Holonic Manufacturing Systems (HMSs), in which decisions are made through cooperation among holons (autonomous and cooperative manufacturing entities), eliminate various bottlenecks that exist in conventional systems to adapt to high-variety low-volume production. This paper describes the architecture of HMSs. Issues regarding incremental development and dynamic reconfiguration of cooperation mechanisms themselves, and mechanisms for ensuring stable and safe behaviors of HMSs are also discussed with reference to several proposals, with a view to applying the HMS architecture to large and complicated applications.

In Shamir's (k,n)-threshold secret sharing scheme (threshold scheme)[1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k and n are arbitrary. This paper proposes a new fast (k,n)-threshold scheme which uses just EXCLUSIVE-OR(XOR) operations to make n shares and recover the secret from k shares. We prove that every combination of k or more participants can recover the secret, but every group of less than k participants cannot obtain any information about the secret in the proposed scheme. Moreover, the proposed scheme is an ideal secret sharing scheme similar to Shamir's scheme, in which every bit-size of shares equals that of the secret. We also evaluate the efficiency of the scheme, and show that our scheme realizes operations that are much faster than Shamir's.

Shamir's (k,n)-threshold secret sharing scheme (threshold scheme) has two problems: a heavy computational cost is required to make shares and recover the secret, and a large storage capacity is needed to retain all the shares. As a solution to the heavy computational cost problem, several fast threshold schemes have been proposed. On the other hand, threshold ramp secret sharing schemes (ramp scheme) have been proposed in order to reduce each bit-size of shares in Shamir's scheme. However, there is no fast ramp scheme which has both low computational cost and low storage requirements. This paper proposes a new (k,L,n)-threshold ramp secret sharing scheme which uses just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret at a low computational cost. Moreover, by proving that the fast (k,n)-threshold scheme in conjunction with a method to reduce the number of random numbers is an ideal secret sharing scheme, we show that our fast ramp scheme is able to reduce each bit-size of shares by allowing some degradation of security similar to the existing ramp schemes based on Shamir's threshold scheme.

This paper proposes a fast synchronization scheme with a short preamble signal for high data rate wireless LAN systems using orthogonal frequency division multiplexing (OFDM). The proposed OFDM burst format for fast synchronization and the demodulator for the proposed OFDM burst format are described. The demodulator, which offers automatic frequency control and symbol timing detection, enables us to shorten the preamble length to one quarter that of a conventional one. Computer simulation results show that the degradation in required Eb/N0 due to the synchronization scheme is less than 1 dB in a selective Rayleigh fading channel.

Guess-and-Determine (GD) attacks have recently been proposed for the effective analysis of word-oriented stream ciphers. This paper discusses GD attacks on clock-controlled stream ciphers, which use irregular clocking for a non-linear function. The main focus is the analysis of irregular clocking for GD attacks. We propose GD attacks on a typical clock-controlled stream cipher AA5, and calculate the process complexity of our proposed GD attacks. In the attacks, we assume that the clocking of linear feedback shift registers (LFSRs) is truly random. An important consideration affecting the practicality of these attacks is the question of whether these assumptions are realistic. Because in practice, the clocking is determined by the internal states. We implement miniature ciphers to evaluate the proposed attacks, and show that they are applicable. We also apply the GD attacks to other clock controlled stream ciphers and compare them. Finally, we discuss some properties of GD attacks on clock-controlled stream ciphers and the effectiveness of the clock controllers. Our research results contain information that are useful in the design of clock-controlled stream ciphers.

This paper reports on an evaluation result of current obfuscation techniques for Java byte code, such as Collberg's techniques in terms of mutational capability, real-time applicability, and program size increase. We suggest effective obfuscation techniques for random and real-time obfuscation (RR obfuscation). In the evaluation results, the combination of some obfuscation techniques was found to be useful for RR obfuscation, and some obfuscation techniques makes little or no difference after a certain threshold.

Program analysis techniques have improved steadily over the past several decades, and software obfuscation schemes have come to be used in many commercial programs. A software obfuscation scheme transforms an original program or a binary file into an obfuscated program that is more complicated and difficult to analyze, while preserving its functionality. However, the security of obfuscation schemes has not been properly evaluated. In this paper, we analyze obfuscation schemes in order to clarify the advantages of our scheme, the XOR-encoding scheme. First, we more clearly define five types of attack models that we defined previously, and define quantitative resistance to these attacks. Then, we compare the security, functionality and efficiency of three obfuscation schemes with encoding variables: (1) Sato et al.'s scheme with linear transformation, (2) our previous scheme with affine transformation, and (3) the XOR-encoding scheme. We show that the XOR-encoding scheme is superior with regard to the following two points: (1) the XOR-encoding scheme is more secure against a data-dependency attack and a brute force attack than our previous scheme, and is as secure against an information-collecting attack and an inverse transformation attack as our previous scheme, (2) the XOR-encoding scheme does not restrict the calculable ranges of programs and the loss of efficiency is less than in our previous scheme.

