Your search keyword '"Kazumasa Omote"' showing total 31 results

1. Toward the Application of Differential Privacy to Data Collaboration

Author

Hiromi Yamashiro, Kazumasa Omote, Akira Imakura, and Tetsuya Sakurai

Subjects

Differential privacy, dimension reduction, distributed machine learning, federated learning, principal component analysis, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Federated Learning, a model-sharing method, and Data Collaboration, a non-model-sharing method, are recognized as data analysis methods for distributed data. In Federated Learning, clients send only the parameters of a machine learning model to the central server. In Data Collaboration, clients send data that has undergone irreversibly transformed through dimensionality reduction to the central server. Both methods are designed with privacy concerns, but privacy is not guaranteed. Differential Privacy, a theoretical and quantitative privacy criterion, has been applied to Federated Learning to achieve rigorous privacy preservation. In this paper, we introduce a novel method using PCA (Principal Component Analysis) that finds low-rank approximation of a matrix preserving the variance, aiming to apply Differential Privacy to Data Collaboration. Experimental evaluation using the proposed method show that differentially-private Data Collaboration achieves comparable performance to differentially-private Federated Learning.

Published

2024

2. A Scientometrics Analysis of Cybersecurity Using e-CSTI

Author

Kazumasa Omote, Yoko Inoue, Yoshihide Terada, Naohiro Shichijo, and Toshiyuki Shirai

Subjects

Cybersecurity, scientometrics, research cluster, literature map, e-CSTI, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The research area of cybersecurity covers a wide range of fields from networking, software, and hardware to cryptography, authentication, and cyberattack countermeasures. Meanwhile, few cybersecurity experts are familiar with all areas of cybersecurity research. So, an evidence-based analysis covering all fields is very important to understand research trends in cybersecurity without bias. Such a field of study is called scientometrics, and there are many studies of scientometrics in the area of cybersecurity. However, in the analysis of these existing studies, the overall structure of the cybersecurity research is not clarified, and it is difficult to grasp the overall picture of cybersecurity research. In this study, we focus on cybersecurity as a research area covered by scientometrics analysis and conduct a detailed analysis of research trends in cybersecurity using e-CSTI (evidence data platform constructed by Council for Science, Technology and Innovation), and Dimensions bibliographic data for the 10 years from 2010 to 2019. Especially, we identify four representative research clusters (cyberattack, cryptography, authentication, and blockchain) and 55 research sub-clusters in the area of cybersecurity. We analyze the research trends in each country and the trends of the research topics of interest at the cluster level. For example, our results show that there are differences in research topics of emphasis between the U.S. and China. e-CSTI assists policymakers and researchers in getting a comprehensive understanding of global research trends and topics of interest in cybersecurity research.

Published

2024

3. Honeypot Method to Lure Attackers Without Holding Crypto-Assets

Author

Hironori Uchibori, Katsunari Yoshioka, and Kazumasa Omote

Subjects

Blockchain, clustering, ethereum, honeypot, JSON-RPC, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In recent years, the convenience and potential use of crypto-assets such as Bitcoin and Ethereum have attracted increasing attention. On the other hand, there have been reports of attacks on the blockchain networks that support crypto-assets in an attempt to steal other users’ assets. In the past, research on attack observation against blockchains has used techniques such as holding real crypto-assets to lure attackers into honeypots or falsifying balances to attackers. However, these methods risk losing crypto-assets to attackers or being exposed as honeypots to attackers. To solve these problems, we propose a new RPC (Remote Procedure Call) honeypot method that returns the wallet address of another party holding a high balance in response to an attacker’s request, thereby luring the attacker without having the real crypto-assets. Our experimental evaluation shows that this method can attract more attackers than the method with zero-balance wallets and can observe more sophisticated attacks. Furthermore, we proposed a risk reduction strategy for crypto-asset theft by applying the idea of our method. In the log analysis process, we devised a new clustering method using the number of times an attacker executes a specific method as a feature. By applying this method, we successfully classified attackers based on their objectives, demonstrating the efficient analysis of vast amounts of log data.

