22th CSEC Group Meeting

July 17, 2003
July 18, 2003



22th CSEC Group Meeting Program
(1) A New Two Pass Diffie-Hellman Protocol with Key Confirmation
Alireza NEMANEYPOUR (Graduate School of Information Systems, University of Electro-Communications)
Hajime ISHIHARA (Graduate School of Information Systems, Japan Advanced Institute of Science and Technology)
Toshihiko KATO (Graduate School of Information Systems, University of Electro-Communications)
Shuichi ITHO (Graduate School of Information Systems, University of Electro-Communications)

This research proposes a new AKC Protocol. The protocol, which is based on Diffie-Hellman Problem, is a two-pass protocol and has many of desirable security attributes. This research also follows up AK protocols which are grounded in the two-pass key agreement. Our research focuses on the developing of a protocol by which users can confirm whether they possess a valid shared key in an insecure network, with two passes, which is smaller than conventional AKC protocols.

(2) Rabin Tree and its Application to Broadcast Encryption

This paper presents a key management scheme based on Rabin public-key cryptosystem, which minimizes a number of secret key at recipient. A probability that a given random root key would succeed to have a full Rabin tree with 2n-i nodes is proved to be exponential to the number of users n. An application to broad cast encryption which allows excluding faulty recipients is proposed.

(3) Analysis of Double Block Length Hash Functions
Mitsuhiro HATTORI (Graduate School of Informatics, Kyoto University)
Shoichi HIROSE (Graduate School of Informatics, Kyoto University)
Susumu YOSHIDA (Graduate School of Informatics, Kyoto University)

The security of double block length hash functions and their compression functions is analyzed in this paper. First, the analysis of double block length hash functions by Satoh, Haga, and Kurosawa are investigated. The focus of this investigation is their analysis of the double block length hash functions with the rate 1 whose compression function consist of a block cipher with the sky twice longer than the plaintext/ciphertext. It is shown that there exists a case uncovered by their analysis. Second, the compression functions are analyzed with which secure double block length hash functions may be constructed. The analysis shows that these compression functions are at most as secure as the compression functions of single block length hash functions.

(4) Method of the generating pseudorandom numbers composed of one-way functionality of A non-linear mapping in the limit precision
Eiji Watanabe

A research team of the author has been exploring an operation method in the limit precision of a non-liner mapping, and discovered a relationship of computational difficulty between mapping functions of two kinds. This computational difficulty is characterized with that one-way functionality is related to probabilistic events but never related with a specific function, to which such a theory [1][2] is also never applicable that a pseudorandom generator is made of any one-way function. Another method of iteration operation has been researched in order to break through it, which leads to the new iteration operation on the paradigm of this computational difficulty, that is our pseudorandom generator to be reported here. It is difficult from those pseudorandom numbers to seek the initial value or a seed of every computational step by means of any computational power. Consequently, the pseudo-randomness features Computationally unpredictable. Its generating speed of 256bit random number attains 7800 numbers/second in PC of P2-266Mhz, which software is offered as Pad Calculation Software.

(5) A new deduction system for cryptographic primitives and their security properties
Ashraf Moustafa BHERY (Tokyo Institute of Technology, Graduate School of Information Science and Engineering,Department of Computer Science.)
Shigeki HAGIHARA (Tokyo Institute of Technology, Graduate School of Information Science and Engineering,Department of Computer Science.)
Naoki YONEZAKI (Tokyo Institute of Technology, Graduate School of Information Science and Engineering,Department of Computer Science.)

