Program slicing is an important approach for debugging, program comprehension, impact analysis, etc. There are various program slicing techniques ranging from the lightweight to the more accurate but heavyweight. Comparative analyses are important for selecting the most appropriate technique. This paper presents a comparative study of four backward program slicing techniques for Java. The results show the scalability and precision of these techniques. We develop guidelines that indicate which slicing techniques are appropriate for different situations, based on the results.

Hidden Credential Retrieval (HCR) protocols are designed for access credentials management where users who remember short passwords can retrieve his/her various credentials (access keys and tokens) with the help of a remote storage server over insecure networks (e.g., the Internet). In this paper, we revisit two HCR protocols, both of which are based on blind signature schemes: one (we call it B-HCR) was proposed in ASIACCS 2009 and the other (we call it MRS-HCR) was in WISA 2010. In particular, we show that the B-HCR protocol is insecure against an outside attacker who impersonates server S. Specifically, the attacker can find out the user's password pw with off-line dictionary attacks by eavesdropping the communications between the user and a third-party online service provider. Also, we show that the MRS-HCR protocol does not work correctly itself. In other words, user U can not retrieve the plaintext Msg (i.e., credentials) even if he/she has a knowledge of the password.

Although password-only authenticated key exchange (PAKE) in the three-party setting has been widely studied in recent years, it remains a challenging area of research. A key challenge in designing three-party PAKE protocols is to prevent insider dictionary attacks, as evidenced by the flaws discovered in many published protocols. In this letter, we revisit Abdalla and Pointcheval's three-party PAKE protocol from FC 2005 and demonstrate that this protocol, named 3PAKE, is vulnerable to a previously unpublished insider offline dictionary attack. Our attack is dependant on the composition of 3PAKE and the higher-level protocol that uses the established session key.

In this letter, an iterative carrier frequency offset (CFO) estimation approach is presented which finds a new CFO vector based on first order Taylor series expansion of the one initially given for interleaved orthogonal frequency division multiple access uplink systems. The problem of finding the new CFO vector is formulated as the closed form of a generalized eigenvalue problem, which allows one to readily solve it. The proposed estimator combined center-symmetric trimmed correlation matrix and orthogonal projection technique, which doesn't require eigenvalue decomposition and it only needs single data block.

We aim at constructing adaptive oblivious transfer protocols, enjoying fully simulatable security, from various well-known assumptions such as DDH, d-Linear, QR, and DCR. To this end, we present two generic constructions of adaptive OT, one of which utilizes verifiable shuffles together with threshold decryption schemes, while the other uses permutation networks together with what we call loosely-homomorphic key encapsulation schemes. The constructions follow a novel designing approach called “blind permutation”, which completely differs from existing ones. We then show that specific choices of the building blocks lead to concrete adaptive OT protocols with fully simulatable security in the standard model under the targeted assumptions. Our generic methods can be extended to build universally composable (UC) secure OT protocols, with a loss in efficiency.

Highly accurate pedestrian position information is required in many applications, especially in automatic driving system. Global Positioning System (GPS) developed by American has proven itself reliability in most of the environments. Unfortunately, urban areas contain the signal reflection, known as multipath and non-line-of-sight (NLOS) effects. In addition, the lake of line-of-sight (LOS) satellites caused by the blockage of skyscrapers also severely degrades the accuracy and availability of the GPS positioning. To solve these problems, a solution that interoperated several Global Navigation Satellite Systems (GNSSs) is proposed. However, the actual difficulty of satellite positioning in urban area is the distorted satellite distribution. This paper proposes a GPS with 3D map ray tracing positioning method to conquer the difficulty. The proposed method takes the advantage of the non-LOS (NLOS) and uses it as an additional measurement. Significantly, these measurements are sourced from the satellites that should be blocked. Thus, the dilution of precision (DOP) can be greatly improved. To verify the performance of the proposed method, real data is collected at Tokyo urban area. This paper compares the performance of GPS/GLONASS and the proposed GPS with 3D map ray tracing methods. The results reveals the proposed method is capable of identifying which side of street the pedestrian stands and the GPS+GLONASS method is not.

This paper proposes a multiple-fault injection attack based on adaptive control of fault injection timing in embedded microcontrollers. The proposed method can be conducted under the black-box condition that the detailed cryptographic software running on the target device is not known to attackers. In addition, the proposed method is non-invasive, without the depackaging required in previous works, since such adaptive fault injection is performed by precisely generating a clock glitch. We first describe the proposed method which injects two kinds of faults to obtain a faulty output available for differential fault analysis while avoiding a conditional branch in a typical recalculation-based countermeasure. We then show that the faulty output can be obtained by the proposed method without using information from the detailed instruction sequence. In particular, the validity of the proposed method is demonstrated through experiments on Advanced Encryption Standard (AES) software with a recalculation-based countermeasure on 8-bit and 32-bit microcontrollers. We also present a countermeasure resistant to the proposed method.

How to reduce communication complexity is a common important issue to design cryptographic protocols. This paper focuses on authenticated key exchange (AKE). Several AKE schemes have been studied, which satisfy strong security such as exposure-resilience in the standard model (StdM). However, there is a large gap on communication costs between schemes in the StdM and in the random oracle model. In this paper, we show a generic construction that is significantly compact (i.e., small communication cost) and secure in the StdM. We follow an existing generic construction from key encapsulated mechanism (KEM). Our main technique is to use a bounded chosen-ciphertext secure KEM instead of an ordinary chosen-ciphertext secure KEM. The communication cost can be reduced to half by this technique, and we achieve the most compact AKE scheme in the StdM. Moreover, our construction has instantiations under wider classes of hardness assumptions (e.g., subset-sum problems and multi-variate quadratic systems) than existing constructions. This work pioneers the first meaningful application of bounded chosen-ciphertext secure KEM.

