Your search keyword '"Ayumu Kubota"' showing total 17 results

1. SeBeST: Security Behavior Stage Model and Its Application to OS Update

Author

Ayane Sano, Yukiko Sawaya, Akira Yamada, and Ayumu Kubota

Subjects

Persuasion, Focus (computing), Computer science, media_common.quotation_subject, Stage (hydrology), Security awareness, Computer security, computer.software_genre, computer, media_common

Abstract

To protect computers from various types of cyberattack, users are required to learn appropriate security behaviors. Different persuasion techniques to encourage users to take security behaviors are required according to user attitude toward security. In this paper, we first propose a Security Behavior Stage Model (SeBeST) which classifies users into five stages in terms of attitude toward security measurements; having security awareness and taking security behaviors. In addition, we focus on OS updating behaviors as an example of security behaviors and evaluated effective OS update messages for users in each stage. We create message dialogs which can promote user OS updating behaviors. We conduct two online surveys; we analyze the validity of SeBeST in Survey1 and then evaluate effective messages for each stage in Survey2. We find that SeBeST has high validity and appropriate messages for the users in each stage differ from one another.

Published

2021

2. In-Vehicle Network Security Using Secure Element

Author

Hideaki Kawabata, Ayumu Kubota, Seiichiro Mizoguchi, and Keisuke Takemori

Subjects

Network security, business.industry, Computer science, Applied Mathematics, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Computer Graphics and Computer-Aided Design, Secure cryptoprocessor, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, In vehicle, 020201 artificial intelligence & image processing, Pre-shared key, Electrical and Electronic Engineering, Element (criminal law), Secure copy, business, computer, Key exchange

Published

2016

3. Predicting Impending Exposure to Malicious Content from User Behavior

Author

Nicolas Christin, Mahmood Sharif, Jumpei Urakawa, Akira Yamada, and Ayumu Kubota

Subjects

Computer science, Network security, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Moment (mathematics), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Session (computer science), business, Content (Freudian dream analysis), computer

Abstract

Many computer-security defenses are reactive---they operate only when security incidents take place, or immediately thereafter. Recent efforts have attempted to predict security incidents before they occur, to enable defenders to proactively protect their devices and networks. These efforts have primarily focused on long-term predictions. We propose a system that enables proactive defenses at the level of a single browsing session. By observing user behavior, it can predict whether they will be exposed to malicious content on the web seconds before the moment of exposure, thus opening a window of opportunity for proactive defenses. We evaluate our system using three months' worth of HTTP traffic generated by 20,645 users of a large cellular provider in 2017 and show that it can be helpful, even when only very low false positive rates are acceptable, and despite the difficulty of making "on-the-fly'' predictions. We also engage directly with the users through surveys asking them demographic and security-related questions, to evaluate the utility of self-reported data for predicting exposure to malicious content. We find that self-reported data can help forecast exposure risk over long periods of time. However, even on the long-term, self-reported data is not as crucial as behavioral measurements to accurately predict exposure.

Published

2018

4. Runtime Attestation for IAAS Clouds

Author

Ayumu Kubota, Angelo Sapello, Giovanni Di Crescenzo, Jesse Elwell, Abhrajit Ghosh, Takashi Matsunaka, and Alexander Poylisher

Subjects

Computer science, business.industry, Operating system, Cloud computing, computer.software_genre, business, computer

Published

2018

5. Classification of Landing and Distribution Domains Using Whois’ Text Mining

Author

Yukiko Sawaya, Ayumu Kubota, Akira Yamada, Jumpei Urakawa, Tran Phuong Thao, and Kosuke Murakami

Subjects

021110 strategic, defence & security studies, Focus (computing), Exploit, Computer science, 0211 other engineering and technologies, Decision tree, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Support vector machine, Landing page, Web page, 0202 electrical engineering, electronic engineering, information engineering, Malware, F1 score, computer

