We present a new variant of Attribute based encryption (ABE) called Dual-Policy ABE. Basically, it is a conjunctively combined scheme between Key-Policy and Ciphertext-Policy ABE, the only two previous types of ABE. Dual-Policy ABE allows simultaneously two access control mechanisms over encrypted data: one involves policies over objective attributes ascribed to data and the other involves policies over subjective attributes ascribed to user credentials. The previous two types of ABE can only allow either functionality above one at a time.

In this paper, we investigate multilevel coding and multistage decoding for satellite broadcasting with moderate decoding complexity. An unconventional signal set partitioning is used to achieve unequal error protection capabilities. Two possibilities are shown and analyzed for practical systems: (i) linear block component codes with near optimum decoding, (ii) punctured convolutional component codes with a common trellis structure.

Credit-based electronic payment systems are considered to play important roles in future automated payment systems. Like most other types of payment systems, however, credit-based systems proposed so far generally involve computationally expensive cryptographic operations. Such a relatively heavy computational load is preventing credit-based systems from being used in applications which require very fast processing. A typical example is admission-fee payment at the toll gate of an expressway without stopping a vehicle that travels at a high speed. In this article, we propose a very fast credit-based electronic payment protocol for admission-fee payment. More specifically, we propose a payment system between a high-speed vehicle and a toll gate which uses only very simple and fast computations. The proposed system makes use of an optimized Key Pre-distribution System (or KPS) to obtain high resistance against collusion attacks.

A digital signature does not allow any alteration of the document to which it is attached. Appropriate alteration of some signed documents, however, should be allowed because there are security requirements other than that for the integrity of the document. In the disclosure of official information, for example, sensitive information such as personal information or national secrets is masked when an official document is sanitized so that its nonsensitive information can be disclosed when it is demanded by a citizen. If this disclosure is done digitally by using the current digital signature schemes, the citizen cannot verify the disclosed information correctly because the information has been altered to prevent the leakage of sensitive information. That is, with current digital signature schemes, the confidentiality of official information is incompatible with the integrity of that information. This is called the digital document sanitizing problem, and some solutions such as digital document sanitizing schemes and content extraction signatures have been proposed. In this paper, we point out that the conventional digital signature schemes are vulnerable to additional sanitizing attack and show how this vulnerability can be eliminated by using a new digitally signed document sanitizing scheme with disclosure condition control.

Almost all of the current public-key cryptosystems (PKCs) are based on number theory, such as the integer factoring problem and the discrete logarithm problem (which will be solved in polynomial-time after the emergence of quantum computers). While the McEliece PKC is based on another theory, i.e. coding theory, it is vulnerable against several practical attacks. In this paper, we summarize currently known attacks to the McEliece PKC, and then point out that, without any decryption oracles or any partial knowledge on the plaintext of the challenge ciphertext, no polynomial-time algorithm is known for inverting the McEliece PKC whose parameters are carefully chosen. Under the assumption that this inverting problem is hard, we propose a slightly modified version of McEliece PKC that can be proven, in the random oracle model, to be semantically secure against adaptive chosen-ciphertext attacks. Our conversion can achieve the reduction of the redundant data down to 1/3-1/4 compared with the generic conversions for practical parameters.

Channel coding for bandwidth limited channels based on multilevel bit-interleaved channels is discussed in this paper. This coding and decoding structure has the advantage of simplified design, and naturally incorporates flexible and powerful design of unequal error protection (UEP) capabilities, especially over time-varying channels to be often found in mobile radio communications. Multilevel coded modulation with multistage decoding, and bit-interleaved coded modulation are special cases of the proposed general framework. Simulation results verify the usefulness of the system considered.

A novel block coding scheme based on complementary sequences which is capable of both error correction and peak to average power ratio reduction has been proposed for M-ary PSK multicarrier systems. Generator matrices for the number of carriers N = 2k where k = 2,3,...are derived. The effectiveness of the scheme has been confirmed by computer simulations.

An adaptive array antenna can be considered as a useful tool of combating with fading in mobile communications. We can directly obtain the optimal weight coefficients without updating in temporal sampling, if the arrival angles and signal-to-noise ratio (SNR) of the desired and the undesired signals can be accurately estimated. The Maximum Entropy Method (MEM) can estimate the arrival angles, and the SNR from spatially sampled signals by an array antenna more precisely than the Discrete Fourier Transform (DFT). Therefore, this paper proposes and investigates an adaptive array antenna based on spatial spectral estimation using MEM. We call it MEM array. In order to reduce complexity for implementation, we also propose a modified algorithm using temporal updating as well. Furthermore, we propose a method of both improving estimation accuracy and reducing the number of antenna elements. In the method, the arrival angles can be approximately estimated by using temporal sampling instead of spatial sampling. Computer simulations evaluate MEM array in comparison with DFT array and LMS array, and show improvement owing to its modified algorithm and performance of the improved method.

