This paper presents the Coloured Petri Net modeling for security analysis of the Extended Role Based Access Control systems.

We consider the performance of hyperelliptic curve cryptosystems over the fields Fp vs. F2n. We analyze the complexity of the group law of the jacobians JC(Fp) and JC(F2n) and compare their performance taking into consideration the effectiveness of the word size (32-bit or 64-bit) of the applied CPU (Alpha and Pentium) on the arithmetic of the definition field. Our experimental results show that JC(F2n) is faster than JC(Fp) on an Alpha, whereas JC(Fp) is faster than JC(F2n) on a Pentium. Moreover, we investigate the algorithm of the jacobian and the definition-field arithmetic to clarify our results from a practical point of view, with theoretical analysis.

In a society preoccupied with gradual erosion of electronic privacy, loss of privacy in the current Domain Name System is an important issue worth considering. In this paper, we first review the DNS and some security & privacy threats to make average users begin to concern about the significance of privacy preservation in DNS protocols. Then, by an careful survey of four noise query generation based existing privacy protection approaches, we analyze some benefits and limitations of these proposals in terms of both related performance evaluation results and theoretic proofs. Finally, we point out some problems that still exist for research community's continuing efforts in the future.

Guess-and-Determine (GD) attacks have recently been proposed for the effective analysis of word-oriented stream ciphers. This paper discusses GD attacks on clock-controlled stream ciphers, which use irregular clocking for a non-linear function. The main focus is the analysis of irregular clocking for GD attacks. We propose GD attacks on a typical clock-controlled stream cipher AA5, and calculate the process complexity of our proposed GD attacks. In the attacks, we assume that the clocking of linear feedback shift registers (LFSRs) is truly random. An important consideration affecting the practicality of these attacks is the question of whether these assumptions are realistic. Because in practice, the clocking is determined by the internal states. We implement miniature ciphers to evaluate the proposed attacks, and show that they are applicable. We also apply the GD attacks to other clock controlled stream ciphers and compare them. Finally, we discuss some properties of GD attacks on clock-controlled stream ciphers and the effectiveness of the clock controllers. Our research results contain information that are useful in the design of clock-controlled stream ciphers.

The distribution of streaming multicast and real time audio/video applications in the Internet has been quickly increased in the Internet. Commonly, these applications rarely use congestion control and do not fairly share provided network capacity with TCP-based applications such as HTTP, FTP and emails. Therefore, Internet communities will be threatened by the increase of non-TCP-based applications that likely cause a significant increase of traffics congestion and starvation. This paper proposes a set of mechanisms, such as providing various data rates, background traffics, and various scenarios, to act friendly with TCP when sending multicast traffics. By using 8 scenarios of simulations, we use 6 layered multicast transmissions with background traffic Pareto with the shape factor 1.5 to evaluate performance metrics such as throughput, delay/latency, jitter, TCP friendliness, packet loss ratio, and convergence time. Our study shows that non TCP traffics behave fairly and respectful of the co-existent TCP-based applications that run on shared link transmissions even with background traffic. Another result shows that the simulation has low values on throughput, vary in jitter (0-10 ms), and packet loss ratio > 3%. It was also difficult to reach convergence time quickly when involving only non TCP traffics.

We consider methods for threshold RSA decryption among distributed agencies without any dealer or trusted party. The first solution is a combination of two techniques by [9] and [7] . It demonstrates the feasibility of combining the distributed key generation and the RSA secure function application. The second solution is another approach making the distributed key distribution simpler and alleviating a burden of each shareholder in comparison with the first scheme. The latter scheme is newly developed technique based on [9] and further inspired by Simmons' protocol-failure of RSA (we believe that it is very interesting that a "protocol failure attack" be turned into a constructive method). Our comparison between these two schemes indicates a new measure of the performance of a distributed cryptographic protocol that consists of multiple stages.

Program analysis techniques have improved steadily over the past several decades, and software obfuscation schemes have come to be used in many commercial programs. A software obfuscation scheme transforms an original program or a binary file into an obfuscated program that is more complicated and difficult to analyze, while preserving its functionality. However, the security of obfuscation schemes has not been properly evaluated. In this paper, we analyze obfuscation schemes in order to clarify the advantages of our scheme, the XOR-encoding scheme. First, we more clearly define five types of attack models that we defined previously, and define quantitative resistance to these attacks. Then, we compare the security, functionality and efficiency of three obfuscation schemes with encoding variables: (1) Sato et al.'s scheme with linear transformation, (2) our previous scheme with affine transformation, and (3) the XOR-encoding scheme. We show that the XOR-encoding scheme is superior with regard to the following two points: (1) the XOR-encoding scheme is more secure against a data-dependency attack and a brute force attack than our previous scheme, and is as secure against an information-collecting attack and an inverse transformation attack as our previous scheme, (2) the XOR-encoding scheme does not restrict the calculable ranges of programs and the loss of efficiency is less than in our previous scheme.

KCipher-2 is a word-oriented stream cipher and an ISO/IEC 18033 standard. It is listed as a CRYPTREC cryptographic algorithm for Japanese governmental use. It consists of two feedback shift registers and a non-linear function. The size of each register in KCipher-2 is 32 bits and the non-linear function mainly applies 32-bit operations. Therefore, it can be efficiently implemented as software. SNOW-family stream ciphers are also word-oriented stream ciphers, and their high performance has already been demonstrated.We propose optimised implementations of KCipher-2 and compare their performance to that of the SNOW-family and other eSTREAM portfolios. The fastest algorithm is SNOW 2.0 and KCipher-2 is the second fastest despite the complicated irregular clocking mechanism. However, KCipher-2 is the fastest of the feasible algorithms, as SNOW 2.0 has been shown to have a security flaw. We also optimise the hardware implementation for the Virtex-5 field-programmable gate array (FPGA) and show two implementations. The first implementation is a rather straightforward optimisation and achieves 16,153 Mbps with 732 slices. In the second implementation, we duplicate the non-linear function using the structural advantage of KCipher-2 and we achieve 17,354 Mbps with 813 slices. Our implementation of KCipher-2 is around three times faster than those of the SNOW-family and efficiency, which is evaluated by “Throughput/Area (Mbps/slice)”, is 3.6-times better than that of SNOW 2.0 and 8.5-times better than that of SNOW 3G. These syntheses are performed using Xilinx ISE version 12.4.