Abstract

Detection of drive-by-download attack has gained a focus in security research since the attack has turned into the most popular and serious threat to web infrastructure. The attack exploits vulnerabilities in web browsers and their extensions for unnoticeably downloading malicious software. Often, the victim is sent through a long chain of redirection operations in order to take down the offending pages. Concretely, the attack is triggered when a user visits a benign webpage that is compromised by the attacker (called landing page) and is inserted some malicious code inside. The user is then automatically redirected to an actual page that installs malware on the user's computer (called distribution page) without his/her consent or knowledge. While there is a large body of works targeting on detection of drive-by download attack, there is little attention on the redirection which is a crucial characteristic of the attack. In this paper, for the first time, we propose an approach to the classification of landing and distribution domains which are important components forming the head and tail of a redirection chain in the attack. The methodology in our approach is to use machine learning for text mining on the registered information of the domains called whois. We intensively implemented our approach with six popular supervised learning algorithms, compared the results and concluded that Linear-based Support Vector Machine and CART algorithm-based Decision Tree are the best models for our dataset which respectively give 98.55% and 99.28% of accuracy, 97.78% and 98.95% of F1 score, 98.35% and 99.45% of average precision.

Published

2017

6. Self-Confidence Trumps Knowledge

Author

Akihiro Nakarai, Mahmood Sharif, Ayumu Kubota, Yukiko Sawaya, Nicolas Christin, and Akira Yamada

Subjects

Structure (mathematical logic), Focus (computing), media_common.quotation_subject, 05 social sciences, Regression analysis, 02 engineering and technology, Affect (psychology), Computer security, computer.software_genre, Test (assessment), Self-confidence, 020204 information systems, Scale (social sciences), 0202 electrical engineering, electronic engineering, information engineering, Cross-cultural, 0501 psychology and cognitive sciences, Psychology, computer, Social psychology, 050107 human factors, media_common

Abstract

Computer security tools usually provide universal solutions without taking user characteristics (origin, income level, ...) into account. In this paper, we test the validity of using such universal security defenses, with a particular focus on culture. We apply the previously proposed Security Behavior Intentions Scale (SeBIS) to 3,500 participants from seven countries. We first translate the scale into seven languages while preserving its reliability and structure validity. We then build a regression model to study which factors affect participants' security behavior. We find that participants from different countries exhibit different behavior. For instance, participants from Asian countries, and especially Japan, tend to exhibit less secure behavior. Surprisingly to us, we also find that actual knowledge influences user behavior much less than user self-confidence in their computer security knowledge. Stated differently, what people think they know affects their security behavior more than what they do know.

Published

2017

7. ROP Defense in the Cloud through LIve Text Page-level Re-ordering - The LITPR System

Author

Angelo Sapello, Takashi Matsunaka, Jesse Elwell, Ayumu Kubota, C. Jason Chiang, and Abhrajit Ghosh

Subjects

Computer science, business.industry, Operating system, Cloud computing, computer.software_genre, business, computer

Published

2017

8. Robust ORAM: Enhancing Availability, Confidentiality and Integrity

Author

Atsuko Miyaji, Shinsaku Kiyomoto, Mohammad Shahriar Rahman, Ayumu Kubota, and Tran Phuong Thao

Subjects

020203 distributed computing, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, Cloud computing, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Encryption, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, business, Oblivious ram, computer, Cloud storage, Block (data storage), Computer network

Abstract

Oblivious RAM (ORAM) is a primitive for hiding storage access patterns in the context of software protection. With the trend of cloud computing, ORAM also has important applications in privacy-preserving cloud storage applications. Many ORAMs for cloud storage have been proposed to improve efficiency and security. However, data availability, data confidentiality, and data integrity have not been simultaneously addressed. In this paper, we formalize a new concept of ORAM called RORAM (Robust ORAM by enhancing availability, confidentiality and integrity), which can deal with these three challenges. Furthermore, RORAM not only can achieve a higher security level but also is more efficient compared with previous ORAMs by using linear network coding to reduce the client's computational cost of block encryption/decryption in every read/write operation in previous ORAMs. The security and complexity analyses show that RORAM is provably secure and highly lightweight.