KCipher-2 is a word-oriented stream cipher and an ISO/IEC 18033 standard. It is listed as a CRYPTREC cryptographic algorithm for Japanese governmental use. It consists of two feedback shift registers and a non-linear function. The size of each register in KCipher-2 is 32 bits and the non-linear function mainly applies 32-bit operations. Therefore, it can be efficiently implemented as software. SNOW-family stream ciphers are also word-oriented stream ciphers, and their high performance has already been demonstrated.We propose optimised implementations of KCipher-2 and compare their performance to that of the SNOW-family and other eSTREAM portfolios. The fastest algorithm is SNOW 2.0 and KCipher-2 is the second fastest despite the complicated irregular clocking mechanism. However, KCipher-2 is the fastest of the feasible algorithms, as SNOW 2.0 has been shown to have a security flaw. We also optimise the hardware implementation for the Virtex-5 field-programmable gate array (FPGA) and show two implementations. The first implementation is a rather straightforward optimisation and achieves 16,153 Mbps with 732 slices. In the second implementation, we duplicate the non-linear function using the structural advantage of KCipher-2 and we achieve 17,354 Mbps with 813 slices. Our implementation of KCipher-2 is around three times faster than those of the SNOW-family and efficiency, which is evaluated by “Throughput/Area (Mbps/slice)”, is 3.6-times better than that of SNOW 2.0 and 8.5-times better than that of SNOW 3G. These syntheses are performed using Xilinx ISE version 12.4.

Given the tremendous growth in the cellular phone system and the Personal Hadny-phone System (PHS), it is to be expected that demands for mobile computing using those wireless infrastructures, that is mobile computer access, will dramatically increase. This paper describes high-quality and high-speed data transmission technology for PHS mobile computing and current PHS data transmission standardization activities. Furthermore, wireless agent communication and a service example are presented together with the concept of background communication for the coming wireless multimedia services.

In order to introduce new routing functionality without changing the Internet infrastructure, many routing overlays have been proposed in recent years. Although such overlays allow us to dynamically and flexibly form various types of networks, the current host name resolution mechanism used in the Internet, i.e. DNS, cannot provide us such flexibility in host name referencing because of its delegation-based administration scheme of domain names. And also, it cannot provide us security because of the lack of wide deployment of its security extension, DNSSEC. In this paper, we propose a generic framework for secure and flexible host name resolution infrastructure that can be shared among many routing overlays. In contrast to DNS with which users are forced to use the domain name space managed by IANA/ICANN, our framework separates the name resolution mechanism from the name spaces it handles, which allows users to choose whatever name space they think appropriate for the identity scheme of their overlay-networking community. This realizes decentralized management of domain names and gives users freedom in domain name acquisition. The basic idea to achieve this is to use a cryptographically generated identifier (i.e. a hash of a public key) as a reference to an administrative domain of overlay networking hosts and allow the owner of the domain to securely publish host information using the corresponding private key. We show that a referencing mechanism for such host information can be easily implemented by using distributed hash tables (DHTs), and then show how such "semantic-free" references to domains can be linked to existing identity scheme in order to allow "human-friendly" referencing.

This paper proposes a new MAC protocol and physical channel control schemes for TDMA-TDD multi-slot packet channel. The goal of this study is to support both circuit-switched and packet-switched communications on the same resources and to enable high-speed packet transmission using a multi-slot packet channel. In the proposed channel control schemes, three points are taken into account; 1) effective sharing of time slots and frequencies with minimum impact on circuit communications, 2) compatibility with the existing access protocol and equipment, and 3) dynamic allocation of uplink and downlink slots. As for the MAC protocol, we adopt BRS (Block Reservation Scheme) and adaptive access control scheme to the proposed MAC protocol. In addition, to overcome the inherent disadvantage of TDD channels, packet scheduling and access randomizing control are newly proposed in this paper. The results of throughput and delay evaluations confirm that downlink capacity can be drastically enhanced by the dynamic allocation of uplink and downlink slots while corruption under heavy traffic loads is prevented by applying the adaptive traffic load control scheme.

This paper proposes a simulation framework suitable for holonic manufacturing systems, or HMS, based on the concept of distributed self-simulation. HMS is a distributed system that comprises autonomous and cooperative elements called holons, for the flexible and agile manufacturing. The simulation framework proposed here capitalizes on this distributed nature, where each holon functions similar to an independent simulator with self-simulation capabilities to maintain its own clock, handle events, and detect inter-holon state inconsistencies and perform rollback actions. This paper discusses the detailed architecture and design issues of such a simulator and reports on the results of a prototype.