In this paper, we propose a multi-purpose proof system which enables a user remembering only one piece of secret data to perform various proof protocols. These proofs include identity proof, membership proof without disclosing identity, and combined identity and membership proof. When a user participates in a group, he will obtain a secret witness from the group administrator. Many secret witnesses can be combined into one piece of secret data. But the size of the secret data is independent of the number of the groups in which the user participates. Our system satisfies other desirable properties which were not attained by the previously proposed systems.

Unequal error protection (UEP) is a very promising coding technique for satellite broadcasting, as it gradually reduces the transmission rate. From the viewpoint of bandwidth efficiency, UEP should be achieved in the context of multilevel coded modulation. However, the conventional mapping between encoded bits and modulation signals, usually realized for multilevel block modulation codes and multistage decoding, is not very compatible with UEP coding because of the large number of resulting nearest neighbor codewords. In this paper, new coded modulation schemes for UEP based on unconventional partitioning are proposed. A linear operation referred to as interlevel combination is introduced. This operation generalizes previous partitioning proposed for UEP applications and provides additional flexibility with respect to UEP capabilities. The error performance of the proposed codes are evaluated both by computer simulations and a theoretical analysis. The obtained results show that the proposed codes achieve good tradeoff between the proportion and the error performance of each error protection level.

The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over-the-air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The FMS attack can basically be prevented by skipping IVs (Initial Values) used in the attack, but naive skip methods reveal information on the WEP key since most of them depend on the WEP key and the patterns of the skipped IV reveal it. In order to skip IVs safely, the skip patterns must be chosen carefully. In this paper, we review the attack conditions (6) and (7), whose success probability is the highest, 0.05, amongst all known conditions to guess one key-byte from one packet. Then we identify their safe skip patterns.

Geometrically Uniform (GU) codes have been a center of attention because their symmetric properties along with group algebraic structure provide benefits on their design and perfomance evaluation. We have been following a class of GU codes tha we call Strictly Geometrically Uniform (SGU) codes. Our studies had started from devising a way to get SGU trellis codes from Non-SGU (NSGU) constellations. Essentially, SGU multidimensional constellations were derived from an 1- or 2-dimensional NSGU constellations. Some simple good codes were then found, and the novelty is that they rely on symmetries of permutation of channel symbols. Applying the same method to PSK-type constellations, which is SGU, yielded again good codes, along with results regarding their algebraic structure.

Both mutual authentication and generation of session keys can be accomplished by an authenticated key exchange (AKE) protocol. Let us consider the following situation: (1) a client, who communicates with many different servers, remembers only one password and has insecure devices (e.g., mobile phones or PDAs) with very-restricted computing power and built-in memory capacity; (2) the counterpart servers have enormous computing power, but they are not perfectly secure against various attacks (e.g., virus or hackers); (3) neither PKI (Public Key Infrastructures) nor TRM (Tamper-Resistant Modules) is available. The main goal of this paper is to provide security against the leakage of stored secrets as well as to attain high efficiency on client's side. For those, we propose an efficient and leakage-resilient RSA-based AKE (RSA-AKE) protocol suitable for the above situation whose authenticity is based on password and another secret. In the extended model where an adversary is given access to the stored secret of client, we prove that its security of the RSA-AKE protocol is reduced tightly to the RSA one-wayness in the random oracle model. We also show that the RSA-AKE protocol guarantees several security properties (e.g., security of password, multiple sever scenario with only one password, perfect forward secrecy and anonymity). To our best knowledge, the RSA-AKE protocol is the most efficient, in terms of both computation costs of client and communication costs, over the previous AKE protocols of their kind (using password and RSA).

This paper first proposes a fast fingerprint identification method based on a weighted-mean of binary image, and further investigates optimization of the weights. The proposed method uses less computer memory than the conventional pattern matching method, and takes less computation time than both the feature extraction method and the pattern matching method. It is particularly effective on the fingerprints with a small angle of inclination. In order to improve the identification precision of the proposed basic method, three schemes of modifying the proposed basic method are also proposed. The performance of the proposed basic method and its modified schemes is evaluated by theoretical analysis and computer experiment using the fingerprint images recorded from a fingerprint read-in device. The numerical results showed that the proposed method using the modified schemes can improve both the true acceptance rate and the false rejection rate with less memory and complexity in comparison with the conventional pattern matching method and the feature extraction method.

