35th CSEC Group Meeting

December 08, 2006

Tokyo University of Technology (Tokyo)


35th CSEC Group Meeting Program
(1) The Threat on PKCS#1v1.5 Signature Implementation Vulnerability
AkiraKANAOKA (IS Laboratory, SECOM Co.,Ltd.)
Koichi SUGIMOTO (Secom Trust Systems Co.,Ltd. SC Center)

Bleichenbacher showed that some PKCS#lvl.5 signature implemantation has vulnerability at CRYPTO 2006 Rump Session. That vulnerability enable PKCS#15vl.5 signature forgery without private key under some conditions. Though Bleichenbacher also showed some conditions to attack, there are more detailed one. In this paper, I will show more detailed conditions and consider real threat on that vulnerability.

(2) Implement of personal authentication system based on grasping characteristics
Katsunori Sato (Graduate school of software and information science, Iwate prefectural university)
Kiwamu Sato (Iwate prefectural university of software and information science)
Naoto Ogasawara (Iwate prefectural university of software and information science)
Hiroshi Nunokawa (Iwate prefectural university of software and information science)

This paper proposes a personal authentication system based on grasping characteristics. This system can get data of grasp that are pressure distribution and transition at time of pressure change when user grasp input device that are sixteen pressure sensors are connected. This report, formulates possibility of personal authentication system based on grasping characteristics. It proposes practical personal authentication system based on grasping characteristics, and formulates result of the experiment

(3) A method of detecting Bot infection using Botnet C&C server domain name

Recently, Bot which is a kind of computer virus becomes a big problem, that is to form a network around the C&C server by which Bot infection computer relays the attacker's instruction, and to receive the instruction of the attacker. Every Bot program has a lot of open source on the Internet, and can make the subspecies easily by using it. Therefore, making the pattern file of virus doesn't catch up, and the detection of the Bot is difficult through the anti virus software of the signature match type. The research on the detection method using the Bot behavior is a main stream. In this paper, we propose the method of detecting Bot by using behavior that Bot make a query to the DNS asking FQDN of the C&C server.

(4) Efficient Implementation of Pairing Computation on Mobile Phones using BREW
Motoi Yoshitomi (Future University -Hakodate, School of System Information Science)
Tsuyoshi Takagi (Future University -Hakodate, School of System Information Science)
Shinsaku Kiyomoto (KDDI R&D Laboratories Inc)
Toshiaki Tanaka (KDDI R&D Laboratories Inc)

Pairing based cryptosystems can accomplish novel security applications such as ID-based encryption etc. which have not been constructed without pairing. The processing speed of pairing based cryptosystems is relatively slow compared with the other conventional public key cryptosystems. However, several efficient algorithms for computing the pairing functions have been proposed, namely Duursma-Lee algorithm and its variant ryr pairing. In this paper, we present an efficient implementation of the pairing function over some mobile phones, and examine the feasibility of the pairing based cryptosystems on ubiquitous devices. Indeed the processing speed of our implementation in BREW on au W41T and W41H achieves under 100 milliseconds using the supersingular curve over F397. It has become fast enough for implementing security applications using the pairing function on mobile phones.

(5) A Method of Accelerating Operations of RSA within Software on a Cellular Phone
Motoki Komaba (Tokyo University of Technology School of Computer Science)
Ryuya Uda ( Tokyo University of Technology School of Computer Science)

The aim of the study is realizing calculation of RSA ayptosystem widiin software on a cellular phone using i-appli which is created with Java program. Authentication mechanism which is based on PKI is implemented within hardware in a newest cellular phone device. However, the authentication is limited to the infrastructure of the communication carrier. Therefore, in this study, we realize a calculation of public-key cryptosystem within software on a cellular phone, applying Java cryptosystem library provided by bouncy castle to DoJa specification. Moreover, analysis of calculation process of the cryptosystem and improvement ofbottleneck lead to the realization of the accelerating operations.

(6) A User Authentication System for Web Sites Using Cellular Phone
Hidetaka Toda (Tokyo University of Technology School of Computer Science)
Ryuya Uda (Tokyo University of Technology School of Computer Science)

In this paper, we propose a user authentication system for web sites using cellular phones and digital signature method. The most of existing authentication systems use IDs and passwords to authenticate users. However, the popularization of the internet has brought the creation of various attack methods which break the protection with traditional encrypted communication methods such as SSL. For example, user's password can be stolen through phishing attacks, key loggers and spywares with the aim of impersonating the user, even if authentication systems protect communication channels with encryption methods and digital signatures, since the information is directly stolen from the user or his/her PCs. To prevent such attacks, we propose a user authentication system with combination of PC and tamper resistant cellular phone. In this system, PKI-based digital signatures are calculated in a cellular phone which is more secure than a PC, and then transmitted to PCs via infrared channels. This robust system can be realized with a few additional costs by using cellular phones which are so much familiar with many users.

