The Information Security Promotion Agency (ISPA), Nagoya University was established in November, 2003. It is an expert group of information security and technology operating as promptly and actively as possible to respond information security incidents. There are two missions in ISPA. One is to engage in educational activities on information security for all members in Nagoya University. The other is to respond information security incidents as promptly and actively. In this report, we describe information security training, building of information security incident database, investigation of wireless LAN and information security audit. We also report security incidents which occur in our university.
(2) Semi-Formal Software Design for Secure Coding
KIMIO KURAMITSU (Graduate School of Engineering Yokohama National University) TADASHI MURAKAMI (High Energy Accelerator Research Organization)
Software vulnerabilities are a problem that the developers should treat with software lifecycle, including design, coding and testing. We use a semi-formal design model to define secure software behaviors. The paper will discuss how our model available is in terms of secure programming and software assurance.
(3) A VLSI Design of Mersenne Twister
Shingo WATANABE Koki ABE
There are many applications including Monte Carlo simulation and stream ciphers, where a large number of psudo-random numbers are required to be generated at high speed. Among known algorithms for generating psudo-random numbers such as Linear Feedback Shift Register(LFSR) and Linear Congruential Generator(LCG), the Mersenne Twister has long-period cycle with excellent randomness. We focus on its intrinsic characteristics that many independent computations exist in the Mersenne Twister algorithm and thus a high degree of parallelism is expected to be utilized in hardware realization of the algorithm. In this paper, we describe a VLSI design of Mersenne Twister and evaluate the design with respect to the performance and area costs when increasing the degree of parallelism. Using CMOS 0.18um technology, a throughput of 568.18GBytes/s was obtained by fully exploiting the parallelism at the area cost of 5.537mm2. The speed was more than 630 times faster than software implementation of the algorithm.
(4) Evaluation of a TCP Connection Scheme for cloaking services
UMESAWA Kentaro TAKAHASHI Toshinari
Fixing software vulnerabilities which are exploitable via a network is one of the urgency for system administrators. But it is often hard to fix software vulnerabilities timely, because there are a lot of administrative problems in systems operation area and some of vulnerabilities don't have programs to fix it at that time. To solve this problem, we have developed TAP (Tcp layer Application Protector) which prevents attackers from establishing TCP connections with an authentication mechanism at TCP layer. In this paper, we prove effectiveness of the method by measuring a network and anti-DoS performance.
(5) Implementation and Evaluation of Anonymous Networks with a Robust Anonymity Revocation Scheme
Koji Chida (NTT Information Sharing Platform Laboratories) Teruyuki Komiya (NTT Information Sharing Platform Laboratories) Osamu Shionoiri (NTT Information Sharing Platform Laboratories) Atsushi Kanai (NTT Information Sharing Platform Laboratories)
This paper reports on implementation results of an anonymous network with a robust anonymity revocation scheme, which was proposed by our group last year. There was a problem on practical use in the proposed method that the entire communication cost has increased in proportion to the number of relay anonymous proxies. Then, the feasibility of the proposed method was verified by implementing the method for constructing anonymous and reliable Web services.
(6) On Public-key Broadcast Encryption
Broadcast Encryption (BE) gives a way to distribute digital contents to subscribers by using an open broadcast channel, in which a set of privileged users may be changed by each digital content.We focus on the public-key BE for stateless recivers, in which each user is given a fixed set of keys beforehand and keeps using it to decrypt broadcasted contents through the lifetime of the system; any contents provider including the center can broadcast contents safely by using the same setting and instruments; and the security of system is no longer compromised by exposures of secret keys stored by providers.The stateless receivers are natural setting for application such as DVD decorder, etc. An efficient method, called subset difference broadcast encyrption(SDBE), for realizing this setting was proposed.The public-key setting is also convenient and flexible for an open network although many recent works of BE for stateless receivers,including SDBE, are based on a symmetric key encryption.Recently, the public-keySDBE is proposed by using a hierarchical ID-based encryption (HIBE). HIBE can translate the symmetric-key SDBE to the public-key version faithfully and, thus, the transmission rate or the user secret key size of the public-key is at most that of the symmetric-key SDBE.In this paper, we introduce a feature of "designated ancestor " to HIBE and the simplified version, the binary tree encryption (BTE),and apply BTE with a designated ancestor for the public-key SDBE.As a result, BTE with a designated ancestor realizes the public-key SDBE more suitably than the previous approach.
(7) [Special Session] Network Intrusion Detection System
(8) Speed-Up by Adapting Stream Cipher and an Improvement of Usability for OpenVPN
Hiromi MOTOIE (Department of Information Science and Intelligent System The University Tokushima) Toshihiro OHIGASHI (Department of Information Science and Intelligent System The University Tokushima) Yoshiaki SHIRAISHI (Department of Informatics Kinki University) Masakatu MORII (Department of Electrical and Electronics Engineering Kobe University)
Virtual Private Network (VPN) is a technology to construct a private network over public networks.Software-based VPN products are popular, because they don't need any appliance. OpenVPN is one of the most popular software-based VPN products and has high flexibility. However, the usability of OpenVPN is not so high because its setting requires expert knowledge of VPN. Additionally, the throughput decreases by the overhead of encryption because the encryption time of block cipher is large. This paper presents a method to improve the usability. A client can set VPN up on a VPN setting server without expert knowledge. In addition, we demonstrate that the overhead of the encryption is reduced by adapting software-oriented stream ciphers.
(9) An Evaluation of Systems of Time Distribution using Time Evidence on The Internet
Time Authority (TA) audits a local clock of Time-Stamping Authority (TSA) in order to detect tampering of time. It is difficult to verify audit logs of local time after audit of local time of TSA. Then we propose a method of detecting time tampering by checking TSA by TA. The method is described as "A Method of Time Certification using Time Evidence" . Because there is the network delay and the time offset between TA and TSA in the internet, the check may fail. In this paper, we construct a time distribution system using Time Evidence on the internet, and we get an ideal interval between checks. We know that it is available to detect tampering of time by using Time Evidence if the interval between checks are set as ideal values.
(10) A Single One-Time Password Method Usable by Multi-Authentication Agents
Kenji UO (Dept. of Info. Sci. and Intell. Sys. The University of Tokushima) Toshihiro OHIGASHI (Dept. of Info. Sci. and Intell. Sys. The University of Tokushima) Yoshiaki SHIRAISHI (Department of Informatics Kinki University) Masakatu MORII (Department of Electrical and Electronics Engineering Kobe University)
One-Time Password (OTP) method is a secure password-based authentication method by changing password in each session.A lot of OTP methods have been proposed, but most methods don't consider use of multi-authentication agents.The authorization model using multi-authentication agents achieves high usability and scalability. In this paper, we propose a single OTP method usable by multi-authentication agents. The proposed method can protect secret information of user from not only unknown opponents but also agents and other users. Additionally, the proposed method has high scalability because of independence of user from agent.
(11) The proposal of the payment system on the client for network connection service
Reiko Hoshino Hiroshi Aono Sadayuki Hongo
Recently, a variety of network technology such as ad-hoc network and wireless LAN has been invented and available. To be able to charge for network connection service, it is necessary that the users subscribe to each network connection service provider. They cannot be charged and pay seamlessly. In this paper we propose the charging system on the client without subscription by inseparable processing of network service and charging, and describe an implementation and an evaluation of it.