A fully analog pipelined deep neural network (DNN) accelerator is proposed, which is constructed by using pipeline registers based on master-slave switched capacitors. The idea of the master-slave switched capacitors is an analog equivalent of the delayed flip-flop (D-FF) which has been used as a digital pipeline register. To estimate the performance of the pipeline register, it is applied to a conventional DNN which performs non-pipeline operation. Compared with the conventional DNN, the cycle time is reduced by 61.5% and data rate is increased by 160%. The accuracy reaches 99.6% in MNIST classification test. The energy consumption per classification is reduced by 88.2% to 0.128µJ, achieving an energy efficiency of 1.05TOPS/W and a throughput of 0.538TOPS in 180nm technology node.
Koichi MAEZAWA Umer FAROOQ Masayuki MORI
A novel displacement sensor was proposed based on a frequency delta-sigma modulator (FDSM) employing a microwave oscillator. To demonstrate basic operation, we fabricated a stylus surface profiler using a cylindrical cavity resonator, where one end of the cavity is replaced by a thin metal diaphragm with a stylus probe tip. Good surface profile was successfully obtained with this device. A 10 nm depth trench was clearly observed together with a 10 µm trench in a single scan without gain control. This result clearly demonstrates an extremely wide dynamic range of the FDSM displacement sensors.
Kosuke MURAKAMI Takahiro KASAMA Daisuke INOUE
Since the outbreak of IoT malware “Mirai,” several incidents have occurred in which IoT devices have been infected with malware. The malware targets IoT devices whose Telnet and SSH services are accessible from the Internet and whose ID/Password settings are not strong enough. Several IoT malware families, including Mirai, are also known that restrict access to Telnet and other services to keep the devices from being infected by other malware after infection. However, tens of thousands of devices in Japan can be still accessed Telnet services over the Internet according to network scan results. Does this imply that these devices can avoid malware infection by setting strong enough passwords, and thus cannot be used as a stepping stone for cyber attacks? In February 2019, we initiated the National Operation Toward IoT Clean Environment (NOTICE) project in Japan to investigate IoT devices with weak credentials and notify the device users. In this study, we analyze the results of the NOTICE project from February 2021 to May 2021 and the results of the large-scale darknet monitoring to reveal whether IoT devices with weak credentials are infected with malware or not. Moreover, we analyze the IoT devices with weak credentials to find out the factors that prevent these devices from being infected with malware and to assess the risk of abuse for cyber attacks. From the results of the analysis, it is discovered that approximately 2,000 devices can be easily logged in using weak credentials in one month in Japan. We also clarify that no device are infected with Mirai and its variants malware due to lack of functions used for malware infection excluding only one host. Finally, even the devices which are logged in by NOTICE project are not infected with Mirai, we find that at least 80% and 93% of the devices can execute arbitrary scripts and can send packets to arbitrary destinations respectively.
Hiroki KUZUNO Toshihiro YAMAUCHI
Memory corruption can modify the kernel data of an operating system kernel through exploiting kernel vulnerabilities that allow privilege escalation and defeats security mechanisms. To prevent memory corruption, the several security mechanisms are proposed. Kernel address space layout randomization randomizes the virtual address layout of the kernel. The kernel control flow integrity verifies the order of invoking kernel codes. The additional kernel observer focuses on the unintended privilege modifications. However, illegal writing of kernel data is not prevented by these existing security mechanisms. Therefore, an adversary can achieve the privilege escalation and the defeat of security mechanisms. This study proposes a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes and the writing of kernel data related to the mandatory access control. These are dynamically restricted during the invocation of specific system calls and the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. The evaluation results indicate the possibility of preventing the illegal writing of kernel data. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1ns to 1347.9ns. Additionally, the KDPM requires 137 to 176 instructions for its implementations.
Tomohiko YANO Hiroki KUZUNO Kenichi MAGATA
Information leakage is a significant threat to organizations, and effective measures are required to protect information assets. As confidential files can be leaked through various paths, a countermeasure is necessary to prevent information leakage from various paths, from simple drag-and-drop movements to complex transformations such as encryption and encoding. However, existing methods are difficult to take countermeasures depending on the information leakage paths. Furthermore, it is also necessary to create a visualization format that can find information leakage easily and a method that can remove unnecessary parts while leaving the necessary parts of information leakage to improve visibility. This paper proposes a new information leakage countermeasure method that incorporates file tracking and visualization. The file tracking component recursively extracts all events related to confidential files. Therefore, tracking is possible even when data have transformed significantly from the original file. The visualization component represents the results of file tracking as a network graph. This allows security administrators to find information leakage even if a file is transformed through multiple events. Furthermore, by pruning the network graph using the frequency of past events, the indicators of information leakage can be more easily found by security administrators. In experiments conducted, network graphs were generated for two information leakage scenarios in which files were moved and copied. The visualization results were obtained according to the scenarios, and the network graph was pruned to reduce vertices by 17.6% and edges by 10.9%.
