School of Information Science, Nara Intsitute of Science and Technology)
Kazutoshi Fujikawa (Graduate School of Information Science, Nara Intsitute of Science and Technology)
Hideki Sunahara (Graduate School of Information Science, Nara Intsitute of Science and Technology)

We propose and implement "Space Sharing" multiuser voice chat system which can contain parallel conversations in the same communication space. To realize parallel conversatoins, the proposed system uses a concept of distance and direction at communication space using 3D sound. Limitation of Sound Devices and 3D sound libraries make it difficult to distinguish each conversation at same communication space. To resolve this problem, we propose the way to move sound sources to readily-observable position and emphasize source localization by visual information. We verify the effectivity of this proposed method.

(40) A Buffer Overflow Detection Technique Using Memory Protection Facility

Makito SHIOKAWA (Graduate School of Global Information and Telecommunication Studies, Waseda University)
Hidenori NAKAZATO (Graduate School of Global Information and Telecommunication Studies, Waseda University)
Hideyoshi TOMINAGA (Graduate School of Global Information and Telecommunication Studies, Waseda University)

Software bugs can cause intrusion. Overwhelming number of incidents exploiting bugs which cause buffer overflow are reported. The attack exploiting buffer overflow corrupts data which is placed after an array. If it is possible to detect buffer overflow when it occurs, data corruption could be prevented. In this research, we propose a buffer overflow detection technique using memory protection facility to prevent the attack exploiting buffer overflow.

(41) An Obfuscation Technique with Tampar-resistance against Dynamic Analysis

Taro Hattori
Masakazu Soshi
Atsuko Miyaji

Obfuscation is an effective means to protection of software and many obfuscation techniques have so far been proposed. However most of the previous obfuscation techniques paid attention to tamper-resistance against static analysis only. Therefore in this paper we propose an obfuscation technique which is tamper-resistant to dynamic analysis. We show that the difficulty of conducting dynamic analysis on programs whose execution paths depend on external inputs is in NP-Hard. This fact gives our obfuscation techuniqes a theoretical foundation.

(42) The proposal of the version control system for presentation data, and the experiment of the progress management of the research

KENJI MORIMOTO (NARA Institute of Science and Technology)
HIDEKI SHIMADA (NARA Institute of Science and Technology)
KAZUTOSHI FUJIKAWA (NARA Institute of Science and Technology)
HIDEKI SUNAHARA (NARA Institute of Science and Technology)

There are many opportunities to edit presentation data. When editing presentation data repeatedly,there is very much information to treat. In spite of treating much information,it depends for those managements on memory of man. So,in this research,the version control system using the comment writing from a participant was proposed to the presentation data edited repeatedly. When the system was actually used,an understanding of a participant deepened and the burden of edit work decreased.

(43) Access Control Mechanism for Name Resolution using Authorization Certificate

Takeshi Kamiyama (Dept. of Frontier Informatics,Graduate School of Frontier Sciences,The University of Tokyo)
Masaya Nakayama (Dept. of Frontier Informatics,Graduate School of Frontier Sciences,The University of Tokyo)

Using DNS Name Resolution, everyone can look up the host with desirable services. In modern Internet, there are many services not intended for everyone but only to limited users. It is undesirable for these services to be not only used but also looked up by unknown users. However, because DNS usage is unrestricted, protecting each resource explicitly is not well discussed. In this paper, we propose an access control mechanism for name resolution in DNS that identify user and access right by requiring Authorization Certificate to be shown.

(44) Design of dynamic resource management middleware for distributed real-time systems

Kazuhiro MURAYAMA
Haruyuki Ohtani
Hiroyuki Sato
Masayuki Meguro
Nobuyuki Miyamori
Shinichi Ochiai

Dynamic real-time systems, such as sensor information processing systems, should keep QoS requirements in case of constant changes of external environments, overload of internal systems, system failure, and so on. To enable this demand, we have been developing dynamic resource management middleware which performs prediction of QoS failure, reallocation of computer resources to achieve acceptable levels of QoS, data consistency between replica processes. In this paper, we describe the design of our middleware.

(45) Scheduling considering User Satisfaction in Adhoc Grid Environment

Takashi IWAMURA,Hitoshi AIDA

Recently, the technologies enabling short-lived, transient, small and ad hoc collaboration in Grid environment, called "Adhoc Grid" are desired. Adhoc Grid is constructed by some users providing their computing resources and used with each other. In this environment, users join to Adhoc Grid with various expectations and measures of value and it is very important to improve user satisfaction based on them. As a research including the key word "User Satisfaction", Economy based scheduling exists. But Economy based scheduling doesn't improve explicitly user satisfaction based on specific expectation or measure of value. In this paper, we picked up fairness based user satisfaction, proposed scheduling method which extends Economy based scheduling to improve it, and evaluated it with simulation.