Published

2024

4. Toward Achieving Anonymous NFT Trading

Author

Zhanwen Chen and Kazumasa Omote

Subjects

Non-fungible token, owner privacy, blockchain, security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

With the rapid development of Non-Fungible Token (NFT) market, various types of digital artwork are published via NFT in recent years for sale. In the current NFT system, owner’s address of each NFT is stored in plaintext. This leads to a severe privacy problem: once a person’s blockchain address is known, all his NFT assets are viewable, which may further cause problems related to the privacy of holding sensitive NFT or premeditated scams to high-value NFT owners. However, due to the limitation of Ethereum and smart contract, it is hard to prevent others from tracking the owner of NFT. Meanwhile, current state-of-the-art NFT research usually assumes the relation between blockchain address and owner’s identity is unknown, thus creating the so-called anonymity. In this paper, based on the most popular NFT marketplace OpenSea’s system, we propose a new exchange scheme to hides the address of NFT owner during trading. To achieve our goal, a proof of commitment scheme is exploited to bind the owner to an NFT while hiding the identity. Moreover, An anonymous payment method is designed to prevent attackers from tracing the Ether flow in NFT trading. Our scheme is proven to be secure against curious users and malicious active attackers. Implementation on testnet also shows that the increased gas cost is acceptable, meaning it is suitable for application.

Published

2022

5. Analysis of the Features and Structure Behind Availability in Blockchain Using Altcoin

Author

Mitsuyoshi Imamura and Kazumasa Omote

Subjects

Blockchain, cryptocurrency, altcoin, availability, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Data availability is a security factor in a blockchain that is challenging to understand and explain because it cannot be described cryptographically or mathematically because of its behavior-dependent properties on the volunteers who maintain the distributed ledger in the network. Most previous approaches have frequently used successful projects with empirically effective availability, such as Bitcoin and Ethereum, to analyze more active blockchain networks. Therefore, even if much of the Altcoin forked from Bitcoin had nodes in the network, contrary to intuition because they were unpopular and failed projects, they were not the focus of much attention in the analysis. However, it is interesting to note that both can maintain availability. Considering the network structure that supports availability, it is possible to investigate Altcoin’s features as a minimal component because it is a failed project, whereas it is challenging to do so with Bitcoin and Ethereum because of their complex components. Thus, we specifically selected Altcoin in decline based on our user role model. We investigated the features of the network that maintain availability and the user structure underlying Altcoin, focusing on factors associated with continuity, such as initial node survivability, interest in software updates, and nodes with security risks. We discovered that compared with a stand-alone organization, the actions of early users and few community-friendly users provide greater availability. We also discuss the motivations of these users based on the cost of installing the nodes.

Published

2022

6. Blockchain-Based Autonomous Notarization System Using National eID Card

Author

Shinya Haga and Kazumasa Omote

Subjects

Blockchain, smart contract, Ethereum, e-government, national eID card, notarization system, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In recent years, the spread of information and communication technology has led to the emergence of e-government, which is the electronic replacement of government services. E-government is said to be compatible with blockchain technology, which has led to various studies on the possibility. Notarization, one of the functions of the government, has particularly been examined for the potential adoption of blockchain technology. However, because the notary public must authenticate the document’s contents during the notarization process, they have been difficult to replace with smart contracts. In this study, we focus only on fixed date notarizations and propose a fully automated notarization system by combining a national eID card with Public Key Infrastructure and smart contracts. A fixed date is a notarization that allows a notary public to guarantee that a document existed, regardless of the authenticity of the document’s content. Therefore, it can be replaced by a smart contract. Specifically, our proposed system automatically authenticates the creator and the document for electronic documents signed with a national eID card and uses the transaction receipt generated when the information is stored on the blockchain as a certificate of notarization. Verification of the signed data is done inside the blockchain by smart contracts, which eliminates the need for a verification authority. We further demonstrate the effectiveness of the proposed method in a Japanese use case as proof of concept.

Published

2022

7. An Anonymous Trust-Marking Scheme on Blockchain Systems

Author

Teppei Sato, Keita Emura, Tomoki Fujitani, and Kazumasa Omote

Subjects

Blockchain, cryptography, Bitcoin, Ethereum, NEM, accountable ring signature, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

During the Coincheck incident, which recorded the largest damages in cryptocurrency history in 2018, it was demonstrated that using Mosaic token can have a certain effect. Although it seems attractive to employ tokens as countermeasures for cryptocurrency leakage, Mosaic is a specific token for the New Economy Movement (NEM) cryptocurrency and is not employed for other blockchain systems or cryptocurrencies. Moreover, although some volunteers tracked leaked NEM using Mosaic in the CoinCheck incident, it would be better to verify that the volunteers can be trusted. Simultaneously, if someone (e.g., who stole cryptocurrencies) can identify the volunteers, then that person or organization may be targets of them. In this paper, we propose an anonymous trust-marking scheme on blockchain systems that is universally applicable to any cryptocurrency. In our scheme, entities called token admitters are allowed to generate tokens adding trustworthiness or untrustworthiness to addresses. Anyone can anonymously verify whether these tokens were issued by a token admitter. Simultaneously, only the designated auditor and no one else, including nondesignated auditors, can identify the token admitters. Our scheme is based on accountable ring signatures and commitment, and is implemented on an elliptic curve called Curve25519, and we confirm that both cryptographic tools are efficient. Moreover, we also confirm that our scheme is applicable to Bitcoin, Ethereum, and NEM.

