As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

Denial of service (DoS) attacks have become one of the most serious threats to the Internet. Enabling detection of attacks in network traffic is an important and challenging task. However, most existing volume-based schemes can not detect short-term attacks that have a minor effect on traffic volume. On the other hand, feature-based schemes are not suitable for real-time detection because of their complicated calculations. In this paper, we develop an IP packet size entropy (IPSE)-based DoS/DDoS detection scheme in which the entropy is markedly changed when traffic is affected by an attack. Through our analysis, we find that the IPSE-based scheme is capable of detecting not only long-term attacks but also short-term attacks that are beyond the volume-based schemes' ability to detect. Moreover, we test our proposal using two typical Internet traffic data sets from DARPA and SINET, and the test results show that the IPSE-based detection scheme can provide detection of DoS/DDoS attacks not only in a local area network (DARPA) and but also in academic backbone network (SINET).

Facial skin detection is an important step in facial surgical planning like as many other applications. There are many problems in facial skin detection. One of them is that the image features can be severely corrupted due to illumination, noise, and occlusion, where, shadows can cause numerous strong edges. Hence, in this paper, we present an automatic Expectation-Maximization (EM) algorithm for facial skin color segmentation that uses knowledge of chromatic space and varying illumination conditions to correct and segment frontal and lateral facial color images, simultaneously. The proposed EM algorithm leads to a method that allows for more robust and accurate segmentation of facial images. The initialization of the model parameters is very important in convergence of algorithm. For this purpose, we use a method for robust parameter estimation of Gaussian mixture components. Also, we use an additional class, which includes all pixels not modeled explicitly by Gaussian with small variance, by a uniform probability density, and amending the EM algorithm appropriately, in order to obtain significantly better results. Experimental results on facial color images show that accurate estimates of the Gaussian mixture parameters are computed. Also, other results on images presenting a wide range of variations in lighting conditions, demonstrate the efficiency of the proposed color skin segmentation algorithm compared to conventional EM algorithm.

We consider a class of nonlinear time delay systems with time-varying delays, and achieve a time delay independent sufficient condition for the global asymptotic stability. The sufficient condition is proved by constructing a continued fraction that represents the lower and upper bound variations of the system trajectory along the current of time, and showing that the continued fraction converges to the equilibrium point of the system. The simulation results show the validity of the sufficient condition, and illustrate that the sufficient condition is a close approximation to the unknown necessary and sufficient condition for the global asymptotic stability.

We propose an algorithm for finding heavy hitters in terms of cardinality (the number of distinct items in a set) in massive traffic data using a small amount of memory. Examples of such cardinality heavy-hitters are hosts that send large numbers of flows, or hosts that communicate with large numbers of other hosts. Finding these hosts is crucial to the provision of good communication quality because they significantly affect the communications of other hosts via either malicious activities such as worm scans, spam distribution, or botnet control or normal activities such as being a member of a flash crowd or performing peer-to-peer (P2P) communication. To precisely determine the cardinality of a host we need tables of previously seen items for each host (e.g., flow tables for every host) and this may infeasible for a high-speed environment with a massive amount of traffic. In this paper, we use a cardinality estimation algorithm that does not require these tables but needs only a little information called the cardinality summary. This is made possible by relaxing the goal from exact counting to estimation of cardinality. In addition, we propose an algorithm that does not need to maintain the cardinality summary for each host, but only for partitioned addresses of a host. As a result, the required number of tables can be significantly decreased. We evaluated our algorithm using actual backbone traffic data to find the heavy-hitters in the number of flows and estimate the number of these flows. We found that while the accuracy degraded when estimating for hosts with few flows, the algorithm could accurately find the top-100 hosts in terms of the number of flows using a limited-sized memory. In addition, we found that the number of tables required to achieve a pre-defined accuracy increased logarithmically with respect to the total number of hosts, which indicates that our method is applicable for large traffic data for a very large number of hosts. We also introduce an application of our algorithm to anomaly detection. With actual traffic data, our method could successfully detect a sudden network scan.

This paper proposes a spectroscopic method and system for preventing spoofing of biometric authentication. One of its focus is to enhance biometrics authentication with a spectroscopic method in a multi-factor manner such that a person's unique 'spectral signatures' or 'spectral factors' are recorded and compared in addition to a non-spectroscopic biometric signature to reduce the likelihood of imposter getting authenticated. By using the 'spectral factors' extracted from reflectance spectra of real fingers and employing cluster analysis, it shows how the authentic fingerprint image presented by a real finger can be distinguished from an authentic fingerprint image embossed on an artificial finger, or molded on a fingertip cover worn by an imposter. This paper also shows how to augment two widely used biometrics systems (fingerprint and iris recognition devices) with spectral biometrics capabilities in a practical manner and without creating much overhead or inconveniencing their users.

