HyRAL is a blockcipher whose block size is 128bits, and it supports the key lengths of 128, 129, ..., 256bits. The cipher was proposed for the CRYPTREC project, and previous analyses did not identify any security weaknesses. In this paper, we first consider the longest key version, 256-bit key HyRAL, and present the analysis in terms of equivalent keys. We first show that there are 251.0 equivalent keys (or 250.0 pairs of equivalent keys). Next, we propose an algorithm that derives an instance of equivalent keys with the expected time complexity of 248.8 encryptions and a limited amount of memory. Finally, we implement the proposed algorithm and fully verify its correctness by showing several instances of equivalent keys. We then consider shorter key lengths, and show that there are equivalent keys in 249-, 250-, ..., 255-bit key HyRAL. For each of these key lengths, we present the expected time complexity to derive an instance of equivalent keys.

A decentralized secure protocol for casting trust rating in reputation systems (StR protocol) is lately proposed by Dimitriou and Michalas, and the StR protocol is verified to be faster than the previous work providing anonymous feedback. In this letter, we present new enhanced scheme of StR. Compared with StR protocol, our new approach attains the exactly same security, but requires less processing time and about half communication overheads. Therefore, we improve the performance without sacrificing any security, especially the communication delay is dramatically reduced.

Remote data possession checking for cloud storage is very important, since data owners can check the integrity of outsourced data without downloading a copy to their local computers. In a previous work, Chen proposed a remote data possession checking protocol using algebraic signature and showed that it can resist against various known attacks. In this paper, we find serious security flaws in Chen's protocol, and shows that it is vulnerable to replay attack by a malicious cloud server. Finally, we propose an improved version of the protocol to guarantee secure data storage for data owners.

This paper presents a chosen-IV (Initial Vector) correlation power analysis on the international standard stream cipher KCipher-2 together with an effective countermeasure. First, we describe a power analysis technique which can reveal the secret key (initial key) of KCipher-2 and then evaluate the validity of the CPA with experiments using both FPGA and ASIC implementations of KCipher-2 processors. This paper also proposes a masking-based countermeasure against the CPA. The concept of the proposed countermeasure is to mask intermediate data which pass through the non-linear function part including integer addition, substitution functions, and internal registers L1 and L2. We design two types of masked integer adders and two types of masked substitution circuits in order to minimize circuit area and delay, respectively. The effectiveness of the countermeasure is demonstrated through an experiment on the same FPGA platform. The performance of the proposed method is evaluated through the ASIC fabricated by TSMC 65nm CMOS process technology. In comparison with the conventional design, the design with the countermeasure can be achieved by the area increase of 1.6 times at most.

This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs. For such a compression function, we observe that second-order differential paths will be constructed by finding a sub-path in each branch independently. This leads to 4-sum attacks on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. Then new properties called a (partial) 2-dimension sum and a q-multi-second-order collision are considered. The partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with complexities of 235 and 236, respectively. Theoretically, the 2-dimension sum is generated faster than the brute force attack up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with complexities of 2101 and 2158, respectively. The results on RIPEMD-128 can also be viewed as q-multi-second-order collision attacks. The practical attacks have been implemented and examples are presented. We stress that our results do not impact to the security of full RIPEMD-128 and RIPEMD-160 hash functions.

We propose a new method that accelerates asynchronous Byzantine Fault Tolerant (BFT) protocols designed on the principle of state machine replication. State machine replication protocols ensure consistency among replicas by applying operations in the same order to all of them. A naive way to determine the application order of the operations is to repeatedly execute the BFT consensus to determine the next executed operation, but this may introduce inefficiency caused by waiting for the completion of the previous execution of the consensus protocol. To reduce this inefficiency, our method allows parallel execution of the consensuses while keeping consistency of the consensus results at the replicas. In this paper, we also prove the correctness of our method and experimentally compare it with the existing method in terms of latency and throughput. The evaluation results show that our method makes a BFT protocol three or four times faster than the existing one when some machines or message transmissions are delayed.

An augmented PAKE (Password-Authenticated Key Exchange) protocol provides password-only authentication in the presence of an attacker, establishment of session keys between the involving parties, and extra protection for server compromise (i.e., exposure of password verification data). Among many augmented PAKE protocols, AMP variants (AMP2 [16] and AMP+ [15]) have been standardized in IEEE 1363.2 [9] and ISO/IEC 11770-4 [10]. In this paper, we thoroughly investigate APKAS-AMP (based on AMP2 [16]) and KAM3 (based on AMP+ [15]) which require several validity checks on the values, received and computed by the parties, when using a secure prime. After showing some attacks on APKAS-AMP and KAM3, we suggest new sanity checks that are clear and sufficient to prevent an attacker from doing these attacks.