Published

2021

8. MD-POR: Multisource and Direct Repair for Network Coding-Based Proof of Retrievability

Author

Kazumasa Omote and Tran Phuong Thao

Subjects

Electronic computers. Computer science, QA75.5-76.95

Abstract

When data owners publish their data to a cloud storage, data integrity and availability become typical problems because the cloud servers are never trusted. To address these problems, researchers proposed the Proof of Retrievability (POR) protocol which allows a verifier to check and repair the data stored in the cloud servers. Based on the POR protocol, the network coding technique is commonly applied to increase the efficiency in data transmission and data repair. However, most previous schemes neither consider a practical scenario nor use the network coding efficiently. In this paper, a lightweight network coding-based POR scheme, called MD-POR (Multisource and Direct Repair for Proof of Retrievability) is proposed. Unlike previous schemes, the proposed MD-POR scheme allows multiple clients who have different secret keys to participate in the scheme. Moreover, the MD-POR scheme supports the direct repair feature in which a corrupted data can be recovered by the servers without burdening the clients. The MD-POR scheme also supports public authentication feature in which a third party auditor is employed to check the servers, and the client is thus free of the responsibility of periodically checking the servers. Furthermore, the MD-POR scheme is constructed based on a symmetric key setting.

Published

2015

9. An r-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

Author

Keita Emura, Atsuko Miyaji, and Kazumasa Omote

Subjects

Mathematics, QA1-939

Abstract

If there are many displaced workers in a company, then a person who goes for job hunting might not select this company. That is, the number of members who quit is quite negative information. Similarly, in revocable group signature schemes, if one knows (or guesses) the number of revoked users (say r), then one may guess the reason behind such circumstances, and it may lead to harmful rumors. However, no previous revocation procedure can achieve hiding r. In this paper, we propose the first revocable group signature scheme, where r is kept hidden, which we call r-hiding revocable group signature. To handle this property, we newly define the security notion called anonymity with respect to the revocation which guarantees the unlinkability of revoked users.

Published

2014

10. An Anonymous Trust-Marking Scheme on Blockchain Systems

Author

Tomoki Fujitani, Teppei Sato, Keita Emura, and Kazumasa Omote

Subjects

FOS: Computer and information sciences, Scheme (programming language), Cryptocurrency, Computer Science - Cryptography and Security, Blockchain, General Computer Science, Computer science, Cryptography, Computer security, computer.software_genre, Security token, Ethereum, Ring signature, General Materials Science, Elliptic curve cryptography, computer.programming_language, cryptography, business.industry, General Engineering, NEM, accountable ring signature, TK1-9971, Trustworthiness, Curve25519, Electrical engineering. Electronics. Nuclear engineering, business, Cryptography and Security (cs.CR), computer, Bitcoin

Abstract

During the Coincheck incident, which recorded the largest damages in cryptocurrency history in 2018, it was demonstrated that using Mosaic token can have a certain effect. Although it seems attractive to employ tokens as countermeasures for cryptocurrency leakage, Mosaic is a specific token for the New Economy Movement (NEM) cryptocurrency and is not employed for other blockchain systems or cryptocurrencies. Moreover, although some volunteers tracked leaked NEM using Mosaic in the CoinCheck incident, it would be better to verify that the volunteers can be trusted. Simultaneously, if someone (e.g., who stole cryptocurrencies) can identify the volunteers, then that person or organization may be targets of them. In this paper, we propose an anonymous trust-marking scheme on blockchain systems that is universally applicable to any cryptocurrency. In our scheme, entities called token admitters are allowed to generate tokens adding trustworthiness or untrustworthiness to addresses. Anyone can anonymously verify whether these tokens were issued by a token admitter. Simultaneously, only the designated auditor and no one else, including nondesignated auditors, can identify the token admitters. Our scheme is based on accountable ring signatures and commitment, and is implemented on an elliptic curve called Curve25519, and we confirm that both cryptographic tools are efficient. Moreover, we also confirm that our scheme is applicable to Bitcoin, Ethereum, and NEM., An extended abstract appeared at the 3rd IEEE International Conference on Blockchain and Cryptocurrency, ICBC 2021. This is the full version