As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

Illegal distribution of signed documents can be considered as one of serious problems of digital signatures. In this paper, to solve the problem, we propose three protocols concerning signature schemes. These schemes achieve not only traceability of an illegal user but also universal verifiability. The first scheme is a basic scheme which can trace an illegal receiver, and the generation and tracing of a signed document are simple and efficient. However, in this scheme, it is assumed that a signer is honest. The second scheme gives another tracing method which does not always assume that a signer is honest. Furthermore, in the method, an illegal user can be traced by an authority itself, hence, it is efficient in terms of communication costs. However, in this scheme it is assumed that there exists only a legal verification algorithm. Thus, in general, this scheme cannot trace a modified signed document which is accepted by a modified verification algorithm. The third one is a scheme which requires no trusted signer and allows a modified verification algorithm. It can trace an illegal receiver or even a signer in such a situation. All of our schemes are constructed by simple combinations of standard signature schemes, consequently, one can flexibly choose suitable building blocks for satisfying requirements for a system.

We propose a scheme for the design of irregular low-density parity-check (LDPC) codes based on Euclidian Geometry using Latin square matrices of random sequence. Our scheme is a deterministic method that allows the easy design of good irregular LDPC codes for any code rate and degree distribution. We optimize the LDPC codes using the Gaussian approximation method. A Euclidean Geometry LDPC code (EG-LDPC) is used as the basis for the construction of an irregular LDPC code. The base EG-LDPC code is extended by splitting rows and columns using a table of Latin square matrices of random sequence to determine the edges along which to split. We provide simulation results for codes constructed in this manner evaluated in terms of bit error rate (BER) performance in AWGN channels. We believe that our scheme is superior in terms of computational requirements and resulting BER performance in comparison to creation of irregular LDPC codes by means of random construction using a search algorithm to exclude cycles of length four.

Computer systems are constantly under attack and illegal access is a constant threat which makes security even more critical. A system can be broken into and secret information, e.g. decryption key, may be exposed, resulting in a total break of the system. Recently, a new framework for the protection against such key exposure problem was suggested and was called, Key-Insulated Encryption (KIE). In our paper, we introduce a novel approach to key insulated cryptosystems that offers provable security without computational assumptions. For the model of Information-Theoretically Secure Key-Insulated Encryption (ISKIE), we show lower bounds on required memory sizes of user, trusted device and sender. Our bounds are all tight as our concrete construction of ISKIE achieves all the bounds. We also extend this concept further by adding an extra property so that any pair of users in the system is able to communicate with each other and still have the same security benefits as the existing KIE based on intractability assumptions. We called this, Dynamic and Mutual Key-Insulated Encryption (DMKIE), and concrete implementations of DMKIE will be shown as well. In the end, we discuss the relationship of DMKIE against Key Predistribution Schemes (KPS) and Broadcast Encryption Schemes (BES), that is, we show that DMKIE can be constructed from either KPS or BES.

In many cryptosystems incorporating human beings, the users' limited memories and their indifference to keeping the systems secure may cause some severe vulnerability of the whole systems. Thus we need more studies on personal entropy, from an information theoretical point of view, to capture the characteristics of human beings as special information sources for cryptosystems. In this paper, we discuss and analyze the use of personal entropy for generating cryptographic keys. In such a case, it is crucially important to precisely evaluate the amount of personal entropy that indicates the actual key length. We propose an advanced key generation scheme based on the conventional graphical passwords proposed in [12]. We improve them to make the most of the secret information extracted in one drawing, i.e., we incorporate the on-line pen pressure and pen inclination information in addition to utilize more secret information. We call the scheme dynamic graphical passwords, and propose a practical construction of them. We also show a precise way of quantifying their entropy, and finally, as an experimental result, we can generate a key of over 110-bit long, using the data of a single drawing. When quantifying their entropy, we need to precisely evaluate the entropy of graphical passwords as well as that of the on-line information of pen movements. We need to precisely evaluate the entropy of graphical passwords by considering the users' biased choices of their graphical passwords. It is expected that they tend to choose their passwords that are memorable as easily as possible, thus we quantify the burden of memorizing each graphical password by the length of its description using a special language based on [12]. We improve the approach in [12] by more directly reflecting how easily each graphical password can be memorized.

In this paper we propose a two-stage address coding scheme to transmit two data symbols at once within a frame in a MFSK/FH-CDMA system. We compare it with the conventional system using single-stage address coding. Assumed that the address codes of all users are known in the receiver. A multiuser detection scheme is applied and the performance is evaluated by computer simulations to show the improvement in bit error rate (BER) compairing to the conventional system. We also investigate the performance of error-correcting coding and decoding in the two-stage address coded MFSK/FH-CDMA system. An erasure decoding scheme is modified for the two-stage address coded system and is utilized to improve spectral efficiency or to increase user capacity in the MFSK/FH-CDMA system. Finally, we investigate a hybrid scheme of combining the multi-user detection scheme and the error-correcting decoding scheme for the two-stage address coded MFSK/FH-CDMA system. The performance is evaluated by computer simulations.