The characterization and security properties of cryptographic primitives such as asymmetric encryption schemes have been well developed using the notions of probability and complexity theory. In this paper, we propose a new deduction system called the JDE-system which can be used to formalize an idealized asymmetric encryption scheme. In our system, deductive reasoning is used to identify similar security properties of different asymmetric encryption scheme. New functions are introduced for describing several security properties. For example, by using the function 'content-of' ,we can provide a sufficient set of inference rules that are used to formalize facts such as "without seeing the content of ciphertexts, an attacker has the opportunity to see whether two different ciphertexts have the same content" . We use the notion of "Judgement" in our JDE-system. Conversely, we also introduce the notion of "Unjudgment" as a property of JDE-system. By using these notions, we can define the content-indistinguishability, key- indestinguishabilty, content-non-malleability, and key-non-malleability of asymmetric encryption schemes. A proof is given showing the sufficient conditions for these security properties. We also clarify the relationships that exist between these security properties. Two new security properties that we call key-non-malleability, and content-length- non-malleability are proven using the JDE-system. The JDE-system identifies all of the procedures that an attacker could employ. In this sense, the JDE-system is a completely intuitionistic axiomatic realization of an encryption scheme.

(6) Research on the applications of Register Blocking Technique and Carry Save Technique to Ohta Method
ZHENG Chuyu (Graduate School of Information Science and Engineering, Tokyo Institute of Technology)
Masataka OHTA (Graduate School of Information Science and Engineering, Tokyo Institute of Technology)
Kiyomichi ARAKI (Graduate School of Science and Engineering, Tokyo Institute Technology)

Carry save technique, which delays propagations of carries, is a classical technique for fast hardware multiplication and register blocking technique is a efficient coding technique for matrix multiply, both of which was shown by Ohta to be applicable to multiprecision multiplication. In this paper, effectiveness of carry save and register blocking techniques for Ohta Multiplication, which is a modular multiplication using multiprecision multiplications, is compared against Montgomery Multiplication with most efficient coding known so far on Intel Pentium4(1.8GHz) processor. For 220bits of modular multiplication coded with C, Ohta Multiplication and Montogomery one take 1.74µs and 1.79µs, correspondingly, that Ohta Multiplication is about 3% faster than Montogomery one. The program is expected to be applicable to computations of public key cryptography, esiecially Elliptic one.

(7) EUROCRYPT 2003 Report
Shiho MORIAI (Sony Computer Entertainment Inc.)
Akira OTSUKA (IT Security Center, IPA)
Hideki IMAI (Institute of Industrial Science, the University of Tokyo)

This paper reports on EUROCRYPT 2003, sponsored by the IACR, the International Association for Cryptologic Research. This conference was held in Warsaw, Poland, in May, 2003.

(8) Enhancement of the DNA Ink Reliability, Confidentiality and Integrity
Hisao ITO

An ink containing synthetic DNA for person identification will enable the manufacturing of writing utensils or authentication stamp mark sealed on the expensive goods. This paper reports the considerations and tests abut the enhancement of the DNA ink reliability, confidentiality and integrity. The authors have devised a process utilizing synthetic DNA, as an effective method of privacy protection, in which personspecific information is separated from DNA to produce a DNA personal ID using a one-way function.

(9) Digital Document Sanitizing Problem
Kunihiko MIYAZAKI (Graduate School of Information Science and Technology, The University of Tokyo)
Seiichi SUSAKI (Graduate School of Environment and Information Sciences, Yokohama National University)
Mitsuru IWAMURA (Graduate School of Asia-Pacific Studies, Waseda University)
Tsutomu Matsumoto (Graduate School of Environment and Information Sciences, Yokohama National University)
Ryoichi SASAKI (Faculty of Engineering, Tokyo Denki University)
Hiroshi YOSHIURA (University of Electro-Communications)

Digital signature does not allow any alteration of the document. However "appropriate" alteration should be allowed for some signed document because of other security requirements etc. Disclosure of official information is a typical example of this. Sensitive information such as private information should be sanitized from the original digitally signed document when it is disclosed. "Digital document sanitizing problem" is the problem that signed document cannot be verified if some part of the signed document is concealed. In this paper, we propose new digital signature techniques which can solve digital document sanitizing problem.

(10) Consideration of a digital document protection scheme to specify the malicious entity between the two
Haruki OTA (KDDI R&D Laboratories, Inc.)
Yasuyuki WATANABE (KDDI R&D Laboratories, Inc.)
Koji NAKAO (KDDI R&D Laboratories, Inc.)