With the rise of social network service (SNS) in recent years, the security of SNS users' private information has been a concern for the public. However, due to the anonymity of SNS, identity impersonation is hard to be detected and prevented since users are free to create an account with any username they want. This could lead to cybercrimes like fraud because impersonation allows malicious users to steal private information. Until now, there are few studies about this problem, and none of them can perfectly handle this problem. In this paper, based on an idea from previous work, we combine blockchain technology and security protocol to prevent impersonation in SNS. In our scheme, the defects of complex and duplicated operations in the previous work are improved. And the authentication work of SNS server is also adjusted to resist single-point, attacks. Moreover, the smart contract is introduced to help the whole system runs automatically. Afterward, our proposed scheme is implemented and tested on an Ethereum test network and the result suggests that it is acceptable and suitable for nowadays SNS network.
Takashi NORIMATSU Yuichi NAKAMURA Toshihiro YAMAUCHI
Two problems occur when an authorization server is utilized for a use case where a different security profile needs to be applied to a unique client request for accessing a distinct type of an API, such as open banking. A security profile can be applied to a client request by using the settings of an authorization server and client. However, this method can only apply the same security profile to all client requests. Therefore, multiple authorization servers or isolated environments, such as realms of an authorization server, are needed to apply a different security profile. However, this increases managerial costs for the authorization server administration. Moreover, new settings and logic need to be added to an authorization server if the existing client settings are inadequate for applying a security profile, which requires modification of an authorization server's source code. We aims to propose the policy-based method that resolves these problems. The proposed method does not completely rely on the settings of a client and can determine an applied security profile using a policy and the context of the client's request. Therefore, only one authorization server or isolated environment, such as a realm of an authorization server, is required to support multiple different security profiles. Additionally, the proposed method can implement a security profile as a pluggable software module. Thus, the source code of the authorization server need not be modified. The proposed method and Financial-grade application programming interface (FAPI) security profiles were implemented in Keycloak, which is an open-source identity and access management solution, and evaluation scenarios were executed. The results of the evaluation confirmed that the proposed method resolves these problems. The implementation has been contributed to Keycloak, making the proposed method and FAPI security profiles publicly available.
Ayako A. HASEGAWA Mitsuaki AKIYAMA Naomi YAMASHITA Daisuke INOUE Tatsuya MORI
Although security and privacy technologies are incorporated into every device and service, the complexity of these concepts confuses non-expert users. Prior research has shown that non-expert users ask strangers for advice about digital media use online. In this study, to clarify the security and privacy concerns of non-expert users in their daily lives, we investigated security- and privacy-related question posts on a Question-and-Answer (Q&A) site for non-expert users. We conducted a thematic analysis of 445 question posts. We identified seven themes among the questions and found that users asked about cyberattacks the most, followed by authentication and security software. We also found that there was a strong demand for answers, especially for questions related to privacy abuse and account/device management. Our findings provide key insights into what non-experts are struggling with when it comes to privacy and security and will help service providers and researchers make improvements to address these concerns.
Theoretically secure cryptosystems, digital signatures may not be secure after being implemented on Internet of Things (IoT) devices and PCs because of side-channel attacks (SCA). Because RSA key generation and ECDSA require GCD computations or modular inversions, which are often computed using the binary Euclidean algorithm (BEA) or binary extended Euclidean algorithm (BEEA), the SCA weaknesses of BEA and BEEA become a serious concern. Constant-time GCD (CT-GCD) and constant-time modular inversion (CTMI) algorithms are effective countermeasures in such situations. Modular inversion based on Fermat's little theorem (FLT) can work in constant time, but it is not efficient for general inputs. Two CTMI algorithms, named BOS and BY in this paper, were proposed by Bos, Bernstein and Yang, respectively. Their algorithms are all based on the concept of BEA. However, one iteration of BOS has complicated computations, and BY requires more iterations. A small number of iterations and simple computations during one iteration are good characteristics of a constant-time algorithm. Based on this view, this study proposes new short-iteration CT-GCD and CTMI algorithms over Fp borrowing a simple concept from BEA. Our algorithms are evaluated from a theoretical perspective. Compared with BOS, BY, and the improved version of BY, our short-iteration algorithms are experimentally demonstrated to be faster.