(46) Anomaly Network Traffic Detection System using Multi-Probes

Nobuyuki Nakamura
Toshihisa Nakai

Many nodes, which are infected by worms, are spreading all over the internet. These nodes are called bots, and these bots may construct botnets. Botnets' behavior is now a potential risk to the everyday operation of the internet. This paper proposes the way to detect the anomaly of the network traffic at the early stage of the strange behavior of the botnets by defining "anomaly degree". Anomaly degree is calculated by the statistics of the network traffic observed by a monitoring node, called probe. By combining, comparing and analyzing the results of multiple probes, we can detect a large scale network traffic anomaly events in the early stage and moreover we can estimate the source of anomaly.

(47) An unknown-worm and mutated-worm detection scheme based on capturing self-initiated READ behavior

Koichi Suzuki (Faculty of Informatics, Shizuoka University)
Takaaki Matsumoto (R&D Headquarters,NTT Data corp)
Tomohiro Takami (Faculty of Informatics, Shizuoka University)
Tatsuya Baba (R&D Headquarters,NTT Data corp)
Shusuke Maeda (R&D Headquarters,NTT Data corp)
Masakatsu Nishigaki (Faculty of Informatics, Shizuoka University)

Worm infection is just to copy the worm onto other PC by way of a network connection. Therefore,it is observed as the following behaviors;(1)COPY:read their own executable file,and (2) PASTE:write the file onto the stream communication API. This paper proposes to use this type of worm`s "self-initiated READ behavior" for unknown-worm detection. It is expected that the worm detection scheme based on capturing self-READ behavior could be applicable to a variety of worms including mutated-worm since this behavior is basically found in most of them. Moreover,this scheme could achieve real-time worm detection because the self-READ behavior can be done just by capturing the file access of every process. In this paper,the conceptual design of the proposed scheme is described and its feasibility is investigated by using a tool kit to capture the file access in the OS.

(48) A Study of Timing to Block Unknown Worms

Kazumasa OMOTE (Fujitsu Laboratories Ltd.)
Takeshi SHIMOYAMA (Fujitsu Laboratories Ltd.)
Satoru TORII (Fujitsu Laboratories Ltd.)

The worm countermeasure in an enterprise network is increasingly important. The major worm countermeasure detects a worm with the pattern files offered by the vender. The method applies only to known worms, and always ends up reacting after the worm spreading. On the other hand, there are some methods to detect and intercept a known / unknown worm from the behavior of network packets. To detect the worm from its behavior of packets, the methods need to observe some amount of packets until they detect the worm packets. The worm does not spread completely in the enterprise network even if a single node is infected by a worm. So, we need to know the number of worm packets to prevent them from spreading in the enterprise network. In this paper, we propose the method to give the maximum number of worm packets using the discrete mathematical model.

(49) Implementation of the Worm Prevention System Following the Infection Process and Its Evaluations

Shusuke MAEDA (NTT Data Corporation)
Tatsuya BABA (NTT Data Corporation)
Hisamichi OHTANI (NTT Data Corporation)
Masataka KADO (NTT Data Corporation)
Tsutomu INADA (NTT Data Corporation)

The network incidents caused by Internet worms are increasing every year. Infection of worms that exploit the vulnerabilities can be prevented by applying software patches or installing anti-virus software. However, it is impossible to prevent an infection of worms that exploit unknown-vulnerabilities. Although enhancements of security measures at the network boundaries such as firewalls are effective, such enhancements cannot prevent the internal-infection caused by connecting infected terminals to the intranet. In this paper, we implement "worm prevention system following the infection process" that we proposed previously , and evaluate its functional capabilities.

(50) A Proposal of User-oriented Web Application Interaction Supporting Method by The Client Program

Fumihiro MIYAJIMA (School of Information Science, Japan Advanced Institute of Science and Technology)
Mikifumi SHIKIDA (Center for Information Science, Japan Advanced Institute of Science and Technology)

This paper proposes the user-oriented web application interaction supporting method by the client program. A manualy Web application interaction of user is recorded by the client program. Reuse of this record supports the user. Interaction processing currently performed on the server service has many problems. The improvement in the coverage of service is difficult from a viewpoint of additional cost. Then, a user creates a interaction processing process by himself, and this process aims at improvement in the coverage of service.

(51) Evaluation of Movie Recommendation System considering both users' personality and situation.

Chihiro Ono (KDDI R&D Laboratories Inc.)
Youichi Motomura (National Institute of Advanced Industrial Science and Technology)
Hideki Asoh (National Institute of Advanced Industrial Science and Technology)

With the flood of various information and contents through the Internet, the need for recommendation systems that assist users in finding the information they desire is increasing. For realizing timely movie recommendation, both the user' s personality and his situation should be considered at the same time as user preference may change according to his situation such as mood and location etc. We have proposed a recommendation system which achieves context-aware personalized recommendation based on Bayesian network by making use of various information related to user profiles, histories, situations, and content attributes. So far there is no perfect methodology for evaluating usefulness of the recommendation systems as the accuracy is not necessarily connected with the user satisfaction. In this paper, we discuss the evaluation methodology for a movie recommendation system and show the result of basic experiments.

