Yoshiaki SHIRAISHI Kenta NOMURA Masami MOHRI Takeru NARUSE Masakatu MORII
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for data access control on cloud storage systems. In ABE, to revoke users' attributes, it is necessary to make them unable to decrypt ciphertexts. Some CP-ABE schemes for efficient attribute revocation have been proposed. However, they have not been given a formal security proof against a revoked user, that is, whether they satisfy forward secrecy has not been shown or they just do not achieve fine-grained access control of shared data. We propose an attribute revocable attribute-based encryption with the forward secrecy for fine-grained access control of shared data. The proposed scheme can use both “AND” and “OR” policy and is IND-CPA secure under the Decisional Parallel Bilinear Diffie-Hellman Exponent assumption in the standard model.
Kenta NOMURA Masami MOHRI Yoshiaki SHIRAISHI Masakatu MORII
Internet of Things (IoT) has been widely applied in various fields. IoT data can also be put to cloud, but there are still concerns regarding security and privacy. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is attracted attention in cloud storage as a suitable encryption scheme for confidential data share and transmission. In CP-ABE, the secret key of a user is associated with a set of attributes; when attributes satisfy the access structure, the ciphertext is able to be decrypted. It is necessary that multiple authorities issue and manage secret keys independently. Authorities that generate the secret key can be regarded as managing the attributes of a user in CP-ABE. CP-ABE schemes that have multiple authorities have been proposed. The other hand, it should consider that a user's operation at the terminals is not necessary when a user drop an attribute and key is updated and the design of the communication system is a simple. In this paper, we propose CP-ABE scheme that have multiple key authorities and can revoke attribute immediately with no updating user's secret key for attribute revocation. In addition, the length of ciphertext is fixed. The proposed scheme is IND-CPA secure in DBDH assumption under the standard model. We compare the proposed scheme and the other CP-ABE schemes and show that the proposed scheme is more suitable for cloud storage.
Yoshiaki SHIRAISHI Masanori HIROTOMO Masami MOHRI Taisuke YAMAMOTO
The application of Intelligent Transport Systems (ITS) transmits data with road-to-vehicle communication (RVC) and inter-vehicle communication (IVC). Digital signature is essential to provide security for RVC and IVC. The public key certificate is used to verify that a public key belongs to an individual prover such as user or terminal. A certificate revocation list (CRL) is used for verifying validity of the public key certificate. A certificate authority (CA) publishes a CRL and distributes it to vehicles. CRL distribution traffic disturbs ITS application traffic because of sharing wireless channel between them. To distribute it on low bit rate will help to ease the disturbance. Although multiplex transmitting is effective in reliable communication, a duplication of received packets is waste of bandwidth as a consequence. This paper proposes a CRL distribution scheme based on random network coding which can reduce duplicate packets. The simulation results show that the number of duplicate packets of the proposed scheme is less than that of a simple error correction (EC)-based scheme and the proposed one can distribute CRL to more vehicles than EC-based ones.
Haiyan TIAN Yoshiaki SHIRAISHI Masami MOHRI Masakatu MORII
Dedicated Short Range Communication (DSRC) is currently standardized as a leading technology for the implementation of Vehicular Networks. Non-safety application in DSRC is emerging beyond the initial safety application. However, it suffers from a typical issue of low data delivery ratio in urban environments, where static and moving obstacles block or attenuate the radio propagation, as well as other technical issues such as temporal-spatial restriction, capital cost for infrastructure deployments and limited radio coverage range. On the other hand, Content-Centric Networking (CCN) advocates ubiquitous in-network caching to enhance content distribution. The major characteristics of CCN are compatible with the requirements of vehicular networks so that CCN could be available by vehicular networks. In this paper, we propose a CCN-based vehicle-to-vehicle (V2V) communication scheme on the top of DSRC standard for content dissemination, while demonstrate its feasibility by analyzing the frame format of Beacon and WAVE service advertisement (WSA) messages of DSRC specifications. The simulation-based validations derived from our software platform with OMNeT++, Veins and SUMO in realistic traffic environments are supplied to evaluate the proposed scheme. We expect our research could provide references for future more substantial revision of DSRC standardization for CCN-based V2V communication.
Toshiki TSUCHIDA Makoto TAKITA Yoshiaki SHIRAISHI Masami MOHRI Yasuhiro TAKANO Masakatu MORII
In the context of Cyber-Physical System (CPS), analyzing the real world data accumulated in cyberspace would improve the efficiency and productivity of various social systems. Towards establishing data-driven society, it is desired to share data safely and smoothly among multiple services. In this paper, we propose a scheme that services authenticate users using information registered on a blockchain. We show that the proposed scheme has resistance to tampering and a spoofing attack.