Nasratullah GHAFOORI Atsuko MIYAJI Ryoma ITO Shotaro MIYASHITA
This paper introduces significant improvements over the existing cryptanalysis approaches on Salsa20 and ChaCha stream ciphers. For the first time, we reduced the attack complexity on Salsa20/8 to the lowest possible margin. We introduced an attack on ChaCha7.25. It is the first attack of its type on ChaCha7.25/20. In our approach, we studied differential cryptanalysis of the Salsa20 and ChaCha stream ciphers based on a comprehensive analysis of probabilistic neutral bits (PNBs). The existing differential cryptanalysis approaches on Salsa20 and ChaCha stream ciphers first study the differential bias at specific input and output differential positions and then search for probabilistic neutral bits. However, the differential bias and the set of PNBs obtained in this method are not always the ideal combination to conduct the attack against the ciphers. The researchers have not focused on the comprehensive analysis of the probabilistic neutrality measure of all key bits concerning all possible output difference positions at all possible internal rounds of Salsa20 and ChaCha stream ciphers. Moreover, the relationship between the neutrality measure and the number of inverse quarter rounds has not been scrutinized yet. To address these study gaps, we study the differential cryptanalysis based on the comprehensive analysis of probabilistic neutral bits on the reduced-round Salsa20 and ChaCha. At first, we comprehensively analyze the neutrality measure of 256 key bits positions. Afterward, we select the output difference bit position with the best average neutrality measure and look for the corresponding input differential with the best differential bias. Considering all aspects, we present an attack on Salsa20/8 with a time complexity of 2241.62 and data complexity of 231.5, which is the best-known single bit differential attack on Salsa20/8 and then, we introduced an attack on ChaCha7.25 rounds with a time complexity of 2254.011 and data complexity of 251.81.
Tomoka TAKAHASHI Shinya OKUMURA Atsuko MIYAJI
The recent decision by the National Institute of Standards and Technology (NIST) to standardize lattice-based cryptography has further increased the demand for security analysis. The Ring-Learning with Error (Ring-LWE) problem is a mathematical problem that constitutes such lattice cryptosystems. It has many algebraic properties because it is considered in the ring of integers, R, of a number field, K. These algebraic properties make the Ring-LWE based schemes efficient, although some of them are also used for attacks. When the modulus, q, is unramified in K, it is known that the Ring-LWE problem, to determine the secret information s ∈ R/qR, can be solved by determining s (mod q) ∈ Fqf for all prime ideals q lying over q. The χ2-attack determines s (mod q) ∈Fqf using chi-square tests over R/q ≅ Fqf. The χ2-attack is improved in the special case where the residue degree f is two, which is called the two-residue-degree χ2-attack. In this paper, we extend the two-residue-degree χ2-attack to the attack that works efficiently for any residue degree. As a result, the attack time against a vulnerable field using our proposed attack with parameter (q,f)=(67, 3) was 129 seconds on a standard PC. We also evaluate the vulnerability of the two-power cyclotomic fields.
Kenta NOMURA Yuta TAKATA Hiroshi KUMAGAI Masaki KAMIZONO Yoshiaki SHIRAISHI Masami MOHRI Masakatu MORII
The proliferation of coronavirus disease (COVID-19) has prompted changes in business models. To ensure a successful transition to non-face-to-face and electronic communication, the authenticity of data and the trustworthiness of communication partners are essential. Trust services provide a mechanism for preventing data falsification and spoofing. To develop a trust service, the characteristics of the service and the scope of its use need to be determined, and the relevant legal systems must be investigated. Preparing a document to meet trust service provider requirements may incur significant expenses. This study focuses on electronic signatures, proposes criteria for classification, classifies actual documents based on these criteria, and opens a discussion. A case study illustrates how trusted service providers search a document highlighting areas that require approval. The classification table in this paper may prove advantageous at the outset when business decisions are uncertain, and there is no clear starting point.
Motoi IWASHITA Hirotaka SUGITA
In recent years, the market size for internet advertising has been increasing with the expansion of the Internet. Among the internet advertising technologies, affiliate services, which are a performance-based service, use cookies to track and measure the performance of affiliates. However, for the purpose of safeguarding personal information, cookies tend to be regulated, which leads to concerns over whether normal tracking by cookies works as intended. Therefore, in this study, the recent problems from the perspectives of affiliates, affiliate service providers, and advertisers are extracted, and a framework of cookie-independent measuring engagement method using access logs is proposed and open issues are discussed for future affiliate services.