Password-based authenticated key exchange protocols are more convenient and practical, since users employ human-memorable passwords that are simpler to remember than cryptographic secret keys or public/private keys. Abdalla, Fouque, and Pointcheval proposed the password-based authenticated key exchange protocol in a 3-party model (GPAKE) in which clients trying to establish a secret do not share a password between themselves but only with a trusted server. On the other hand, Canetti presented a general framework, which is called universally composable (UC) framework, for representing cryptographic protocols and analyzing their security. In this framework, the security of protocols is maintained under a general protocol composition operation called universal composition. Canetti also proved a UC composition theorem, which states that the definition of UC-security achieves the goal of concurrent general composition. A server must manage all the passwords of clients when the 3-party password-based authenticated key exchange protocols are realized in large-scale networks. In order to resolve this problem, we propose a hierarchical hybrid authenticated key exchange protocol (H2AKE). In H2AKE, forwarding servers are located between each client and a distribution server, and the distribution server sends the client an authentication key via the forwarding servers. In H2AKE, public/private keys are used between servers, while passwords are also used between clients and forwarding servers. Thus, in H2AKE, the load on the distribution server can be distributed to the forwarding servers concerning password management. In this paper, we define hierarchical hybrid authenticated key exchange functionality. H2AKE is the universal form of the hierarchical (hybrid) authenticated key exchange protocol, which includes a 3-party model, and it has the characteristic that the construction of the protocol can flexibly change according to the situation. We also prove that H2AKE is secure in the UC framework with the security-preserving composition property.

Applying ARQ to real time video communication can significantly increase transmission delay due its retransmission operations. We analyze this delay and propose an adaptive error control scheme that uses acknowledgment from the receiver to reduce the delay. We evaluate this scheme using a computer simulation and show that the proposed scheme can reduce the delay by controlling the amount of video data by changing the quantization step size and video frame skipping. It also offers acceptable video quality as confirmed by a subjective evaluation test.

This paper describes the performance of a video communication system over mobile radio channels. Mobile channel quality changes rapidly due to various factors. When compressed video data is transmitted through these channels, it is indispensable to employ an error control scheme because reconstructed video quality is seriously degraded by channel error. To control this error, an automatic repeat request (ARQ) scheme is often employed, however, this incurs a cost. The benefit of a non-degraded reconstructed video sequence is offset by the transmission delay due to ARQ retransmission. We apply to a video communication system a selective-repeat ARQ which is combined with the coding control scheme to reduce the transmission delay. We evaluate the quality of the reconstructed video sequence and transmission delay using computer simulations and make clear its applicability over Rayleigh and Nakagami-Rican fading channels and intersymbol interference.

Privacy remains an issue for IT services. Users are concerned that their history of service use may be traceable since each user is assigned a single identifier as a means of authentication. In this paper, we propose a perfectly anonymous attribute authentication scheme that is both unidentifiable and untraceable. Then, we present the evaluation results of a prototype system using a PC and mobile phone with the scheme. The proposed scheme employs a self-blindable certificate that a user can change randomly; thus the certificate is modified for each authentication, and the authentication scheme is unidentifiable and untraceable. Furthermore, our scheme can revoke self-blindable certificates without leaks of confidential private information and check the revocation status without online access.

This paper proposes a ternary subset difference method (SD method) that is resistant to coalition attacks. In order to realize a secure ternary SD method, we design a new cover-finding algorithm, label assignment algorithm and encryption algorithm. These algorithms are required to revoke one or two subtrees simultaneously while maintaining resistance against coalition attacks. We realize this two-way revocation mechanism by creatively using labels and hashed labels. Then, we evaluate the efficiency and security of the ternary SD method. We show that the number of labels on each client device can be reduced by about 20.4 percent. The simulation results show that the proposed scheme reduces the average header length by up to 15.0 percent in case where the total number of devices is 65,536. On the other hand, the computational cost imposed on a client device stays within O(log n). Finally, we prove that the ternary SD method is secure against coalition attacks.

In elevator-group control, the average number of running cars should be finely adjusted by the dynamically controlling the number of running cars (DCNRC). Traffic demand in an office building varies throughout the day. In this paper, we propose a new energy-saving method for elevator-group control that adjusts the number of running cars according to the traffic demand, simulate the proposed energy-saving method under nearly real traffic demand conditions of an office building, and reduce the daily energy consumption to the target level after several days.

Pairing based cryptosystems can accomplish novel security applications such as ID-based cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptosystems is relatively slow compared with the other conventional public key cryptosystems. However, several efficient algorithms for computing the pairing have been proposed, namely Duursma-Lee algorithm and its variant ηT pairing. In this paper, we present an efficient implementation of the pairing over some mobilephones. Moreover, we compare the processing speed of the pairing with that of the other standard public key cryptosystems, i.e. RSA cryptosystem and elliptic curve cryptosystem. Indeed the processing speed of our implementation in ARM9 processors on BREW achieves under 100 milliseconds using the supersingular curve over F397. In addition, the pairing is more efficient than the other public key cryptosystems, and the pairing can be achieved enough also on BREW mobilephones. It has become efficient enough to implement security applications, such as short signature, ID-based cryptosystems or broadcast encryption, using the pairing on BREW mobilephones.