Shunta NAKAGAWA Tatsuya NAGAI Hideaki KANEHARA Keisuke FURUMOTO Makoto TAKITA Yoshiaki SHIRAISHI Takeshi TAKAHASHI Masami MOHRI Yasuhiro TAKANO Masakatu MORII
System administrators and security officials of an organization need to deal with vulnerable IT assets, especially those with severe vulnerabilities, to minimize the risk of these vulnerabilities being exploited. The Common Vulnerability Scoring System (CVSS) can be used as a means to calculate the severity score of vulnerabilities, but it currently requires human operators to choose input values. A word-level Convolutional Neural Network (CNN) has been proposed to estimate the input parameters of CVSS and derive the severity score of vulnerability notes, but its accuracy needs to be improved further. In this paper, we propose a character-level CNN for estimating the severity scores. Experiments show that the proposed scheme outperforms conventional one in terms of accuracy and how errors occur.
Tatsuya NAGAI Masaki KAMIZONO Yoshiaki SHIRAISHI Kelin XIA Masami MOHRI Yasuhiro TAKANO Masakatu MORII
Epidemic cyber incidents are caused by malicious websites using exploit kits. The exploit kit facilitate attackers to perform the drive-by download (DBD) attack. However, it is reported that malicious websites using an exploit kit have similarity in their website structure (WS)-trees. Hence, malicious website identification techniques leveraging WS-trees have been studied, where the WS-trees can be estimated from HTTP traffic data. Nevertheless, the defensive component of the exploit kit prevents us from capturing the WS-tree perfectly. This paper shows, hence, a new WS-tree construction procedure by using the fact that a DBD attack happens in a certain duration. This paper proposes, moreover, a new malicious website identification technique by clustering the WS-tree of the exploit kits. Experiment results assuming the D3M dataset verify that the proposed technique identifies exploit kits with a reasonable accuracy even when HTTP traffic from the malicious sites are partially lost.
Kenta NOMURA Yuta TAKATA Hiroshi KUMAGAI Masaki KAMIZONO Yoshiaki SHIRAISHI Masami MOHRI Masakatu MORII
The proliferation of coronavirus disease (COVID-19) has prompted changes in business models. To ensure a successful transition to non-face-to-face and electronic communication, the authenticity of data and the trustworthiness of communication partners are essential. Trust services provide a mechanism for preventing data falsification and spoofing. To develop a trust service, the characteristics of the service and the scope of its use need to be determined, and the relevant legal systems must be investigated. Preparing a document to meet trust service provider requirements may incur significant expenses. This study focuses on electronic signatures, proposes criteria for classification, classifies actual documents based on these criteria, and opens a discussion. A case study illustrates how trusted service providers search a document highlighting areas that require approval. The classification table in this paper may prove advantageous at the outset when business decisions are uncertain, and there is no clear starting point.
Thin Tharaphe THEIN Yoshiaki SHIRAISHI Masakatu MORII
With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.
Thin Tharaphe THEIN Yoshiaki SHIRAISHI Masakatu MORII
Different types of malicious attacks have been increasing simultaneously and have become a serious issue for cybersecurity. Most attacks leverage domain URLs as an attack communications medium and compromise users into a victim of phishing or spam. We take advantage of machine learning methods to detect the maliciousness of a domain automatically using three features: DNS-based, lexical, and semantic features. The proposed approach exhibits high performance even with a small training dataset. The experimental results demonstrate that the proposed scheme achieves an approximate accuracy of 0.927 when using a random forest classifier.
Shohei KAKEI Hiroaki SEKO Yoshiaki SHIRAISHI Shoichi SAITO
This paper first takes IoT as an example to provide the motivation for eliminating the single point of trust (SPOT) in a CA-based private PKI. It then describes a distributed public key certificate-issuing infrastructure that eliminates the SPOT and its limitation derived from generating signing keys. Finally, it proposes a method to address its limitation by all certificate issuers.
Daiki ITO Kenta NOMURA Masaki KAMIZONO Yoshiaki SHIRAISHI Yasuhiro TAKANO Masami MOHRI Masakatu MORII
Cyber attacks targeting specific victims use multiple intrusion routes and various attack methods. In order to combat such diversified cyber attacks, Threat Intelligence is attracting attention. Attack activities, vulnerability information and other threat information are gathered, analyzed and organized in threat intelligence and it enables organizations to understand their risks. Integrated analysis of the threat information is needed to compose the threat intelligence. Threat information can be found in incident reports published by security vendors. However, it is difficult to analyze and compare their reports because they are described in various formats defined by each vendor. Therefore, in this paper, we apply a modeling framework for analyzing and deriving the relevance of the reports from the views of similarity and relation between the models. This paper presents the procedures of modeling incident information described in the reports. Moreover, as case studies, we apply the modeling method to some actual incident reports and compare their models.