Published

2021

11. ブロックチェーン・暗号資産の光と影

Author

Kazumasa Omote

Published

2020

12. A Sealed-bid Auction with Fund Binding: Preventing Maximum Bidding Price Leakage

Author

Kota Chin, Keita Emura, Kazumasa Omote, and Shingo Sato

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Science - Computer Science and Game Theory, Cryptography and Security (cs.CR), Computer Science and Game Theory (cs.GT)

Abstract

In an open-bid auction, a bidder can know the budgets of other bidders. Thus, a sealed-bid auction that hides bidding prices is desirable. However, in previous sealed-bid auction protocols, it has been difficult to provide a ``fund binding'' property, which would guarantee that a bidder has funds more than or equal to the bidding price and that the funds are forcibly withdrawn when the bidder wins. Thus, such protocols are vulnerable to false bidding. As a solution, many protocols employ a simple deposit method in which each bidder sends a deposit to a smart contract, which is greater than or equal to the bidding price, before the bidding phase. However, this deposit reveals the maximum bidding price, and it is preferable to hide this information. In this paper, we propose a sealed-bid auction protocol that provides a fund binding property. Our protocol not only hides the bidding price and a maximum bidding price, but also provides fund binding, simultaneously. For hiding the maximum bidding price, we pay attention to the fact that usual Ethereum transactions and transactions for sending funds to a one-time address have the same transaction structure, and it seems that they are indistinguishable. We discuss how much bidding transactions are hidden. We also employ DECO (Zhang et al,. CCS 2020) that proves the validity of the data to a verifier in which the data are taken from a source without showing the data itself. Finally, we give our implementation which shows transaction fees required and compare it to a sealed-bid auction protocol employing the simple deposit method.

Published

2022

13. Group Signatures with Message-Dependent Opening: Formal Definitions and Constructions

Author

Takahiro Matsuda, Yusuke Sakai, Kazuma Ohara, Kazumasa Omote, Keita Emura, Yutaka Kawai, and Goichiro Hanaoka

Subjects

Theoretical computer science, Article Subject, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Group signature, Encryption, Signature (logic), Random oracle, Set (abstract data type), lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), lcsh:T1-995, 020201 artificial intelligence & image processing, lcsh:Science (General), business, lcsh:Q1-390, Information Systems, Standard model (cryptography), Anonymity

Abstract

This paper introduces a new capability for group signatures called message-dependent opening. It is intended to weaken the high trust placed on the opener; i.e., no anonymity against the opener is provided by an ordinary group signature scheme. In a group signature scheme with message-dependent opening (GS-MDO), in addition to the opener, we set up an admitter that is not able to extract any user’s identity but admits the opener to open signatures by specifying messages where signatures on the specified messages will be opened by the opener. The opener cannot extract the signer’s identity from any signature whose corresponding message is not specified by the admitter. This paper presents formal definitions of GS-MDO and proposes a generic construction of it from identity-based encryption and adaptive non-interactive zero-knowledge proofs. Moreover, we propose two specific constructions, one in the standard model and one in the random oracle model. Our scheme in the standard model is an instantiation of our generic construction but the message-dependent opening property is bounded. In contrast, our scheme in the random oracle model is not a direct instantiation of our generic construction but is optimized to increase efficiency and achieves the unbounded message-dependent opening property. Furthermore, we also demonstrate that GS-MDO implies identity-based encryption, thus implying that identity-based encryption is essential for designing GS-MDO schemes.

Published

2019

14. IoT-Based Autonomous Pay-As-You-Go Payment System with the Contract Wallet

Author

Kazumasa Omote and Shinya Haga

Subjects

Science (General), Article Subject, Computer Networks and Communications, business.industry, Computer science, Pay as you go, media_common.quotation_subject, Payment system, Cryptography, Payment, Computer security, computer.software_genre, Public-key cryptography, Q1-390, Proof of concept, T1-995, Internet of Things, business, computer, Technology (General), Information Systems, media_common

Abstract

In recent years, increasingly many companies have entered the pay-as-you-go business because it has become easier to monitor services constantly due to the development and increase in the number of Internet of Things (IoT) devices. Research is in progress to introduce cryptographic assets into the payment, but if a private key is stolen, the cryptographic assets associated with it can be stolen. To address this issue, this paper proposes a secure automated payment system using contract wallets. This method ensures the security of cryptographic assets even if the private key is stolen. Secure automated payments are enabled by issuing transactions from IoT devices and using internal transactions to link contract wallets and smart contracts that handle the payment of cryptographic assets. Furthermore, the effectiveness of the proposed system is demonstrated on the Ethereum blockchain as a proof of concept, and the cost of gas is measured.