On the assumption that a sender and a receiver are both possible to alter the document, which is exchanged between the communication entities, it is difficult to specify who is the malicious entity when it is failed to verify the signature of the document. To solve the problem under the above situation, we clarify the conditions and requirements to specify the malicious entity, and propose a new digital document protection scheme as the solution by means of Trusted Third Party. Further, this proposed scheme can be realized by the existing TTP protocol, so-called Simple Timestamp Protocol (IETF RFC 3161), with some additional considerations.

(11) Proposal and evaluation of hysteresis signature system with paper document
Mitsuaki Shinoda (Tokyo Denki University)
Yusuke Ueda (Tokyo Denki University)
Ryoichi Sasak (Tokyo Denki University)

Progress of electronic commerce or the electronic government have lead, the necessity of using and keeping a digital signature document in the long run is increasing. The hysteresis signature has been devised as one the signature technology which can keep the proof nature of a digital signature long-team. However, although the system using a specific third party is examined, the hysteresis signature system which does not use a third party is not examined concretely. Then, in this report, the exchange by the paper document already realized as part of the business of modem society is taken in to a system, and the proposal and evaluation of a hysteresis signature system which do not use a specific third party are performed.

(12) XML Access Control Using Static Analysis
Makoto MURATA (IBM Japan, CO., Ltd.)
Akihiko TOZAWA (IBM Japan, CO., Ltd.)
Michiharu KUDO (IBM Japan, CO., Ltd.)
Satoshi HADA (IBM Japan, CO., Ltd.)

Access control policies for XML database typically use regular path expressions such as XPath for specifying the objects to be accessed. However such access control policies are burdens to XQuery engines. To relieve this burden, we introduce static analysis for XML access control. Given an access control policy, query expression, and an optional schema, static analysis determines if this query expression is guaranteed not to access elements or attributes that are permitted by the schema but hidden by the access control policy. Static analysis can be performed without evaluating any query expression against an actual database. Run-time checking is required only when static analysis is unable to determine whether to grant or deny access requests. We have built a prototype of static analysis for WQuery, and shown the effectiveness through experiments.

(13) Anomaly-based intrusion detection and prevention by semantic evaluation of HTTP requests
Toru KONNO (Advanced technology development group, platform solutions division, TOSHIBA Corporation e-Solution Company)
Masamichi TAKEOKA (Advanced technology development group, platform solutions division, TOSHIBA Corporation e-Solution Company)

We implemented anomaly intrusion detection/prevention system which detects semantic anomaly in HTTP requests to web servers The system parses HTTP requests, evaluates each of the semantically separated elements by the length, or the number of included specific characters, and calculates the means and the variances of those evaluated values. To detect/prevent anomaly HTTP requests, the system discriminates amomaly by evaluated values of the syntactic elements. Experimentation shows that average true positive rate 92% and average false positive rate is 0.17%.

(14) The Secure SHell's Vulnerability against Rollback Attacks
Toshiyuki KITO (TOSHIBA Corporation)
Takamichi SAITO (Tokyo University)

SSH (Secure SHell) is widely used as a software which can realize secure communication over insecure networks. SSH provides the usage of various encryption algorithms and the ways of user authentications for the harmony with the system of the past version. Also SSH1 and SSH2 are often used as one system for compatibility. In the case, we show that even if a user utilizes SSH2, she/he is forced to utilize the SSH1, the most weekest encryption algorithm and the password authentication. Moreover, as a more serious defect, even if SSH client tries to use public key for authentication in SSH1 and SSH2, the intruder can force to use password for authentication, when the intruder does Rollback attack in the case that he masquerades as the mirror server of the authorized one, she/he is connected by SSH client and does MITM (man in the middle) attack deceiving the authorized one. And it is newly found that the intruder can illegally deprive of user's password. In this paper, two kinds, five Rollback attacks are shown.