We present IND-ID-CPA secure identity-based encryption (IBE) schemes with tight reductions to the bilinear Diffie-Hellman (BDH) problem. Since the methods for obtaining IND-ID-CCA secure schemes from IND-ID-CPA secure schemes with tight reductions are already known, we can consequently obtain IND-ID-CCA secure schemes with tight reductions to the BDH problem. Our constructions are based on IBE schemes with tight reductions to the list bilinear Diffie-Hellman (LBDH) problem, and the schemes are converted to those with tight reductions to the BDH problem. Interestingly, it can be shown that there exists a black box construction, in which the former IBE schemes are given as black boxes. Our constructions are very simple and reasonably efficient.

The computation involved in multiuser detection (MUD) for multicarrier CDMA (MC-CDMA) based on maximum likelihood (ML) principle grows exponentially with the number of users. Particle swarm optimization (PSO) with soft decisions has been proposed to mitigate this problem. The computational complexity of PSO, is comparable with genetic algorithm (GA), but is much less than the optimal ML detector and yet its performance is much better than GA.

Today, users themselves are becoming subjects of content creation. The fact that blog, wiki, and UCC have become very popular shows that users want to participate to create and modify digital content. Users who participate in composing content also want to have their copyrights on their modification parts. Thus, a copyright protection system for the content which can be modified by multiple users is required. However, the conventional DRM (Digital Rights Management) systems like OMA DRM are not suitable for the modifiable content because they do not support the content created and modified by different users. Therefore in this paper, we propose a new copyright protection system which allows each modifier of the content created and modified by multiple users to have one's own copyright. We propose data formats and protocols, and analyze the proposed system in terms of the correctness and security. Performance evaluation in the view of response time shows that the proposed system is 2 to 18 times shorter than other comparative schemes.

In this letter, a simple but effective antenna selection algorithm for orthogonal space-time block codes with a linear complex precoder (OSTBC-LCP) is proposed and compared with two conventional algorithms in temporally and spatially correlated fading channels. The proposed algorithm, which minimizes pairwise error probability (MinPEP) with an error codebook (EC) constructed from the error vector quantization, is shown to provide nearly the same performance of MinPEP based on all possible error vectors, while keeping the complexity close to that of antenna selection algorithm based on maximum power criterion (Maxpower).

MUSIC-based estimation of direction of arrival (DOA) using universal steering vector (USV) is experimentally studied. A four-element array antenna and a four-channel receiver are employed for the experiment. In order to improve the accuracy of DOA estimation, USV which has already included the effect of mutual coupling between array elements and effect of array elements themselves is compensated to further include the electric delay and loss of four channels in the receiver. The compensated USV (C-USV) approach proposed in this paper does not need the time-consuming measurement of array element pattern because the compensating matrix for USV is obtained by measuring the S parameters between RF input ports of the feeding cables and IF output ports of the receiver. The experimental results of MUSIC-based DOA estimation show that C-USV approach is an accurate, effective and practical method for the MUSIC-based DOA estimation.

The accumulator was introduced as a decentralized alternative to digital signatures. While most of accumulators are based on number theoretic assumptions and require time-consuming modulo exponentiations, Nyberg's combinatoric accumulator dose not depend on any computational assumption and requires only bit operations and hash function evaluations. In this article, we present a generalization of Nyberg's combinatoric accumulator, which allows a lower false positive rate with the same output length. Our generalization also shows that the Bloom filter can be used as a cryptographic accumulator and moreover excels the Nyberg's accumulator.

This study describes the dependence of the surface electric field to the junction depth of source/drain-extension, and the suppression of gate induced drain leakage (GIDL) in fully depleted shallow junction gate-overlapped source/drain-extension (SDE). The GIDL can be reduced by reducing shallow junction depth of drain-extension. Total space charges are a function of junction depth in fully depleted shallow junction drain-extension, and the surface potential is proportional to these charges. Because the GIDL is proportional to surface potential, GIDL is the function of junction depth in fully depleted shallow junction drain-extension. Therefore, the GIDL is suppressed in a fully depleted shallow junction drain-extension by reducing surface potential. Negative substrate bias and halo doping could suppress the GIDL, too. The GIDL characteristic under negative substrate bias is contrary to other GIDL models.

We developed a content delivery system using a partially reconfigurable FPGA to securely distribute digital content on the Internet. With partial reconfigurability of a Xilinx Virtex-II Pro FPGA, the system provides an innovative single-chip solution for protecting digital content. In the system, a partial circuit must be downloaded from a server to the client terminal to play content. Content will be played only when the downloaded circuit is correctly combined (=interlocked) with the circuit built in the terminal. Since each circuit has a unique I/O configuration, the downloaded circuit interlocks with the corresponding built-in circuit designed for a particular terminal. Thus, the interface of the circuit itself provides a novel authentication mechanism. This paper describes the detailed architecture of the system and clarify the feasibility and effectiveness of the system. In addition, we discuss a fail-safe mechanism and future work necessary for the practical application of the system.

