1-9hit |
Kazuaki UEDA Kenji YOKOTA Jun KURIHARA Atsushi TAGAMI
Information-Centric Networking (ICN) can offer rich functionalities to the network, e.g, in-network caching, and name-based forwarding. Incremental deployment of ICN is a key challenge that enable smooth migration from current IP network to ICN. We can say that Network Function Virtualization (NFV) must be one of the key technologies to achieve this deployment because of its flexibility to support new network functions. However, when we consider the ICN deployment with NFV, there exist two performance issues, processing delay of name-based forwarding and computational overhead of virtual machine. In this paper we proposed a NFV infrastructure-assisted ICN packet forwarding by integrating the name look-up to the Open vSwitch. The contributions are twofold: 1) First, we provide the novel name look-up scheme that can forward ICN packets without costly longest prefix match searching. 2) Second, we design the ICN packet forwarding scheme that integrates the partial name look-up into the virtualization infrastructure to mitigate computation overhead.
Jun KURIHARA Tomohiko UYEMATSU Ryutaroh MATSUMOTO
This paper precisely characterizes secret sharing schemes based on arbitrary linear codes by using the relative dimension/length profile (RDLP) and the relative generalized Hamming weight (RGHW). We first describe the equivocation Δm of the secret vector
Jun KURIHARA Kenji YOKOTA Atsushi TAGAMI
Content-centric networking (CCN) is an emerging networking architecture that is being actively investigated in both the research and industrial communities. In the latest version of CCN, a large number of interests have to be issued when large content is retrieved. Since CCN routers have to search several tables for each incoming interest, this could cause a serious problem of router workload. In order to solve this problem, this paper introduces a novel strategy of “grouping” multiple interests with common information and “packing” them to a special interest called the list interest. Our list interest is designed to co-operate with the manifest of CCN as its dual. This paper demonstrates that by skipping and terminating several search steps using the common information in the list interest, the router can search its tables for the list interest-based request with dramatically smaller complexity than the case of the standard interest-based request. Furthermore, we also consider the deployment of list interests and design a novel TCP-like congestion control method for list interests to employ them just like standard interests.
Jun KURIHARA Toru NAKAMURA Ryu WATANABE
This paper investigates an adversarial model in the scenario of private information retrieval (PIR) from n coded storage servers, called Byzantine adversary. The Byzantine adversary is defined as the one altering b server responses and erasing u server responses to a user's query. In this paper, two types of Byzantine adversaries are considered; 1) the classic omniscient type that has the full knowledge on n servers as considered in existing literature, and 2) the reasonable limited-knowledge type that has information on only b+u servers, i.e., servers under the adversary's control. For these two types, this paper reveals that the resistance of a PIR scheme, i.e., the condition of b and u to correctly obtain the desired message, can be expressed in terms of a code parameter called the coset distance of linear codes employed in the scheme. For the omniscient type, the derived condition expressed by the coset distance is tighter and more precise than the estimation of the resistance by the minimum Hamming weight of the codes considered in existing researches. Furthermore, this paper also clarifies that if the adversary is limited-knowledge, the resistance of a PIR scheme could exceed that for the case of the omniscient type. Namely, PIR schemes can increase their resistance to Byzantine adversaries by allowing the limitation on adversary's knowledge.
Jun KURIHARA Tomohiko UYEMATSU
This paper presents a novel technique to realize Karnin et al.'s (k,n)-threshold schemes over binary field extensions as a software. Our realization uses the matrix representation of finite fields and matrix-vector multiplications, and enables rapid operations in software implementation. The theoretical evaluation and computer simulation reveal that our realization of Karnin et al.'s scheme achieves much faster processing time than the ordinary symbol oriented realization of the scheme. Further, we show that our realization has comparable performance to the existing exclusive-OR-based fast schemes of Fujii et al. and Kurihara et al.
Jun KURIHARA Shinsaku KIYOMOTO Kazuhide FUKUSHIMA Toshiaki TANAKA
In Shamir's (k,n)-threshold secret sharing scheme [1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k ≥ 3 and n is arbitrary. This paper proposes a new fast (3,n)-threshold scheme by using just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret, which is an ideal secret sharing scheme similar to Shamir's scheme. Furthermore, we evaluate the efficiency of the scheme, and show that it is more efficient than Shamir's in terms of computational cost. Moreover, we suggest a fast (k,n)-threshold scheme can be constructed in a similar way by increasing the sets of random numbers constructing pieces of shares.
Jun KURIHARA Shinsaku KIYOMOTO Kazuhide FUKUSHIMA Toshiaki TANAKA
In Shamir's (k,n)-threshold secret sharing scheme (threshold scheme)[1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k and n are arbitrary. This paper proposes a new fast (k,n)-threshold scheme which uses just EXCLUSIVE-OR(XOR) operations to make n shares and recover the secret from k shares. We prove that every combination of k or more participants can recover the secret, but every group of less than k participants cannot obtain any information about the secret in the proposed scheme. Moreover, the proposed scheme is an ideal secret sharing scheme similar to Shamir's scheme, in which every bit-size of shares equals that of the secret. We also evaluate the efficiency of the scheme, and show that our scheme realizes operations that are much faster than Shamir's.
Jun KURIHARA Shinsaku KIYOMOTO Kazuhide FUKUSHIMA Toshiaki TANAKA
Shamir's (k,n)-threshold secret sharing scheme (threshold scheme) has two problems: a heavy computational cost is required to make shares and recover the secret, and a large storage capacity is needed to retain all the shares. As a solution to the heavy computational cost problem, several fast threshold schemes have been proposed. On the other hand, threshold ramp secret sharing schemes (ramp scheme) have been proposed in order to reduce each bit-size of shares in Shamir's scheme. However, there is no fast ramp scheme which has both low computational cost and low storage requirements. This paper proposes a new (k,L,n)-threshold ramp secret sharing scheme which uses just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret at a low computational cost. Moreover, by proving that the fast (k,n)-threshold scheme in conjunction with a method to reduce the number of random numbers is an ideal secret sharing scheme, we show that our fast ramp scheme is able to reduce each bit-size of shares by allowing some degradation of security similar to the existing ramp schemes based on Shamir's threshold scheme.
Yuji KOIKE Takuya HAYASHI Jun KURIHARA Takanori ISOBE
Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and Trusted Platform Module (TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.