(15) The Numerical Analysis of the Effect of Distributed active Firewall against SQL Slammer Worm Virus
Makoto SUGITA (NTT Network Innovation Laboratories, NTT Corporation)
Masaru KATAYAMA (NTT Network Innovation Laboratories, NTT Corporation)
Kohei SHIOMOTO (NTT Network Innovation Laboratories, NTT Corporation)
Kohei SHIOMOTO (NTT Network Innovation Laboratories, NTT Corporation)

We propose a new hierarchical band-restricted. one factor propagation model for the SQL Slammer Worm Virus. Since this model considers topology, traffic, and bandwidth. we can numerically analyze the effectiveness of various countermeasures as well as worm propagation characteristics. We also propose the distributed active firewall model as a countermeasures to the SQL Slammer Worm Virus. The novel feature of this model, compared to existing Intrusion Detection and Prevention (IDP) models. is its use of attack information advertising. This report provides a numerical analysis of the propagation of SQL Slammer Worn Virus based on our model and also evaluate the effectiveness of the distributed active firewall model. Our numerical analysis indicate that our model can simulate the real propagation characteristics of the SQL Slammer Worm, and that our distributed active firewall model retain more bandwidth than conventional IDP models.

(16) Unknown Virus Detection System using Virtual Network
Masakatu MORI

The spread of computer virus by E-mail is a social problem. In particular, unknown virus which can not be detected by a general virus detection scheme based on pattern matching tends to expand the damage. It is also necessary to find out a countermeasure against a metamorphic virus, which changes itself whenever it infects a computer, because a pattern matching-based virus detection scheme can not detect the virus. It is known that a dynamic heuristic scheme is effective to detect unknown or metamorphic viruses. In the scheme, after a doubtful target file is actually run on a computer and its behavior on the computer is monitored, we judge whether the file is a virus or not. In this paper, we propose a dynamic heuristic scheme-based system which runs a target file attached to E-mail on a virtual machine and a virtual network, and monitored its behavior pattern in the virtual environment. We describe an implementation of proposed system, and show some evaluation results.

(17) Cryptographic Memory System Get high with a little help from my kernel

Currently many practical protection mechanisms such as SSL, SSH, and IPSec are actively being deployed in the Internet. However, there're far less such practical mechanisms for the individual computer's internal execution environments. This paper proposes a "Cryptographic Memory System" , which aims at achieving the improvements over such internal execution environments.

(18) A method for extracting program fingerprints from Java class files
Haruaki TAMADA ()
Yuichiro KANZKI ()
Masahide NAKAMURA ()
Akito MONDEN ()
Ken-ichi MATSUMOTO ()

To support efficient detection of illegal theft for Java class files. This paper presents a new method to derive "program fingerprints" from given Java class files. For a given class file, the proposed method extracts unique property from the class file based on initial value assignments, the sequence of method calls the inheritance structure. By using the fingerprints, any Java class file can be easily distinguished from other class files. We evalute the proposed method by applying it to J2SDK SE 1.4.1_02. The experimental result shows that the proposed fingerprints can identify 99.94% of all the class files involved.

(19) A privacy-enhanced efficient group signature scheme

The concept of group signature allows a group member to sign messages anonymously on behalf of the group A group signature has a feature of Tracing, that is, the identity of a signer can be revealed by a designated entity in case of dispute. A number of group signature schemes have been proposed to-date and most of these used a membership certificate. In the certificate-based group signature scheme, it is necessary to revoke the revoked member's certificate. Ateniese and Tsudik [3] proposed Certificate Revocation List(CRL)-based revocation scheme, that is, in order to revoke a member from the group, a group manager adds commitment of revoked member's certificate to a CRL, and a signer attaches a commitment of his/her membership certificate. In the verification, a verifier checks whether or not the CRL includes the commitment of signer's membership certificate. In the previous group signature scheme [12], a group manager knows each member's membership certificate and he can compute a commitment of a member's certificate. Therefore, he can reveal the signer's identity even if he does not tun the Tracing protocol and thus the CRL-based revocation scheme does not realize the feature of anonymity to the group manager. In this paper, we propose a privacy enhanced group signature scheme which realizes the feature of anonymity to the group manager.