Published

2021

15. Bitcoin and Blockchain Technology

Author

Kazumasa Omote and Makoto Yano

Subjects

Commerce, Blockchain, business.industry, Ledger, Information technology, Business, Internet of Things, Transaction data, Bank deposit

Abstract

A ledger can be defined as a “book of permanent record.” With modern information technology, data have become economic resources if they are associated with exclusive owners and put into a ledger. It is shown in Chaps. 3 and 4 that IoT data can be transformed into productive resources while Chaps. 5 and 6 show that transaction data can be turned into money-like bank deposit currencies.

Published

2020

16. Malware Function Estimation Using API in Initial Behavior

Author

Kazumasa Omote and Naoto Kawaguchi

Subjects

Estimation, Software_OPERATINGSYSTEMS, business.industry, Computer science, Applied Mathematics, media_common.quotation_subject, 02 engineering and technology, computer.software_genre, Machine learning, Computer Graphics and Computer-Aided Design, Risk evaluation, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, ComputingMethodologies_PATTERNRECOGNITION, 020204 information systems, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Artificial intelligence, Data mining, Electrical and Electronic Engineering, Function (engineering), business, computer, media_common

Published

2017

17. D2-POR: Direct Repair and Dynamic Operations in Network Coding-Based Proof of Retrievability

Author

Kazumasa Omote and Phuong-Thao Tran

Subjects

Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Proof of retrievability, 020202 computer hardware & architecture, Artificial Intelligence, Hardware and Architecture, Linear network coding, Direct repair, 0202 electrical engineering, electronic engineering, information engineering, Computer Vision and Pattern Recognition, Electrical and Electronic Engineering, business, computer, Software, Computer network

Published

2016

18. Self‐healing wireless sensor networks

Author

Atsuko Miyaji and Kazumasa Omote

Subjects

Scheme (programming language), Computer Networks and Communications, business.industry, Computer science, Distributed computing, resiliency, security, Computer Science Applications, Theoretical Computer Science, Key distribution in wireless sensor networks, Computational Theory and Mathematics, Secure communication, Key (cryptography), self-healing, wireless sensor networks, business, Wireless sensor network, computer, ComputingMilieux_MISCELLANEOUS, Software, Computer network, computer.programming_language

Abstract

Availability is very important for long-term use of wireless sensor networks WSNs, assuming the presence of an attacker. It is thus important to achieve secure communication among WSNs even if some sensor nodes are compromised. Self-healing WSNs possess the feature that a network automatically self-heals after node-capture attacks in order to achieve availability. The self-healing means that the ratio of compromised links decreases with time, even if the attacker corrupts sensor nodes of the network. In this paper, three kinds of self-healing schemes for WSNs are described, a polynomial-based self-healing scheme, a simple random key pre-distribution scheme with self-healing, and a proactive co-operative link self-healing scheme. Our contributions are the self-healing schemes with security evaluation, in which we conduct analytical evaluation and a simulation experiment of our schemes, and results obtained from both analysis and simulations indicate that our schemes are effective in self-healing. Furthermore, comparing three schemes, we clarify each difference and discuss optimal scheme under each different environments. © 2015 The Authors. Concurrency and Computation: Practice and Experience Published by John Wiley & Sons Ltd.

Published

2015

19. ND-POR: A POR Based on Network Coding and Dispersal Coding

Author

Phuong-Thao Tran and Kazumasa Omote

Subjects

Computer science, business.industry, Computer security, computer.software_genre, Proof of retrievability, Data availability, Artificial Intelligence, Hardware and Architecture, Data integrity, Linear network coding, Biological dispersal, Computer Vision and Pattern Recognition, Electrical and Electronic Engineering, business, Cloud storage, computer, Software, Coding (social sciences), Computer network

Published

2015

20. Efficient and Secure Aggregation of Sensor Data against Multiple Corrupted Nodes

Author

Atsuko Miyaji and Kazumasa Omote

Subjects

TESLA, Computer science, Distributed computing, secure aggregation, Key distribution in wireless sensor networks, sensor networks, Artificial Intelligence, Hardware and Architecture, integrity, Mobile wireless sensor network, Computer Vision and Pattern Recognition, Electrical and Electronic Engineering, Wireless sensor network, Software

Abstract

In this paper, we propose an efficient and optimally secure sensor network aggregation protocol against multiple corrupted nodes by a random-walk adversary. Our protocol achieves one round-trip communication to satisfy optimal security without the result-checking phase, by conducting aggregation along with the verification, based on the idea of TESLA technique. Furthermore, we show that the congestion complexity, communication complexity and computational cost in our protocol are constant, i.e., O(1).