This paper considers the subliminal channel, hidden in an identification scheme, for transferring signatures. We observe the direct parallelization of the Fiat-Shamir identification scheme has a subliminal channel for the transmission of the digital signature. A positive aspect of this hidden channel supplies us how to transfer signatures without secure channels. As a formulation of such application, we introduce a new notion called privately recordable signature. The privately recordable signature is generated in an interactive protocol between a signer and a verifier, and only the verifier can keep the signatures although no third adversary can record the signatures. ln this scheme, then the disclosure of the verifier's private coin turns the signer's signature into the ordinary digital signature which is verified by anybody with the singer's public key. The basic idea of our construction suggests the novel primitive that a transferring securely signatures without secret channels could be constructed using only one-way function (without trapdoor).

Multivariate Public Key Cryptosystems (MPKC) are candidates for post-quantum cryptography. Rainbow is a digital signature scheme in MPKC, whose signature generation and verification are relatively efficient. However, the security of MPKC depends on the difficulty in solving a system of multivariate polynomials, and the key length of MPKC becomes substantially large compared with that of RSA cryptosystems for the same level of security. The size of the secret and public keys in MPKC has been reduced in previous research. The NC-Rainbow is a signature scheme in MPKC, which was proposed in order to reduce the size of secret key of Rainbow. So far, several attacks against NC-Rainbow have been proposed. In this paper, we summarize attacks against NC-Rainbow, containing attacks against the original Rainbow, and analyze the total security of NC-Rainbow. Based on the cryptanalysis, we estimate the security parameter of NC-Rainbow at the several security level.

A novel adaptive reputation-based virtual organization formation is proposed. It restrains the bad performers effectively based on the consideration of the global experience of the evaluator and evaluates the direct trust relation between two grid nodes accurately by consulting the previous trust value rationally. It also consults and improves the reputation evaluation process in PathTrust model by taking account of the inter-organizational trust relationship and combines it with direct and recommended trust in a weighted way, which makes the algorithm more robust against collusion attacks. Additionally, the proposed algorithm considers the perspective of the VO creator and takes required VO services as one of the most important fine-grained evaluation criterion, which makes the algorithm more suitable for constructing VOs in grid environments that include autonomous organizations. Simulation results show that our algorithm restrains the bad performers and resists against fake transaction attacks and badmouth attacks effectively. It provides a clear advantage in the design of a VO infrastructure.

The rapid growth of the Internet provides people with tremendous opportunities for data collection, knowledge discovery and cooperative computation. However, it also brings the problem of sensitive information leakage. Both individuals and enterprises may suffer from the massive data collection and the information retrieval by distrusted parties. In this paper, we propose a privacy-preserving protocol for the distributed kernel density estimation-based clustering. Our scheme applies random data perturbation (RDP) technique and the verifiable secret sharing to solve the security problem of distributed kernel density estimation in [4] which assumed a mediate party to help in the computation.

Oblivious RAM (ORAM) schemes, the concept introduced by Goldreich and Ostrovsky, are very useful technique for protecting users' privacy when storing data in remote untrusted servers and running software on untrusted systems. However they are usually considered impractical due to their huge overhead. In order to reduce overhead, many improvements have been presented. Thanks to these improvements, ORAM schemes can be considered practical on cloud environment where users can expect huge storage and high computational power. Especially for private information retrieval (PIR), some literatures demonstrated they are usable. Also dedicated PIRs have been proposed and shown that they are usable in practice. Yet, they are still impractical for protecting software running on untrusted systems. We first survey recent researches on ORAM and PIR. Then, we present a practical software-based memory protection scheme applicable to several environments. The main feature of our scheme is that it records the history of accesses and uses the history to hide the access pattern. We also address implementing issues of ORAM and propose practical solutions for these issues.

The XTR public key cryptosystem was introduced in 2000. XTR is suitable for a variety of environments including low-end smart cards, and is regarded as an excellent alternative to RSA and ECC. Moreover, it is remarked that XTR single exponentiation (XTR-SE) is less susceptible than usual exponentiation routines to environmental attacks such as the timing attack and the differential power analysis (DPA). This paper investigates the security of side channel attack (SCA) on XTR. In this paper, we show the immunity of XTR-SE against the simple power analysis if the order of the computation of XTR-SE is carefully considered. In addition, we show that XTR-SE is vulnerable to the data-bit DPA, the address-bit DPA, the doubling attack, the modified refined power analysis, and the modified zero-value attack. Moreover, we propose some countermeasures against these attacks. We also show experimental results of the efficiency of the countermeasures. From our implementation results, if we compare XTR with ECC with countermeasures against "SCAs," we think XTR is as suitable to smart cards as ECC.

Recently, the security scheme, proposed by Kempf and Koodli, has been adopted as a security standard for Fast handover for Mobile IPv6. But, it does not prevent denial of service attacks while resulting in high computation cost. More importantly, we find that it is still vulnerable to redirection attacks because it fails to secure the Unsolicited Neighbor Advertisement messages. In this paper, Kempf-Koodli's scheme is formally analyzed through BAN-logic and its weaknesses are demonstrated.