Published

2017

9. Secure Host Name Resolution Infrastructure for Overlay Networks

Author

Toshiaki Tanaka, Yutaka Miyake, and Ayumu Kubota

Subjects

Name server, Computer Networks and Communications, business.industry, Computer science, Domain Name System, Overlay network, DNS zone, Computer security, computer.software_genre, Identifier, Root name server, nsupdate, Fully qualified name, Fully qualified domain name, Electrical and Electronic Engineering, business, computer, Software, Computer network

Abstract

In order to introduce new routing functionality without changing the Internet infrastructure, many routing overlays have been proposed in recent years. Although such overlays allow us to dynamically and flexibly form various types of networks, the current host name resolution mechanism used in the Internet, i.e. DNS, cannot provide us such flexibility in host name referencing because of its delegation-based administration scheme of domain names. And also, it cannot provide us security because of the lack of wide deployment of its security extension, DNSSEC. In this paper, we propose a generic framework for secure and flexible host name resolution infrastructure that can be shared among many routing overlays. In contrast to DNS with which users are forced to use the domain name space managed by IANA/ICANN, our framework separates the name resolution mechanism from the name spaces it handles, which allows users to choose whatever name space they think appropriate for the identity scheme of their overlay-networking community. This realizes decentralized management of domain names and gives users freedom in domain name acquisition. The basic idea to achieve this is to use a cryptographically generated identifier (i.e. a hash of a public key) as a reference to an administrative domain of overlay networking hosts and allow the owner of the domain to securely publish host information using the corresponding private key. We show that a referencing mechanism for such host information can be easily implemented by using distributed hash tables (DHTs), and then show how such "semantic-free" references to domains can be linked to existing identity scheme in order to allow "human-friendly" referencing.

Published

2006

10. Optimizing Share Size in Efficient and Robust Secret Sharing Scheme for Big Data

Author

Ayumu Kubota, Tran Phuong Thao, Mohammad Shahriar Rahman, Kazumasa Omote, Zakirul Alam Bhuiyan, and Shinsaku Kiyomoto

Subjects

Homomorphic secret sharing, Information Systems and Management, Distributed database, business.industry, Computer science, 05 social sciences, 050301 education, Shared secret, Computer security, computer.software_genre, A share, Secret sharing, Distributed data store, Secure multi-party computation, 0501 psychology and cognitive sciences, Verifiable secret sharing, business, 0503 education, computer, 050104 developmental & child psychology, Information Systems, Computer network

Abstract

Secret sharing scheme has been applied commonly in distributed storage for Big Data. It is a method for protecting outsourced data against data leakage and for securing key management systems. The secret is distributed among a group of participants where each participant holds a share of the secret. The secret can be only reconstructed when a sufficient number of shares are reconstituted. Although many secret sharing schemes have been proposed, they are still inefficient in terms of share size, communication cost and storage cost; and also lack robustness in terms of exact-share repair. In this paper, for the first time, we propose a new secret sharing scheme based on Slepian-Wolf coding. Our scheme can achieve an optimal share size utilizing the simple binning idea of the coding. It also enhances the exact-share repair feature whereby the shares remain consistent even if they are corrupted. We show, through experiments, how our scheme can significantly reduce the communication and storage costs while still being able to support direct share repair leveraging lightweight exclusive-OR (XOR) operation for fast computation.

Published

2017

11. Ephemeral UUID for Protecting User Privacy in Mobile Advertisements

Author

Hideaki Kawabata, Toshiki Matsui, Ayumu Kubota, and Keisuke Takemori

Subjects

business.industry, Computer science, Ephemeral key, Universally unique identifier, Service provider, Encryption, Computer security, computer.software_genre, World Wide Web, Do Not Track, business, Reset (computing), computer, Replay attack

Abstract

Recently, a universally unique identifier (UUID) for targeting ad services is supported by a smartphone OS, which can be reset and/or halted by a user. However, when a user resets the UUID, all targeted ad libraries are initialized. It means that the user cannot control ad libraries one at a time. As the user interests managed by the same UUID are easily exchanged between the ad service provider and another ad service provider, the user is anxious about the privacy violation. In addition, as the UUID can be tapped on the unencrypted network, the replay attack using the tapped UUID violates the user’s privacy. In this paper, we propose a privacy enhanced UUID that is generated by each ad service provider. As the UUID is encrypted with the time information by each access, the value of “Enc(Time, UUID)” is changed frequently. Thus, we call it an ephemeral UUID. The ephemeral UUID is shared through the same ad libraries in any applications, but it cannot be shared through the other ad libraries. Our UUID can be reset by the user and cannot be extracted on the network.