Mustafa Sami KACAR Semih YUMUSAK Halife KODAZ
The use of reports in action has grown significantly in recent decades as data has become digitized. However, traditional statistical methods no longer work due to the uncontrollable expansion and complexity of raw data. Therefore, it is crucial to clean and analyze financial data using modern machine learning methods. In this study, the quarterly reports (i.e. 10Q filings) of publicly traded companies in the United States were analyzed by utilizing data mining methods. The study used 8905 quarterly reports of companies from 2019 to 2022. The proposed approach consists of two phases with a combination of three different machine learning methods. The first two methods were used to generate a dataset from the 10Q filings with extracting new features, and the last method was used for the classification problem. Doc2Vec method in Gensim framework was used to generate vectors from textual tags in 10Q filings. The generated vectors were clustered using the K-means algorithm to combine the tags according to their semantics. By this way, 94000 tags representing different financial items were reduced to 20000 clusters consisting of these tags, making the analysis more efficient and manageable. The dataset was created with the values corresponding to the tags in the clusters. In addition, PriceRank metric was added to the dataset as a class label indicating the price strength of the companies for the next financial quarter. Thus, it is aimed to determine the effect of a company's quarterly reports on the market price of the company for the next period. Finally, a Convolutional Neural Network model was utilized for the classification problem. To evaluate the results, all stages of the proposed hybrid method were compared with other machine learning techniques. This novel approach could assist investors in examining companies collectively and inferring new, significant insights. The proposed method was compared with different approaches for creating datasets by extracting new features and classification tasks, then eventually tested with different metrics. The proposed approach performed comparatively better than the other machine learning methods to predict future price strength based on past reports with an accuracy of 84% on the created 10Q filings dataset.
Kazuki FUKAE Tetsuo IMAI Kenichi ARAI Toru KOBAYASHI
With the growing global demand for seafood, sustainable aquaculture is attracting more attention than conventional natural fishing, which causes overfishing and damage to the marine environment. However, a major problem facing the aquaculture industry is the cost of feeding, which accounts for about 60% of a fishing expenditure. Excessive feeding increases costs, and the accumulation of residual feed on the seabed negatively impacts the quality of water environments (e.g., causing red tides). Therefore, the importance of raising fishes efficiently with less food by optimizing the timing and quantity of feeding becomes more evident. Thus, we developed a system to quantitate the amount of fish activity for the optimal feeding time and feed quantity based on the images taken. For quantitation, optical flow that is a method for tracking individual objects was used. However, it is difficult to track individual fish and quantitate their activity in the presence of many fishes. Therefore, all fish in the filmed screen were considered as a single school and the amount of change in an entire screen was used as the amount of the school activity. We divided specifically the entire image into fixed regions and quantitated by vectorizing the amount of change in each region using optical flow. A vector represents the moving distance and direction. We used the numerical data of a histogram as the indicator for the amount of fish activity by dividing them into classes and recording the number of occurrences in each class. We verified the effectiveness of the indicator by quantitating the eating and not eating movements during feeding. We evaluated the performance of the quantified indicators by the support vector classification, which is a form of machine learning. We confirmed that the two activities can be correctly classified.
Thin Tharaphe THEIN Yoshiaki SHIRAISHI Masakatu MORII
With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.
Thin Tharaphe THEIN Yoshiaki SHIRAISHI Masakatu MORII
Different types of malicious attacks have been increasing simultaneously and have become a serious issue for cybersecurity. Most attacks leverage domain URLs as an attack communications medium and compromise users into a victim of phishing or spam. We take advantage of machine learning methods to detect the maliciousness of a domain automatically using three features: DNS-based, lexical, and semantic features. The proposed approach exhibits high performance even with a small training dataset. The experimental results demonstrate that the proposed scheme achieves an approximate accuracy of 0.927 when using a random forest classifier.
Shohei KAKEI Hiroaki SEKO Yoshiaki SHIRAISHI Shoichi SAITO
This paper first takes IoT as an example to provide the motivation for eliminating the single point of trust (SPOT) in a CA-based private PKI. It then describes a distributed public key certificate-issuing infrastructure that eliminates the SPOT and its limitation derived from generating signing keys. Finally, it proposes a method to address its limitation by all certificate issuers.