After the disclosure of the RC4 algorithm in 1994, a number of keystream biases of RC4 were reported, e.g., Mantin and Shamir showed that the second byte of the keystream is biased to 0, Sepehrdad et al. found that the l-th byte of the keystream is biased to -l, and Maitra et al. showed that 3rd to 255th bytes of the keystream are also biased to 0, where l is the keylength in byte. However, it is unknown that which bias is strongest in each byte of initial bytes. This paper comprehensively analyzes initial keystream biases of RC4. In particular, we introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases. Combining the new biases with the known ones, a complete list of strongest single-byte biases in the first 257bytes of the RC4 keystream is constructed for the first time. Then, we show that our set of these biases are applicable to plaintext recovery attacks, key recovery attacks and distinguishing attacks.

In this paper, we present a fully integrated single conversion front-end for a satellite low-noise block down-converter (LNB), focusing on a Ku-band noise-canceling radio frequency amplifier (RF-AMP) and an L-band intermediate frequency variable-gain amplifier (IF-VGA). LNB, which is set on a satellite dish antenna, converts the satellite signal in Ku-band (10.7GHz to 12.75GHz) to L-band (950MHz to 2150MHz). To obtain a lower noise figure (NF) at the high frequency, we implemented a wideband noise-canceling RF-AMP with an LC ladder filter. Furthermore, we implemented a current-reusing RF-AMP and mixer for lower current consumption. The IF-VGA has a constant output third-order intercept point (OIP3) for various gains thanks to a digital control of the gate width in the transconductor stage. We fabricated a single conversion front-end IC using a 1P5M 130-nm RF-CMOS process and achieved NF of 9dB and a constant OIP3 of 11dBm for various gains. The current consumption was 27mA at a 2.8-V supply voltage.

We propose an adaptive reversible data hiding method with superior visual quality and capacity in which an adaptive generalized difference expansion (AGDE) method is applied to an integer-to-integer subband transform (I2I-ST). I2I-ST performs the reversible subband transform and the AGDE method is a state-of-the-art method of reversible data hiding. The results of experiments we performed objectively and perceptually show that the proposed method has better visual quality than conventional methods at the same embedding rate due to low variance in the frequency domain.

The separation time-overlapping ultrasound signals is necessary to obtain accurate estimate of transit time and material properties. In this letter, a method to determine the optimal transform order of fractional Fourier transform (FRFT) for decomposition of overlapping ultrasonic signals is proposed. The optimal transform order is obtained by minimizing the mean square error (MSE) between the output and the reference signal. Furthermore, windowing in FRFT domain is discussed. Numerical simulation results show the performances of the proposed method in separating signals overlapping in time.

We propose a novel approach to the target localization problem using Doppler frequency shift measurements. We first reformulate the maximum likelihood estimation (MLE) as a constrained weighted least squares (CWLS) estimation, and then perform the semidefinite relaxation to relax the CWLS problem as a convex semidefinite programming (SDP) problem, which can be efficiently solved using modern convex optimization methods. Finally, the SDP solution can be used to initialize the original MLE which can provide estimates achieve the Cramer-Rao lower bound accuracy. Simulations corroborate the good performance of the proposed method.

N-Shift Zero Correlation Zone (NS-ZCZ) sequence is defined with the N-shift zero correlation zone in the correlation function. Namely, the N-shift zero only appears within the correlation zone symmetrically distributed in the center of the correlation function. Moreover, the traditional ZCZ sequences can be considered as the N-shift ZCZ sequence with N=1. Similar to ZCZ sequence, NS-ZCZ sequences can be applied in sequence design for co-channel interference mitigation with more sequences in the sequence set compared with the traditional N-shift sequences. In this letter, the definition and construction algorithms are proposed. The corresponding theoretical bounds are analyzed.

Two channel correlation estimation (CCE) schemes exploiting pilots are presented for an OFDM system with a comb-type pilot pattern under the assumption that there exist virtual subcarriers in the OFDM block. Whereas the first scheme is designed based on the conventional regularized-least square (LS) approach, the second scheme is designed by a newly devised technique based on LS. As the second scheme removes the necessity of computing the matrix inverse by making the minimum eigenvalue of the inversed matrix positive, it leads to reduced implementation complexity and improved performance. It is shown by simulation that the proposed CCE schemes substantially enhance the mean equare error and symbol error rate performances of the MMSE based channel estimation by providing more accurate channel correlation information.