Published

2014

12. Restrictions on management protocols for distributed version control of LAN configurations

Author

Kazuki Katagishi, Ayumu Kubota, and Tohru Asami

Subjects

World Wide Web, Thesaurus (information retrieval), Database, Computer Networks and Communications, Computer science, Control (management), Electrical and Electronic Engineering, computer.software_genre, computer

Published

2000

13. Detecting and Preventing Drive-By Download Attack via Participative Monitoring of the Web

Author

Junpei Urakawa, Takashi Matsunaka, and Ayumu Kubota

Subjects

Web server, business.industry, Computer science, Static web page, computer.software_genre, Web application security, Computer security, Web API, World Wide Web, Web page, Web navigation, Web service, Web threat, business, computer

Abstract

Drive-by Download Attack (DBD) is one of the major threats on the web infrastructure. DBD attacks are triggered by user access to a malicious website and force users to download malware by exploiting the vulnerabilities of web browsers or plugins. Malicious websites are ephemeral. Therefore, it is necessary to gather fresh information related to malicious activities to detect and prevent such attacks. In this paper, we propose a framework that combats with DBD attacks with users' voluntary monitoring of the web. This framework tackles the two issues: ways to obtain up-to-date information related malicious activities and ways to provide up-to-date information to the world. The framework aims to realize a security ecosystem: users actively offer information about their activities on the web (e.g. access URL, download contents), and security analysts inspect the information to detect new threats and devise countermeasures for any new threats and then provide the countermeasures to users as feedback. The framework consists of sensors located on the user side and a centralized center located on the network side. Sensors are deployed in the web browser, in web proxies, and DNS servers. Sensors monitors the access URLs download contents, the method of triggering the link events (e.g. mouse click, move, redirected by the server), then the sensors report the data to the center. The center analyzes the data, derives the statistical data and the web link structure, and detects new threats by facilitating the characteristics of malicious web pages. This paper also shows a real world example that demonstrates the potential of our framework. The example implies that our focus on the change of the web link structure can detect illegal falsification of web pages. Our framework can obtain long-term data on how many hosts users are forced to access by the access of a web page, so we believe that our framework can distinguish legitimate changes in web pages with compromised changes.

Published

2013

14. SanAdBox: Sandboxing third party advertising libraries in a mobile application

Author

Ayumu Kubota, Takamasa Isohara, Masakatsu Nishigaki, Harunobu Agematsu, Hideaki Kawabata, Junya Kani, and Keisuke Takemori

Subjects

Third party, Computer science, business.industry, Mobile advertising, Internet privacy, Advertising, Smartphone application, Computer security, computer.software_genre, Sandbox (computer security), Privilege separation, Android (operating system), business, computer

Abstract

Seventy percent of smartphone applications employ third party libraries for advertisement and usage analysis. Because the host application and those third party libraries have to be packed into one application package, they share the same set of privileges. This worries users because of the concern that third party libraries might abuse the host application's privileges. This is not a desirable situation for application developers, either, because they are forced to add privileges for advertising libraries that are not necessary for their application, and users tend to avoid applications with sensitive privileges. Although advertising libraries are generally not welcomed by users, mobile advertisements play a key role in a mobile application eco-system that promotes the popularity of free applications. Therefore, we need a solution that will not hamper a mobile advertising agency service while addressing the concerns of users and developers. In this paper, we designed SanAdBox, a privilege separation framework for Android applications and a third party library that will not interfere with the behavior of third party libraries. In SanAdBox, each third party library is installed as an independent application so that it runs in a separate sandbox. In this way, the privileges of applications and libraries are strictly separated, solving the above-mentioned problems. Furthermore, because SanAdBox does not require modification of the Android operating system, we can install it on smartphones with the normal Android operating system.