Published

2011

21. RPoK: A Strongly Resilient Polynomial-based Random Key Pre-distribution Scheme for Multiphase Wireless Sensor Networks

Author

Kazumasa Omote, Hisashige Ito, and Atsuko Miyaji

Subjects

Scheme (programming language), Polynomial, Computer science, Distributed computing, Phase (waves), Self-healing, Random Key Pre-distribution, Topology, Pre distribution, Reduction (complexity), Sensor node, Wireless Sensor Networks, Wireless sensor network, computer, computer.programming_language

Abstract

I n this paper 1 , we propose a strongly resilient polynomial-based random key pre-distribution scheme for multi- phase wireless sensor networks (RPoK): a private sub-key is not directly stored in each sensor node by applying the polynomial- based scheme to the RoK scheme. Such a polynomial is linearly transformed using forward and backward keys in order to achieve the forward and backward security of polynomials. As a result, our scheme achieves a large reduction of the ratio of compromised links by enhancing the security of the previous RoK scheme. The results obtained analytically and by simulations show that our scheme can dramatically improve the ratio of compromised links compared with the RoK scheme. I. INTRODUCTION

Published

2010

22. A Combinatorics Proliferation Model with Threshold for Malware Countermeasure

Author

Kazumasa Omote, Satoru Torii, and Takeshi Shimoyama

Subjects

General Computer Science, Computer science, business.industry, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Personal firewall, computer.software_genre, Signature (logic), Combinatorics, Software, Enterprise private network, Malware, business, Host (network), computer, Countermeasure (computer), Computer network

Abstract

Security software such as anti-virus software and personal firewall are usually installed in every host within an enterprise network. There are mainly two kinds of security software: signature-based software and anomaly-based software. Anomaly-based software generally has a “threshold” that discriminates between normal traffic and malware communications in network traffic observation. Such a threshold involves the number of packets used for behavior checking by the anomaly-based software. Also, it indicates the number of packets sent from an infected host before the infected host is contained. In this paper, we propose a mathematical model that uses discrete mathematics known as combinatorics, which is suitable for situations in which there are a small number of infected hosts. Our model can estimate the threshold at which the number of infected hosts can be suppressed to a small number. The result from our model fits very well with the result of computer simulation using typical existing scanning malware and a typical network.

Published

2010

23. Practical and Secure Recovery of Disk Encryption Key Using Smart Cards

Author

Kazumasa Omote and Kazuhiko Kato

Subjects

Computer science, smart card, computer.software_genre, Encryption, Disk encryption hardware, key recovery, user authentication, Filesystem-level encryption, Artificial Intelligence, Data_FILES, Electrical and Electronic Engineering, Password, business.industry, Client-side encryption, Disk encryption theory, Disk encryption, Hardware and Architecture, Operating system, 40-bit encryption, Keyfile, Computer Vision and Pattern Recognition, Smart card, On-the-fly encryption, business, computer, Software

Abstract

In key-recovery methods using smart cards, a user can recover the disk encryption key in cooperation with the system administrator, even if the user has lost the smart card including the disk encryption key. However, the disk encryption key is known to the system administrator in advance in most key-recovery methods. Hence user's disk data may be read by the system administrator. Furthermore, if the disk encryption key is not known to the system administrator in advance, it is difficult to achieve a key authentication. In this paper, we propose a scheme which enables to recover the disk encryption key when the user's smart card is lost. In our scheme, the disk encryption key is not preserved anywhere and then the system administrator cannot know the key before key-recovery phase. Only someone who has a user's smart card and knows the user's password can decrypt that user's disk data. Furthermore, we measured the processing time required for user authentication in an experimental environment using a virtual machine monitor. As a result, we found that this processing time is short enough to be practical.

Published

2010

24. A Dynamic Attribute-Based Group Signature Scheme and its Application in an Anonymous Survey for the Collection of Attribute Statistics

Author

Kazumasa Omote, Keita Emura, and Atsuko Miyaji

Subjects

Scheme (programming language), General Computer Science, Computer science, business.industry, Group signature, Cryptography, Anonymous Authentication, computer.software_genre, Signature (logic), Domain (software engineering), Set (abstract data type), Anonymous survey, Authorization certificate, Tree (data structure), Statistics, Data mining, business, Attribute-based system, computer, computer.programming_language

Abstract

Recently, cryptographic schemes based on the user's attributes have been proposed. An Attribute-Based Group Signature (ABGS) scheme is a kind of group signature schemes, where a user with a set of attributes can prove anonymously whether she has these attributes or not. An access tree is applied to express the relationships among some attributes. However, previous schemes do not provide the changing an access tree. In this paper, we propose a Dynamic ABGS scheme that enables an access tree to be changed. Our ABGS is efficient in that re-issuing of the attribute certificate previously issued for each user is not necessary. Moreover, calculations depending on the number of attributes are calculated on the domain of a pairing. Therefore, the number of calculations in a pairing does not depend on the number of attributes associated with a signature. Finally, we discuss how our ABGS can be applied to an anonymous survey for collection of attribute statistics.