An effective interlaced-to-progressive scanning format conversion method is presented for the interpolation of interlaced images. On the basis of the weight assignment algorithm, the proposed method is composed of three stages: (1) straightforward interpolation with pre-determined six-tap filter, (2) fuzzy metric-based weight assignment, (3) updating the interpolation results. We first deinterlace the missing line with six-tap filter in the working window. Then we compute the local weight among the adjacent pixels with a fuzzy metric. Finally we deinterlace the missing pixels using the proposed interpolator. Comprehensive simulations conducted on different images and video sequences have proved the effectiveness of the proposed method, with significant improvement over conventional methods.

Computation integrity is difficult to verify when mass data processing is outsourced. Current integrity protection mechanisms and policies verify results generated by participating nodes within a computing environment of service providers (SP), which cannot prevent the subjective cheating of SPs. This paper provides an analysis and modeling of computation integrity for mass data processing services. A third-party sampling-result verification method, named TS-TRV, is proposed to prevent lazy cheating by SPs. TS-TRV is a general solution of verification on the intermediate results of common MapReduce jobs, and it utilizes the powerful computing capability of SPs to support verification computing, thus lessening the computing and transmission burdens of the verifier. Theoretical analysis indicates that TS-TRV is effective on detecting the incorrect results with no false positivity and almost no false negativity, while ensuring the authenticity of sampling. Intensive experiments show that the cheating detection rate of TS-TRV achieves over 99% with only a few samples needed, the computation overhead is mainly on the SP, while the network transmission overhead of TS-TRV is only O(log N).

We proposes a method for determining the frequency for monitoring the activities of a malware download site used for malware attacks on websites. In recent years, there has been an increase in attacks exploiting vulnerabilities in web applications for infecting websites with malware and maliciously using those websites as attack platforms. One scheme for countering such attacks is to blacklist malware download sites and filter out access to them from user websites. However, a malware download site is often constructed through the use of an ordinary website that has been maliciously manipulated by an attacker. Once the malware has been deleted from the malware download site, this scheme must be able to unblacklist that site to prevent normal user websites from being falsely detected as malware download sites. However, if a malware download site is frequently monitored for the presence of malware, the attacker may sense this monitoring and relocate that malware on a different site. This means that an attack will not be detected until the newly generated malware download site is discovered. In response to these problems, we clarify the change in attack-detection accuracy caused by attacker behavior. This is done by modeling attacker behavior, specifying a state-transition model with respect to the blacklisting of a malware download site, and analyzing these models with synthetically generated attack patterns and measured attack patterns in an operation network. From this analysis, we derive the optimal monitoring frequency that maximizes the true detection rate while minimizing the false detection rate.

To characterize an antenna, the acquisition of its three-dimensional radiation pattern is the fundamental requirement. Spherical antenna measurement is a practical approach to measuring antenna patterns in spherical geometry. However, due to the limitations of measurement range and measurement time, the measured samples may either be incomplete on scanning sphere, or be inadequate in terms of the sampling interval. Therefore there is a need to extrapolate and interpolate the measured samples. Spherical wave expansion, whose band-limited property is derived from the sampling theorem, provides a good tool for reconstructing antenna patterns. This research identifies the limitation of the conventional algorithm when reconstructing the pattern of an antenna which is not located at the coordinate origin of the measurement set-up. A novel algorithm is proposed to overcome the limitation by resampling between the unprimed and primed (where the antenna is centred) coordinate systems. The resampling of measured samples from the unprimed coordinate to the primed coordinate can be conducted by translational phase shift, and the resampling of reconstructed pattern from the primed coordinate back to the unprimed coordinate can be accomplished by rotation and translation of spherical waves. The proposed algorithm enables the analytical and continuous pattern reconstruction, even under the severe sampling condition for deviated AUT. Numerical investigations are conducted to validate the proposed algorithm.

In cognitive radio networks, the dynamic traffic of the primary user can lead to not only the spectrum sensing performance degradation, but also co-channel interference between primary user and secondary user, and, furthermore, the secondary system throughput can be decreased. Taking into account the impact of the dynamic primary-user traffic on spectrum sensing performance and the secondary throughput, we study the optimization problem of maximizing the secondary throughput under the constraints of probability of detection, average interference and transmit power budget, and derive its optimal solution. The optimal power allocation scheme and the algorithm that can find the optimal sensing time are also proposed. The proposed algorithm is of great practical significance in the scenario where primary-user traffic varies very quickly, for example, in public safety spectrum band.

In this paper, a simple yet efficient texture representation is proposed for texture classification by exploring the joint statistics of local quantized patterns (jsLQP). In order to combine information of different domains, the Gaussian derivative filters are first employed to obtain the multi-scale gradient responses. Then, three feature maps are generated by encoding the local quantized binary and ternary patterns in the image space and the gradient space. Finally, these feature maps are hybridly encoded, and their joint histogram is used as the final texture representation. Extensive experiments demonstrate that the proposed method outperforms state-of-the-art LBP based and even learning based methods for texture classification.