(20) A Digital Signature Scheme That Can Detect the Compromise of Signing Ability
Makiko UEYAMA (Graduate School of Environment and Information Sciences, Yokohama National University)
Junii SHIKATA (Graduate School of Environment and Information Sciences, Yokohama National University)
Tsutomu MATSUMOTO (Graduate School of Environment and Information Sciences, Yokohama National University)

The measures against compromise of signing ability are becoming important with the rise of the demand for the digital signature technology. As measures against the exposure of the signing key which is one of the cases of the compromise of signing ability, several signature schemes such as Forward-Secure Digital Signature and Hysteresis signature were proposed. However, even if the legitimate signer uses those measures, without a discovery of the forged signature or the inquiry from the verification process he cannot notice the fact that his signing key has been exposed. Therefore, a safety measure after the exposure of signing key would be delayed. which may lead to a more serious damage. In this paper, to reduce the damage after the exposure of signing key, we propose a digital signature scheme that can detect the compromise of signing ability at the early stage. By using this scheme, we can reduce the damage caused by exposure of signing key.

(21) Proposal of "just" k-out-of-n signatures

In this paper, we propose new k-out-of-n signature schemes. As far the knowledge of authors, all the previous schemes are "at least" k-out-of-n signatures. This means that in the signature system, at least k persons agree on the message to be signed. More concretely, we propose "just" k-out-of-n signature schemes. To achieve such features, we explicitly use symmetric-key cryptosystems in our proposed schemes. As for the paper's outline, propose both "at least" and "just" schemes by using previous 1-out-of-n schemes.

(22) Provable security of RSA signature schemes with message-dependant exponents
Takahiro FURUE (Graduate School of Environment and Information Sciences, Yokohama National University)
Takenobu SEITO (Graduate School of Environment and Information Sciences, Yokohama National University)
Junji SHIKATA (Graduate School of Environment and Information Sciences, Yokohama National University)
Tsutomu MATSUMOTO (Graduate School of Environment and Information Sciences, Yokohama National University)

In this paper, we address the RSA signature schemes with message-dependant exponents proposed by de Jonge and Chaum. In de Jonge and Chaum's paper, three signature schemes were proposed, and we call them JC1 signature scheme, JC2 signature scheme and JC3 signature scheme, respectively, in this paper. In this paper, we reconsider the chosen message attack for JC3 signature scheme proposed by Michels, Stadler and Sun, and show that a chosen message attack for JC3 signature scheme is still valid even if the number of queries by an adversary is reduced. Also, in this paper we provable secure signature schemes based on JC1 and JC3 signatures

(23) On-Line Signature Verification Method Based on Discrete Wavelet Transform
Isao NAKANISHI (Faculty of Education and Regional Sciences, Tottori University)
Naoto NISHIGUCHI (Faculty of Engineering, Tottori University)
Yoshio ITOH (Faculty of Engineering, Tottori University)
Yutaka FUKUI (Faculty of Engineering, Tottori University)

On-line signature verification method based on the Discrete Wavelet Transform (DWT) is presented. Time-varying pen-position signal of the on-line signature is decomposed into sub-band signals by using the DWT. individual features are extracted as high frequency components in the sub-band decomposition; therefore, this makes the difference between the genuine signature and its forgery more obviously. However, there is fluctuation in the number of strokes even in the genuine signature. In this paper, we introduce the Dynamic Programming (DP) matching to suppress such fluctuation in the number of strokes. Also, we propose a verification method utilizing the adaptive algorithm. The verification is achieved by whether the adaptive weight converges on 1 or not since the error between the input and desire signal is decreased when the input is of the genuine signature . However, the convergence characteristic depends on the step size parameter of the adaptive algorithm. Therefore, the normalized step size parameter by the signal power of the input signature is introduced to guarantee the convergence. The results of verification show that The equal error rate of about 11%, that is, the verification rate of 90% is accomplished even when a writer is not permitted to refer his/her own signature and the forgery can trace the genuine signature.