Published

2009

25. A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

Author

Kazumasa Omote, Masakazu Soshi, Keita Emura, Akito Nomura, and Atsuko Miyaji

Subjects

Plaintext-aware encryption, Theoretical computer science, Computer Networks and Communications, Computer science, CP-ABE, Applied Mathematics, Data_CODINGANDINFORMATIONTHEORY, Constant Ciphertext Length, ciphertext-policy attribute-based encryption, Deterministic encryption, Computational Mathematics, Attribute-based encryption, Ciphertext indistinguishability, Computational Theory and Mathematics, Malleability, Ciphertext, Key clustering, Semantic security, Ciphertext-Policy

Abstract

An Attribute-Based Encryption (ABE) is an encryption scheme, where users with some attributes can decrypt ciphertexts associated with these attributes. However, the length of the ciphertext depends on the number of attributes in previous ABE schemes. In this paper, we propose a new Ciphertext-Policy Attribute-Based Encryption(CP-ABE) with constant ciphertext length. Moreover, the number of pairing computations is also constant., Proceedings of the 5th International Conference, ISPEC 2009 Xi’an, China, April 13-15, 2009.

Published

2009

26. An $r$ -Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

Author

Keita Emura, Atsuko Miyaji, and Kazumasa Omote

Subjects

Property (philosophy), Article Subject, Revocation, Group (mathematics), Applied Mathematics, Negative information, lcsh:Mathematics, MathematicsofComputing_GENERAL, Job hunting, Group signature, Computer security, computer.software_genre, lcsh:QA1-939, Displaced workers, computer, Mathematics, Anonymity

Abstract

If there are many displaced workers in a company, then a person who goes for job hunting might not select this company. That is, the number of members who quit is quite negative information. Similarly, in revocable group signature schemes, if one knows (or guesses) the number of revoked users (sayr), then one may guess the reason behind such circumstances, and it may lead to harmful rumors. However, no previous revocation procedure can achieve hidingr. In this paper, we propose the first revocable group signature scheme, whereris kept hidden, which we callr-hiding revocable group signature. To handle this property, we newly define the security notion called anonymity with respect to the revocation which guarantees the unlinkability of revoked users.

Published

2014

27. Determination of Tin in Iron and Steel by Differential Pulse Anodic Stripping Voltammetry at a Rotating Gold Film Electrode

Author

Kazumasa Omote, Toru Sato, and Tatsuhiko Tanaka

Subjects

Anodic stripping voltammetry, Pulse (signal processing), Chemistry, Gold film, Electrode, Analytical chemistry, chemistry.chemical_element, General Chemistry, Tin

Abstract

スズは鋼の機械的性質等に影響を及ぼすため，その含有率を正確に定量する必要があるが，微量域のスズを高い精度と感度で定量できる化学分析法はない．本研究では，アノードストリッピングボルタンメトリーを応用し，鉄マトリックス共存下で簡便迅速にスズが定量できる酸分解直接分析法を開発した．スズ(IV)の還元電着には多量の臭化物の共存が必要であり，鉄(III)の妨害はL(+)-アスコルビン酸で鉄(II)へ還元することにより除去できた．2 mol dm−3臭化ナトリウムと0.2 mol dm−3L(+)-アスコルビン酸を含む0.3 mol dm−3塩酸–0.1 mol dm−3硝酸中，−0.5 V vs. Ag/AgClで300秒間前電解して回転金膜電極上にスズを電着後，40 mV s−1の速度で示差パルスモードにより電位を0 V vs. Ag/AgClまで走査して析出物を溶出させた．1000 μg cm−3鉄(II)存在下，スズ(IV)濃度8.4 × 10−9–3.4 × 10−7 mol dm−3の範囲で原点を通る直線の検量線が得られた．20 ng cm−3スズ(IV)での相対標準偏差(n = 5)および検出限界(3σ)は，それぞれ4.3%，2.8 × 10−9 mol dm−3であった．カドミウム(II)と銅(II)は定量に妨害した．鉄鋼中120–400 μg g−1のスズを高い精度と正確さで，50分以内に定量できた．本法は，市中スクラップ鉄中1 μg−1以上のスズの定量に適用可能であり，予備濃縮操作を必要とする現行JIS化学分析法に比べて定量下限が1けた以上低下した．