With the multiplication of attacks against computer networks, system administrators are required to monitor carefully the traffic exchanged by the networks they manage. However, that monitoring task is increasingly laborious because of the augmentation of the amount of data to analyze. And that trend is going to intensify with the explosion of the number of devices connected to computer networks along with the global rise of the available network bandwidth. So system administrators now heavily rely on automated tools to assist them and simplify the analysis of the data. Yet, these tools provide limited support and, most of the time, require highly skilled operators. Recently, some research teams have started to study the application of visualization techniques to the analysis of network traffic data. We believe that this original approach can also allow system administrators to deal with the large amount of data they have to process. In this paper, we introduce a tool for network traffic monitoring using visualization techniques that we developed in order to assist the system administrators of our corporate network. We explain how we designed the tool and some of the choices we made regarding the visualization techniques to use. The resulting tool proposes two linked representations of the network traffic and activity, one in 2D and the other in 3D. As 2D and 3D visualization techniques have different assets, we resulted in combining them in our tool to take advantage of their complementarity. We finally tested our tool in order to evaluate the accuracy of our approach.

PIN diodes for digital X-ray detection as a single photon counting sensor were fabricated on a floating-zone (FZ) n-type (111), high resistivity (5-10 kΩcm) silicon substrates (500 µm thickness). Its electrical properties such as the leakage current and the breakdown voltage were characterized. The size of pixels was 100 µm100 µm. The p+ guard-ring was formed around the active area to reduce the leakage current. After the p+ active area and guard-ring were fabricated by the ion-implantation, the extrinsic-gettering on the wafer backside was performed to reduce the leakage current by n+ ion-implantation. PECVD oxide was deposited as an IMD layer on front side and then, metal lines were formed on both sides of wafers. The leakage current of detectors was significantly reduced with a guard-ring when compared with that without a guard ring. The leakage current showed the strong dependency on the gap distance between the active area and the guard ring. It was possible to achieve the leakage current lower than 0.2 nA/cm2.

We have developed a visual entertainment system called "Future Cast" which enables anyone to easily participate in a pre-recorded or pre-created film as an instant CG movie star. This system provides audiences with the amazing opportunity to join the cast of a movie in real-time. The Future Cast System can automatically perform all the processes required to make this possible, from capturing participants' facial characteristics to rendering them into the movie. Our system can also be applied to any movie created using the same production process. We conducted our first experimental trial demonstration of the Future Cast System at the Mitsui-Toshiba pavilion at the 2005 World Exposition in Aichi Japan.

We present a method to identify stakeholders and their preferences about non-functional requirements (NFR) by using use case diagrams of existing systems. We focus on the changes about NFR because such changes help stakeholders to identify their preferences. Comparing different use case diagrams of the same domain helps us to find changes to be occurred. We utilize Goal-Question-Metrics (GQM) method for identifying variables that characterize NFR, and we can systematically represent changes about NFR using the variables. Use cases that represent system interactions help us to bridge the gap between goals and metrics (variables), and we can easily construct measurable NFR. For validating and evaluating our method, we applied our method to an application domain of Mail User Agent (MUA) system.

This paper describes a novel approach for detecting fault-prone modules using a spam filtering technique. Fault-prone module detection in source code is important for the assurance of software quality. Most previous fault-prone detection approaches have been based on using software metrics. Such approaches, however, have difficulties in collecting the metrics and constructing mathematical models based on the metrics. Because of the increase in the need for spam e-mail detection, the spam filtering technique has progressed as a convenient and effective technique for text mining. In our approach, fault-prone modules are detected in such a way that the source code modules are considered text files and are applied to the spam filter directly. To show the applicability of our approach, we conducted experimental applications using source code repositories of Java based open source developments. The result of experiments shows that our approach can correctly predict 78% of actual fault-prone modules as fault-prone.

Despite the extensive literature on current conveyor-based universal (namely, low-pass, band-pass, high-pass, notch, and all-pass) biquads with three inputs and one output, no filter circuits have been reported to date which simultaneously achieve the following seven important features: (i) employment of only two current conveyors, (ii) employment of only grounded capacitors, (iii) employment of only grounded resistors, (iv) high-input and low-output impedance, (v) no need to employ inverting type input signals, (vi) no need to impose component choice conditions to realize specific filtering functions, and (vii) low active and passive sensitivity performances. This letter describes a new voltage-mode biquad circuit that satisfies all the above features simultaneously, and without trade-offs.