(24) Volume of Communications Necessary for Certificate Revocation in PKI Estimated Based on Probability Theory
Naoki TANAKA (Sony Corporation)
Yoichiro IINO (Sony Corporation)

In Public Key Infrastructure(PKI), it is proposed that a verifier checks a validity of certificate by certificate Revocation Lists (CRLs). Each CRL includes revocation statuses of certificates for a part of entities. A verifier obtains only a necessary part of CRLs and, by preserving a CRL once obtained, a verifier not obtain the same one more than once.therefore CRL is expected to reduce the volume of communications necessary for certificate revocation. In this paper, for full-CRL and DELTA-CRL methods, we take into account the fact that one CRL is obtained by one verifier at most once and we derive the volume of communications necessary for certificate revocation based on probability theory. The result shows that, unless the frequency of authentications is sufficiently low compared to that of CRL issuances, the effect that a verifier obtains only a necessary part of CRLs is irrelevant to reduce the volume of communications. furthermore, for the DELTA-CRL method, it is proved that there exists an optimal ratio between a frequency of BaseCRL issuances and frequency of DELTA-CRL issuances independent of the number of CAs if the frequency of authentications is high enough.

(25) A report on 2nd annual PKI research workshop
Satoshi KOGA (Graduate School of Information Science and Electrical Engineering, Kyushu University)
Kouichi SAKURAI (Faculty of Information Science and Electrical Engineering, Kyusyu University)

This paper reports the 2nd annual PKI Research Workshop held on April 28-29th, 2003 in NIST.

(26) A Personal of providering model for network resources over the ubiquitous environment
Michiko IZUMI (Graduate School of information Science, Nara Institure of Sicience and Technology)
Naoto MORISHIMA (Digital Library R&D Division, Nara Institute of Science and Technology)
Hideki SUNAHARA (Information Technology Center, Nara Institute of Science and Technology)

With the ralidly evolution of computing and wireless technologies, there are a variety patterns of the way to connect to the Internet. Mobile users will be to access the Internet via multipul wireless networks and they will also have to choose pricing options, routes on the Internet, QoS, and security lebels. In this paper, we proposed a resource providing model based on some certificates brought with users over the ubiquitous environment. This model has intended to design to adapt to user preference seamlessly, in which network protocols, service, and applications are integrated to provide the optimal solution.

(27) Users Privacy in Ubiquitous Network: Anonymous Communication Technique for Ad Hoc Network
TAKUYA OTSUKA (NTT Microsystem Integration Laboratories)
AKIRA ONOZAWA (NTT Microsystem Integration Laboratories)

As it is a common assumption in most of the research on the ubiquitous computing environment that the computing environment retrieves user context information to adapt its behavior to user demands, the issues on user privacy draws more attention. In this paper, we analyze the typical procedure of user context retrieval by the ubiquitous computing environment and propose the anonymous communication technique that hides communication messages amongst query messages. The sender can anonymously provide his context information under the traffic analysis by a attacker monitoring the sender.

(28) Current Topics on PKI Technologies for Mobile Commerce - Activities on Authentication WG,MC committee, mITF -
Toshiaki TANAKA (KDDIR&DLabs.Inc)
Kimihiko SEKINO (NTTDoCoMo)
Hitoshi KIKUCHI (J-PHONECo.,Ltd)
Katsuyuki UMEZAWA (Hitachi,Ltd.,Systems development Laboratory)

Aiming at the penetration mobile commerce into mass market, its service are to be secure and usable. public key infrastructure (PKI) is considered as one of the promising technology for the provision of such secure mobile is further necessary to verify its applicability from the viewpoint of mobile environments and real payment models. Accordingly, this paper clarifies and discusses the issues when applying PKI to mobile commerce, those are mainly from the result of the study on Authentication WG, MC Committee of mITF.