Published

2001

28. An Intrusion and Random-Number-Leakage Resilient Scheme in Mobile Unattended WSNs

Author

Atsuko Miyaji, Kazumasa Omote, Keita Emura, and Tatsuro Iida

Subjects

business.industry, Computer science, Plaintext, hybrid encryption, computer.software_genre, Encryption, Deterministic encryption, Public-key cryptography, Multiple encryption, Probabilistic encryption, Forward secrecy, random-number-leakage problem, Secrecy, Ciphertext, 56-bit encryption, 40-bit encryption, Hybrid cryptosystem, Link encryption, On-the-fly encryption, wireless sensor networks, business, computer, Computer network

Abstract

In INFOCOM 2010, Pietro, Oligeri, Soriente, and Tsudik (POST) proposed an intrusion-resilient system with forward and backward secrecy in mobile Unattended Wireless Sensor Networks (UWSNs), where sensors move according to some mobility model (random jump model and random waypoint model). In the POST scheme, each sensor encrypts its ephemeral key $K$ as a plaintext by using the sink's public key, and sends this cipher text and the encrypted sensed data by $K$. Although the POST scheme recommends the hybrid encryption, it does not follow the conventional hybrid encryption usage, i.e., the POST scheme is not necessarily secure. More concretely, $K$ must be regarded as a plaintext of the underlying public key system, and therefore the POST scheme requires at least one more encryption procedure (i.e, encryptions for both $K$ and the data) compared with the conventional hybrid encryption procedure. In this paper, we scrutinize the original POST intrusion-resilient system. We set deployed information as a seed used for generating a random number (which is applied for public key encryption). This procedure follows the conventional hybrid encryption usage, and random-number-leakage problem does not occur. In conclusion, we improve the POST scheme from the viewpoint of both security and efficiency without spoiling significant benefit points of the original one.

Published

2012

29. A Two-Step Execution Mechanism for Thin Secure Hypervisors

Author

Koichi Tanimoto, Takeshi Okuda, Hideki Eiraku, Seiji Mune, Takashi Horie, Shoichi Hasegawa, Takahiro Shinagawa, Kazuhiko Kato, Kazumasa Omote, Eiji Kawai, Suguru Yamaguchi, and Manabu Hirano

Subjects

Authentication, Software_OPERATINGSYSTEMS, Source lines of code, business.industry, Computer science, VMM, Hypervisor, Cryptography, Construct (python library), computer.software_genre, Storage hypervisor, Trusted computing base, Virtual machine, Embedded system, Operating system, business, computer

Abstract

Virtual Machine Monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.

Published

2009

30. Protection and Recovery of Disk Encryption Key Using Smart Cards

Author

K. Kato and Kazumasa Omote

Subjects

business.industry, Computer science, computer.software_genre, Encryption, Computer security, Disk encryption hardware, Filesystem-level encryption, Disk encryption, 40-bit encryption, Keyfile, Attribute-based encryption, On-the-fly encryption, business, computer, Computer network

Abstract

Information leakage has recently become a serious problem. Because a user's disk might contain a lot of confidential information, it should be encrypted and the encryption key protected securely. Disk security has been improved by storing the encryption key in a hardware token such as a smart card or USB device. There must be some way to recover the encryption key when the token is lost, but to prevent information leakage the encryption key should not be known by the system administrator and should not be able to be recovered by malicious users inside the system. Here we describe a scheme that can limit key recovery when the user's smart card is lost and can do so without the administrator knowing the key. The smart card is used for generating the key and for improving the user authentication.

Published

2008

31. Portable ID Management Framework for Security Enhancement of Virtual Machine Monitors

Author

Manabu Hirano, Takeshi Okuda, Eiji Kawai, Takahiro Shinagawa, Hideki Eiraku, Kouichi Tanimoto, Shoichi Hasegawa, Takashi Horie, Seiji Mune, Kazumasa Omote, Kenichi Kourai, Yoshihiro Oyama, Kenji Kono, Shigeru Chiba, Yasushi Shinjo, Kazuhiko Kato, Suguru Yamaguchi, Manabu Hirano, Takeshi Okuda, Eiji Kawai, Takahiro Shinagawa, Hideki Eiraku, Kouichi Tanimoto, Shoichi Hasegawa, Takashi Horie, Seiji Mune, Kazumasa Omote, Kenichi Kourai, Yoshihiro Oyama, Kenji Kono, Shigeru Chiba, Yasushi Shinjo, Kazuhiko Kato, and Suguru Yamaguchi

Published

2009