Youji FUKUTA Yoshiaki SHIRAISHI Masakatu MORII
A nonlinear combiner random number generator is a general keystream generator for certain stream ciphers. The generator is composed of several linear feedback shift registers and a nonlinear function; the output is used as a keystream. A fast correlation attack is a typical attack for such keystream generators. Mihaljevi, Fossorier, and Imai have proposed an improved fast correlation attack. The attack is based on error correction of information bits only in the corresponding binary linear block code; APP threshold decoding is employed for the error correction procedure. In this letter, we propose a method which improves the success rate of their attacks with similar complexity. The method adds some intentional error to original parity check equations. Those equations are then used in APP threshold decoding.
Shohei KAKEI Masami MOHRI Yoshiaki SHIRAISHI Masakatu MORII
TPM-embedded devices can be used as authentication tokens by issuing certificates to signing keys generated by TPM. TPM generates Attestation Identity Key (AIK) and Binding Key (BK) that are RSA keys. AIK is used to identify TPM. BK is used to encrypt data so that specific TPM can decrypt it. TPM can use for device authentication by linking a SSL client certificate to TPM. This paper proposes a method of an AIK certificate issuance with OpenID and a method of the SSL client certificate issuance to specific TPM using AIK and BK. In addition, the paper shows how to implement device authentication system using the SSL client certificate related to TPM.
Kenta NOMURA Masami MOHRI Yoshiaki SHIRAISHI Masakatu MORII
We focus on the construction of the digital signature scheme for local broadcast, which allows the devices with limited resources to securely transmit broadcast message. A multi-group authentication scheme that enables a node to authenticate its membership in multi verifiers by the sum of the secret keys has been proposed for limited resources. This paper presents a transformation which converts a multi-group authentication into a multi-group signature scheme. We show that the multi-group signature scheme converted by our transformation is existentially unforgeable against chosen message attacks (EUF-CMA secure) in the random oracle model if the multi-group authentication scheme is secure against impersonation under passive attacks (IMP-PA secure). In the multi-group signature scheme, a sender can sign a message by the secret keys which multiple certification authorities issue and the signature can validate the authenticity and integrity of the message to multiple verifiers. As a specific configuration example, we show the example in which the multi-group signature scheme by converting an error correcting code-based multi-group authentication scheme.
Toshihiro OHIGASHI Yoshiaki SHIRAISHI Masakatu MORII
In a key scheduling algorithm (KSA) of stream ciphers, a secret key is expanded into a large initial state. An internal state reconstruction method is known as a general attack against stream ciphers; it recovers the initial state from a given pair of plaintext and ciphertext more efficiently than exhaustive key search. If the method succeeds, then it is desirable that the inverse of KSA is infeasible in order to avoid the leakage of the secret key information. This paper shows that it is easy to compute a secret key from an initial state of RC4. We propose a method to recover an -bit secret key from only the first bits of the initial state of RC4 using linear equations with the time complexity less than that of one execution of KSA. It can recover the secret keys of which number is 2103.6 when the size of the secret key is 128 bits. That is, the 128-bit secret key can be recovered with a high probability when the first 128 bits of the initial state are determined using the internal state reconstruction method.
Haruka ITO Masanori HIROTOMO Youji FUKUTA Masami MOHRI Yoshiaki SHIRAISHI
Recently, IoT compatible products have been popular, and various kinds of things are IoT compliant products. In these devices, cryptosystems and authentication are not treated properly, and security measures for IoT devices are not sufficient. Requirements of authentication for IoT devices are power saving and one-to-many communication. In this paper, we propose a zero-knowledge identification scheme using LDPC codes. In the proposed scheme, the zero-knowledge identification scheme that relies on the binary syndrome decoding problem is improved and the computational cost of identification is reduced by using the sparse parity-check matrix of the LDPC codes. In addition, the security level, computational cost and safety of the proposed scheme are discussed in detail.
Yoshiaki SHIRAISHI Toshihiro OHIGASHI Masakatu MORII
Knudsen et al. proposed an efficient method based on a tree-search algorithm with recursive process for reconstructing the internal state of RC4 stream cipher. However, the method becomes infeasible for word size n > 5 because its time complexity to reconstruct the internal state is too large. This letter proposes a more efficient method than theirs. Our method can reconstruct the internal state by using the pre-known internal-state entries, which are fewer than their method.
Yoshiaki SHIRAISHI Masaki KAMIZONO Masanori HIROTOMO Masami MOHRI
In the case of drive-by download attacks, most malicious web sites identify the software environment of the clients and change their behavior. Then we cannot always obtain sufficient information appropriate to the client organization by automatic dynamic analysis in open services. It is required to prepare for expected incidents caused by re-accessing same malicious web sites from the other client in the organization. To authors' knowledge, there is no study of utilizing analysis results of malicious web sites for digital forensic on the incident and hedging the risk of expected incident in the organization. In this paper, we propose a system for evaluating the impact of accessing malicious web sites by using the results of multi-environment analysis. Furthermore, we report the results of evaluating malicious web sites by the multi-environment analysis system, and show how to utilize analysis results for forensic analysis and risk hedge based on actual cases of analyzing malicious web sites.