(29) Secure Anonymous Buyer-Seller Watermarking Protocol Against Conspiracy Attack
Jae-Gwi Choi
Kouichi Sakurai

Copyright marking schemes are techniques applied to protect the copyright on digital contents. They are the embedding of marks into digital contents that can later be identify owners (watermarking)or recipients (fingerprinting) of the content. Anonymous buyer-seller watermarking protocol allows the buyers to purchase watermarked contents anonymously. However, on illegal redistribution the anonymity can be revoked. In this paper we show serious shortcomings of recent proposals on anonymous buyer-seller watermarking protocol. The problem is that it allows the seller to cheat honest buyers. Thus, if another copy with specific watermark turns up, one cannot assign responsibility to one of the buyer and the seller. In this paper, we present secure buyer-seller watermarking protocol using commutative cryptosystems, which prevents the buyer from cheating honest buyers.

(30) Implementation and Evaluation of Illegal Copy Protection for Digital Contents
Masaki INAMURA (KDDI R&D Laboratories Inc.)
Toshiaki TANAKA (KDDI R&D Laboratories Inc.)

We Propose a new method of illegal copy protection, which allows private copies to arbitrary terminals with in the limited times, and requires no secure hardwere. In this paper, we implement the proposed method and evaluate whether our method is feasible from the viewpoint of security and performance.

(31) A Fragile Watermarking Method for MPEG Video
Hisashi INOUE
Masataka EJIMA

We propose a fragile watermarking method for detecting alteration in MPEG video. This method makes it possible do detect alteration both on the temporal domain, e.g. frame-base editing, and on the spatial domain. In this paper, we consider this method from the point of view of detection accuracy and security. Furthermore we show the validity of this method.

(32) Analysis of validity on Two Layer Digital Watermarking
Saneyuki ISHII (Tokyo Denki University)
Hiroshi KASHIMURA ()
Ryoichi SASAKI (Tokyo Denki University)
Hiroshi YOSHIURA (Denki Tushin University)
Isao ECHIZEN (Hitachi, Ltd.)
Shinji ITO (Hitachi, Ltd.)

Various digital-watermarking methods have been proposed now. It is difficult to select one standard methods from a viewpoint of the diversity a user's needs. As the solution, we propose two layer digital-watermarking system as technology which can use many digital-watermarking systems proposed now, and can perform effective processing. This system consists of two type of watermarks, 'a real watermark' which actually embeds digital-watermarking information, and 'a meta-watermark' which embeds the number of the digital-watermarking system used for the real watermark, this study shows the validity of two layer digital-watermarking system through comparison processing time with processing by round robin, and the rate of un-detecting.

(33) A Note on Collusion Security of Codes
Katsunari YOSHIOKA (Garaduate School of Environment and Information Sciences, Yokohama National University)
Junji SHIKATA (Garaduate School of Environment and Information Sciences, Yokohama National University)
Tsutomu MATSUMOTO (Garaduate School of Environment and Information Sciences, Yokohama National University)

Fingerprinting, such as watermarking for digital contents or traitor tracing scheme for decoders of broadcast encryption, is a technique to add IDs to each copy of digital data in order to control their distribution. Collusion attacks, in which the attackers collect two or more fingerprinted data and compare them in order to detect and alter the assigned IDs, are considered to be a threat for the fingerprinting system. Therefore, several collusion secure codes, such as c-frameproof code, c-secure frameproof code and c-identifiable parent property code, have been proposed with the aim of enhancing collusion security to the system such as frameproof properties and traceability. Here, c-indicates the aim maximum number of colluding users. However, the combinatorial conditions for these codes are rather harsh so that the constructions are complicated and the length of them may not be practical. In this paper, we relax the definitions of the collusion security for c-frameproof code, c-secure frameproof code and c-identifying parent property code, respectively. We then estimate the probability that randomly generated codes satisfy our relaxed condition derived from c-frameproof code. A numerical experiment is also done in order to support the adequacy of the estimation.