RC4 is a widely-used stream cipher, adopted in many standard protocols, such as WEP, WPA and SSL/TLS, as a standard encryption algorithm. Isobe et al. proposed a plaintext recovery attack on RC4 in the broadcast setting, where the same plaintext is encrypted with different secret keys. Their attack is able to recover the first 257bytes by exploiting the biases of the initial bytes of a keystream. In this paper, we propose two types of full plaintext recovery attacks that are able to recover all the bytes, even after the 258th byte, of a plaintext, unlike Isobe et al.'s attack. To achieve this, we combine the use of multiple keystream biases appropriately. The first attack utilizes the initial byte biases and Mantin's long-term bias. This attack can recover the first 1000 terabytes of a plaintext from 234 ciphertexts with a probability of almost one. The second attack is based on two long-term biases. Since this attack does not rely on the biases of the initial bytes of the RC4 keystream, it can recover any byte of a plaintext, even if the initial bytes are disregarded. Given 235 ciphertexts encrypted by different keys, any byte of a target plaintext can be recovered with a probability close to one.

A group signature scheme allows a group member to anonymously sign a message on behalf of the group. One of the important issues is the member revocation, and lots of revocable schemes have been proposed so far. A scheme recently proposed by Libert et al. achieves that O(1) or O(log N) efficiency of communication and computation except for the revocation list size (also the revocation cost), for the total number of members N and the number of revoked members R. However, since a signature is required for each subset separated from the set of non-revoked members, the size is about 900R Bytes in the 128-bit security. In the case of R=100,000, it amounts to about 80MB. In this paper, we extend the scheme to reduce the revocation list (also the revocation cost), by accumulating T subsets, which is signed for the revocation list. The revocation list size is reduced by 1/T. Unfortunately, the public key size, membership certificate size and the cost of a witness computation needed for signing increase related to T.

This paper proposes a new accurate evaluation method for examining the resistance of cryptographic implementations against access-driven cache attacks (CAs). We show that a mathematical correlation method between the sets of measured access time and the ideal data, which depend on the guessed key, can be utilized to evaluate quantitatively the correct key in access-driven CAs. We show the effectiveness of the proposed method using the access time measured in noisy environments. We also estimate the number of key candidates based on mathematical proof while considering memory allocation. Furthermore, based on the proposed method, we analyze quantitatively how the correlation values change with the number of plaintexts for a successful attack.

A new technology for video frame rate up-conversion (FRUC) is presented by combining a median filter and motion estimation (ME) with an occlusion detection (OD) method. First, ME is performed to obtain a motion vector. Then, the OD method is used to refine the MV in the occlusion region. When occlusion occurs, median filtering is applied. Otherwise, bidirectional motion compensated interpolation (BDMC) is applied to create the interpolated frames. The experimental results show that the proposed algorithm provides better performance than the conventional approach. The average gain in the PSNR (Peak Signal to Noise Ratio) is always better than the other methods in the Full HD test sequences.

A dynamic controller, based on the Stability Transformation Method (STM), has been used to stabilize unknown and unstable periodic orbits (UPOs) in dynamical systems. An advantage of the control method is that it can stabilize unknown UPOs. In this study, we introduce a novel control method, based on STM, to stabilize UPOs in DC-DC switching power converters. The idea of the proposed method is to apply temporal perturbations to the switching time. These perturbations are calculated without information of the locations of the target orbits. The effectiveness of the proposed method is verified by numerical simulations and laboratory measurements.

We propose two unidirectional proxy re-encryption schemes from the LWE assumptions. The schemes enjoy key privacy defined by Ateniese, Benson, and Hohenberger (CT-RSA 2009), that is, a delegator and a delegatee of a re-encryption key are anonymous.

Information networks are an important infrastructure and their resources are shared by many users. In order to utilize their resources efficiently, they should be controlled to prevent synchronization of user traffic. In addition, fairness among users must be assured. This paper discusses the framework of transmission rate control based on chaos. There are two different characteristics that coexist in chaos. One is that the state in the future is extremely sensitive to the initial condition. This makes it impossible to predict the future state at a fine level of detail. The other is the structural stability of macroscopic dynamics. Even if the state is uncertain on the microscopic scale, state dynamics on the macroscopic scale are stable. This paper proposes a novel framework of distributed hierarchical control of transmission rate by interpreting the coexistence of chaos as microscopic fairness of users and macroscopic stable utilization of networks.

ITS refers to advanced transportation systems in which control technology and information communication technology are applied for the purpose of coping with issues concerning safety, congestion, the environment, resource usage, etc. Here, we will review the history of ITS and look at its prospects for the future, with a focus on the rise of car navigation systems in Japan.

The concept of dual pairing vector spaces (DPVS) was introduced by Okamoto and Takashima in 2009, and it has been employed in various applications, functional encryption (FE) including attribute-based encryption (ABE) and inner-product encryption (IPE) as well as attribute-based signatures (ABS), generic conversion from composite-order group based schemes to prime-order group based ones and public-key watermarking. In this paper, we show the concept of DPVS, the major applications to FE and the key techniques employed in these applications. This paper presents them with placing more emphasis on plain and intuitive descriptions than formal preciseness.

In this letter, we consider the localization problem using received signal strength in wireless sensor networks. Working with a simple non-cooperative scenario in an outdoor localization, we transform the received signal strength measurement model to an alternative optimization problem which is much easier to solve and less complex compared to finding the optimum solutions from the maximum likelihood estimator. Then, we can solve a sequence of nonconvex problems as a range constrainted optimization problem, while the estimated solution also guarantees a monotonic convergence to the original solution. Simulation results confirm the effectiveness of our proposed approach.