(52) Proposal of a Distributed Deduction Mechanism for Context-Aware Services

Ryuzo Otani (Graduate School of Information Science and Technology, Osaka University)
Susumu Takeuchi (Graduate School of Information Science and Technology, Osaka University)
Mikio Yoshida (BBR Inc.)
Yuuichi Teranishi (Cyber Media Center, Osaka University)
Kaname Harumoto (Graduate School of Engineering, Osaka University)
Shinji Shimojo (Cyber Media Center, Osaka University)

In the ubiquitous environment, it is expected to realize context-aware services which change their contents according to user context. To derive user context, deduction reasoning is effective since it can derive the relationship between information dynamically and flexibly using the rules. Existing deduction reasoning systems assume the information needed for processing are collected beforehand, which causes the problems to realize scalability, freshness, and flexibility that are required in ubiquitous environment. In this paper, we propose an distributed deduction mechanism which can process the rules without collecting the required information for processing. We also propose a query algorithm based on the rule normalization method. We evaluated the effectiveness of the proposals using the realistic value.

(53) A Compound Contents Delivery Method Based on Service Composition in Wireless Environment

Kazuya Uyama (Grad. Sch. of Info. Sci., Nara Institute of Sci. and Tech,)
Morihiko Tamai (Grad. Sch. of Info. Sci., Nara Institute of Sci. and Tech,)
Yosihihiro Murata (Grad. Sch. of Info. Sci., Nara Institute of Sci. and Tech,)
Naoki Shibata (Dept. of Info. Proc. and Man., Shiga Univ)
Keiichi Yasumoto (Grad. Sch. of Info. Sci., Nara Institute of Sci. and Tech,)
Minoru Ito (Grad. Sch. of Info. Sci., Nara Institute of Sci. and Tech,)

As the progress of wireless communication technology and portable computing devices such as PDAs and cellular phones in recent years, users are requiring to use more advanced services through those terminals. One promising service is watching multiple multimedia contents simultaneously. In this paper, we propose a method to efficiently deliver video contents to users who want to watch multiple videos simultaneously on the specified layouts. When many users want to receive and play back multiple video streams with various combinations and layouts, it would be difficult to satisfy all users' requirements due to restrictions on network resources and each terminal's computational resources.In the proposed method, we introduce proxies and allow them to receivemultiple video contents from corresponding servers and mix them intoone video content in real-time according to the layouts which users specify. We have developed a greedy algorithm which calculates the set of mixed contents to be delivered within the available wireless network bandwidth, so that the sum of satisfaction degrees of all users is maximized. Throus experiments, we confirmed that our proposed method can achieve much higher user satisfaction degrees than the case that each mobile terminal receives multiple contents separately and mixes them by itself.

(54) Possibility of an Image-Based One-Time Authentication Scheme Using Mnemonics

Qiang xu (Faculty of Informatics, Shizuoka University)
Masakatsu Nishigaki (Faculty of Informatics, Shizuoka University)

Password is widely used in all kinds of authentication, but the conventional password systems are vulnerable against single or multiple observation attacks. To cope with multiple observation attacks, we have to expand them to one-time password authentication schemes. However, users cannot remember one-time random strings (passwords). Therefore, this paper proposes to help improve user's memory by using image-based authentication schemes with mnemonics. Here, we carry out some basic experiments to evaluate the possibility of the proposed image-based one-time authentication scheme.

(55) A user authentication method for TabletPC with Hand-written Symbols

Hiroaki Sanada (Graduate School of Science and Engineering Saga University)
Hiroshi Douzono (Graduate School of Science and Engineering Saga University)

RecentlyIt came often to hear of the news of irregular access to the computer system. The information security technology develops rapidly to deal with these, and the development doesn't overtake the current state either. The security technologies are not untilized enough because of poor convenience of themselves. We proposes the security technology that uses handwritten symbols as improvement of the convenience of the security technology. In this paper, the pen pressure data for tracing the pre-setted symbols were sampled using TabletPC, the data were analyzed using Self Orgznizing Maps and the authentication experiments were made.

(56) Keyboard input timing analysis using self-organization maps

Atsushi Murakami, Hiroshi Douzono

Computer systems are used for almost all the fields of our life now. The secret data are facing the dangerous to be stolen, thus the security technologie becomes an important problem now. The password mechanism is used as the main method of the user authentication of the computer systems, however, the the passwords may be hacked by irregular users moreover, it can share intentionally in a group, so safety of the password is inadequate. Then, to take the place of the password mechanism, a biometric authentication is used. In this research, the personal authentication method which uses the timing of keyboard input as a biometric authentication is proposed and the timing is analyzed using self organizing maps.

---

[home]