(34) A Proposal of P2P Credential Framework
Nobutaka KAWAGUCHI (Faculty of Science and Technology, keio University)
Naohiro OBATA (Faculty of Science and Technology, keio University)
Reina MIYAJI (Faculty of Science and Technology, keio University)
Shintaro UEDA (Faculty of Science and Technology, keio University)
Hiroshi SHIGENO (Faculty of Science and Technology, keio University)
Kenichi OKADA (Faculty of Science and Technology, keio University)

Credential is a digital value as typified by digital money and digital ticket. In this paper, we propose a P2P credential framework for the use of various type credentials for online and offline. Additionally, we provide a community framework to delegate credential securely online..

(35) A modeling of security measure selection problem
Toshiyuki HYODO (Graduate school of Information, Shizuoka University)
Itsukazu NAKAMURA (Faculty of Information, Shizuoka University)
Masakatsu NISHIGAKI (Security Business Division, NTTData Corp.)
Masakazu SOGA (Faculty of Software and Information Iwate, Prefectural University)

Recently, information security management in many organizations is carried out based on a Information Security Policy. However, no effective method of selecting the optimum security measures has established yet. Hence, a security measures selection is now greatly dependent on the knowledge/experience of a system designer, and the objective evaluation of appropriateness of the selected security measures is impossible. To cope with the inconvenience, this paper shows a formulation of problem for selecting security measures.

(36) Configuration Tool of File Access Control Policy for Client
Satoshi KAI (Hitachi, Ltd., Systems Development Laboratory)
Masato ARAI (Hitachi, Ltd., Systems Development Laboratory)
Yasuhiko NAGAI (Hitachi, Ltd., Systems Development Laboratory)
Satoru TOMIDA (Hitachi, Ltd., Mechatronics Systems Division)

In enterprise network, clients as well as servers hold informational assets. We focused on problems caused by intrusion into servers, and proposed the access control system (IRACS:Intrusion Resistant Access Control System) which can protect informational assets even if intrusion occurred. On the other hand, informational assets on clients also can be caused by illegal programs to be altered and leaked. But we use clients for all-round, so it is difficult to define an appropriate access control policy for clients and to apply IRACS to clients. We describe what access control policy is suitable for clients, and the policy configuration tool which simplifies setting of the above-mentioned policy.

(37) A proposal of a security audit system for home users based on international standards
Guillermo RAMIREZ (Graduate School of Engineering, Soka University)
Yoshimi TESHIGAWARA (Graduate School of Engineering, Soka University)

The security information at home can understood like the capacity of Information systems to resist, with Evaluation Assurance levels (EAL) as defined in international standards, all the accidents or deliberate actions. These put in danger of the availability, integrity, and, confidentiality of the stored or transmitted data and the corresponding services that these network and systems offer or make accessible. In this paper, we propose a protection profile for home users based on the international standard ISO 15408 because we can understand basic security issues for each home IT environment. When we recognize threats of the environment, we are to make a correct security policy for assurance of IT environment of each home user. In order to describe a protection profile for home users, we make a survey for home user security by asking questionnaires to 100 home users in Japan and Argentina, respectively. This study demonstrates to display a detail of the most common threats to the information systems and creates a knowledge base to a identify the of information system environment and be able to select an appropriate security policy in response to home user environment based on international standards, including ISO 15408.

(38) Study of Security Information Distribution with RDF Site Summary
Masato Terada (System Development Laboratory, Hitachi Ltd.)
Norihisa Doi (Faculty of Science and Engineering, Chuo University.)

The security information is distributed as Web page information on HTML base. In order to re-construct the information and perform correlation between the collected information, it is necessary to improve the security information proving environment. This paper described the overview of the distribution of the security information using RSS which provides lists such as the title and a summary.


Valid HTML 4.01! Valid CSS!