(7) The digital signature function email system On A Cellular Phone
Kohei Taguchi (Tokyo University of Technology School of Computer Science)
Ryuya Uda (Tokyo University of Technology School of Computer Science)

I propose the e-nai I systeo that can send and receive safe e-mai I by using appi i cat ion of cellular phones to sign electronically. In recent years, the crimes which use e-nai I suchasfishing-e-tnail have increased, so we need to prove justice of e-mai I by usi ng signature more than ever. However, there is a problem such as the falsification and the disguise key can be illegally used when there is a problem in the management of the private key, and it is accessed illegally in the general signature maiI being used nan. In this system, me sign e-mai I by using secret-keys that are managed safely in eel lular phones' termina I and use pub I ic-keys that are registered at a certification office to certify the original person guaranteed by others by inspecting e-nai I. In addition, the transmission of a message is enabled in e-mai I ing it the signature that does not depend on a eel lular company by implementing public key encryption by software originally.

(8) Invite Presentation: Linux Open Source Software
Toru Hoshi (Tokyo University of Technology School of Computer Science)

(9) Smart Card Logon for a Shared Terminal Computer based on PKI Authentication
Kazuto KUZUU (Information Technology Center, Nagoya University)
Yasushi HIRANO (Information Technology Center, Nagoya University)
Kenji MASE (Information Technology Center, Nagoya University)
Toyohide WATANABE (Information Technology Center, Nagoya University)

General authentication for a shared terminal computer such as PC is conventionally achieved with a user ID and a password. In such login authentication, however, the vulnerability is often pointed out because of the danger of password leak as well as decipherment. PKI, Public Key Infrastructure, is regarded as one of the most effective means for such information security, and we can realize a reliable and credible authentication system through combining a smart card with PKI. In consideration of both the ease of using a smart card and the safety brought about by introducing PKI, we constructed a smart card logon system for a shared terminal computer based on PKI authentication.

(10) An Improvement in Sharing Process of Secure File-Sharing System with P2P Technology
Hiroko Toraori (Tokyo University of Technology School of Computer Science)
Ryuya Uda (Tokyo University of Technology School of Computer Science)

In this thesis, we make an observation on a file preservation system that decreases file management cost by making PC of small-scale group cooperate by using P2P technology that considers safety, and shares communication band of each PC that participates in network and in surplus disk space in the entire system. Moreover, in the file sharing by two or more people, the malicious computer access to the file by the third party outside the group is excluded by always managing the member of the group, file update history, member's file access authority, and the joining and the accession. Hence the user is free from the anxiety about leaking of information. In wder to hide files stealthily in general PC, each file on the system is encrypted with common key cryptography and each user on the system is authenticated with a public key cryptography.

(11) Approach to traceability of paper document copied with e-signature
Gota Jury (Tokyo University of Technology School of Computer Science)
Ryuya Uda (Tokyo University of Technology School of Computer Science)

Since January, 2001, various programs for applying information technology have been worked on. One of the aims is "Realization of the society where the whole nation enjoys benefit by using information technology". It is called "E-Japan Strategy". On April 1,2005, the law of "E-Document Method" was enforced. Financial and tax documents have been allowed to be preserved in electronic data as well as in paper. As a result, the circulation of electronic data became popular. However, many documents are still preserved in paper. Therefore, security in the management of the paper documents is still important The objective of this study is realization of traceability of paper documents by embedding electronic signature in die surface of the paper as a dot pattem. Moreover, operation of die system is free from using pc so that die problem of the digital divide will be resolved.

(12) An Intrusion Detection System by fixed-point observation of network security data

Today, unlawful network accesses such as Internet Worm and DoS are increasing and have caused a social problem. As a counter measures for these threats, we propose an anomaly-based IDS analyzing and finding a change of time-series data obtained by fixed-point observation such as IDS Alert log. Time-series data is converted to multiple patterns by a fixed-size sliding window. When the latest pattern is not similar to patterns of normal status, it is determined as anomaly status. For efficient pattern comparison the proposed system converts patterns to principal component scores in low dimensions. When principal component score of the latest pattern deviates from scores of normal patterns the system judges the latest pattern is anomaly status.


Valid HTML 4.01! Valid CSS!