Published

2013

15. Understanding the time-series behavioral characteristics of evolutionally advanced email spammers

Author

Ayumu Kubota, Akira Yamada, and Yukiko Sawaya

Subjects

Backbone network, Computer science, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, Botnet, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Service provider, Computer security, computer.software_genre, Spamming, Traffic flow (computer networking), World Wide Web, Mobile phone, Order (business), computer

Abstract

There are many anti-spam techniques available today. However, spammers evolve mass mailing techniques in order to circumvent these countermeasures. One example of such evolutionally advanced spammers is observed in email services offered by Japanese mobile phone service providers. Because they have been enforcing very strict anti-spam filters, commonly used mass mailing techniques such as spam botnets are becoming less effective, and spammers thus have to evolve their technologies. In order to understand such evolutionally advanced spam-sending hosts' behaviors, we collected and analyzed their traffic flow data retrieved at a backbone network in the real commercial network of one of the largest mobile phone service providers in Japan, which has over 30 million customers. In this paper, we first show that many of the existing anti-spam techniques are not effective against advanced spammers, and then reveal that such advanced spammers have distinctive time-series behavioral characteristics that have the potential to be exploited in developing new mitigation techniques and predicting their behavior in the future.

Published

2012

16. Kernel-based Behavior Analysis for Android Malware Detection

Author

Ayumu Kubota, Keisuke Takemori, and Takamasa Isohara

Subjects

business.industry, Computer science, media_common.quotation_subject, Mobile computing, computer.software_genre, Computer security, System monitoring, Debugging, Virtual machine, Android malware, Information leakage, Malware, Mobile telephony, Android (operating system), business, computer, media_common

Abstract

The most major threat of Android users is malware infection via Android application markets. In case of the Android Market, as security inspections are not applied for many users have uploaded applications. Therefore, malwares, e.g., Geimini and Droid Dream will attempt to leak personal information, getting root privilege, and abuse functions of the smart phone. An audit framework called log cat is implemented on the Dalvik virtual machine to monitor the application behavior. However, only the limited events are dumped, because an application developers use the log cat for debugging. The behavior monitoring framework that can audit all activities of applications is important for security inspections on the market places. In this paper, we propose a kernel-base behavior analysis for android malware inspection. The system consists of a log collector in the Linux layer and a log analysis application. The log collector records all system calls and filters events with the target application. The log analyzer matches activities with signatures described by regular expressions to detect a malicious activity. Here, signatures of information leakage are automatically generated using the smart phone IDs, e.g., phone number, SIM serial number, and Gmail accounts. We implement a prototype system and evaluate 230 applications in total. The result shows that our system can effectively detect malicious behaviors of the unknown applications.

Published

2011

17. Autonomous DNSSEC: Secured pseudo DNS domains for personal networks

Author

Ayumu Kubota and Yutaka Miyake

Subjects

Computer science, Network security, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, DNS zone, Public key infrastructure, Client-side, Computer security, computer.software_genre, Public-key cryptography, Zone file, Server, DNS root zone, nsupdate, The Internet, DNS hijacking, business, computer, Computer network

Abstract

Although security protocols like TLS/SSL are widely used in the Internet, it is still difficult to secure communications among personal network devices, typically seen in P2P applications and pervasive computing environment. This is because it is uncommon among such personal devices to have public key certificates to authenticate themselves, and furthermore, most of them do not have persistent names or addresses to identify themselves. In this paper, we propose Autonomous DNSSEC, which allows people to generate pseudo DNS domains for personal networks by themselves and to secure them with DNSSEC. By having a secured DNS domain, people can register names and authentication information like public keys of personal devices under their pseudo domain, and make that information securely accessible by other people. In our proposal, DNS records of pseudo domains are separately stored in the distributed hash tables (DHTs) dedicated to this purpose, and thus no modification to existing DNS servers is required. By modifying the DNS resolver mechanism on the client side, even unmodified applications can securely access the information registered under pseudo domains. Therefore, applications that can use the DNS for storing public keys or their certificates can instantly utilize our system for securing their communication. We demonstrate this by showing how an unmodified OpenSSH client can properly authenticate its target host using our system.

Published

2010