The MPEG-1 layer-III compressed audio format, which is widely known as MP3, is the most popular for audio distribution. However, it is not equipped with security features to protect the content from unauthorized access. Although encryption ensures content security, the naive method of encrypting the entire MP3 file would destroy compliance with the MPEG standard. In this paper, we propose a low-complexity partial encryption method that is embedded during the MP3 encoding process. Our method reduces time consumption by encrypting only the perceptually important parts of an MP3 file rather than the whole file, and the resulting encrypted file is still compatible with the MPEG standard so as to be rendered by any existing MP3 players. For full-quality rendering, decryption using the appropriate cryptographic key is necessary. Moreover, the effect of encryption on audio quality can be flexibly controlled by adjusting the percentage of encryption. On the basis of this feature, we can realize the try-before-purchase model, which is one of the important business models of Digital Rights Management (DRM): users can render encrypted MP3 files for trial and enjoy the contents in original quality by purchasing decryption keys. From our experiments, it turns out that encrypting 2-10% of MP3 data suffices to generate trial music, and furthermore file size increasing after encryption is subtle.

The built-in Pseudo Random Number Generator (PRNG) of OpenSSL on Android platform is important for producing the encryption keys and nonce needed for SSL/TLS communication. In addition, it is also widely used in generating random numbers for many applications irrelevant to SSL. We demonstrated that the initial OpenSSL PRNG state of Android apps can be restored practically, and claimed that a PreMasterSecret (PMS) can be recovered in certain apps using the RSA key agreement scheme at CCS2013. In this paper, we investigate more deeply the practical effect of the predictability of OpenSSL PRNG. First, we precisely analyze, and reduce the complexity of a PMS recovery attack on SSL with the RSA key exchange by analyzing the ASLR mechanism of Android. As a result, we show that the PMS can be recovered in O(246) computations with a probability of 25%. Next, we show that the attack is also applicable to the PMS of the ECDH key exchange by analyzing the heap memory pattern. We confirmed experimentally that the PMS can be recovered in real-time with a probability of 20%. Finally, we show the relation between the predictability of OpenSSL PRNG and the vulnerability of Android SecureRandom java class.

In this paper, we present a new electro-optic (EO) probing system based on heterodyne detection. The use of a recirculating frequency shifter allows to expand the bandwidth of the system far beyond what is attainable with a conventional heterodyne EO set-up. The performance for the frequencies up to 50GHz is analysed to forecast the viability of the system up to the THz range.

Irreversible k-conversion set is introduced in connection with the mathematical modeling of the spread of diseases or opinions. We show that the problem to find a minimum irreversible 2-conversion set can be solved in O(n2log 6n) time for graphs with maximum degree at most 3 (subcubic graphs) by reducing it to the graphic matroid parity problem, where n is the number of vertices in a graph. This affirmatively settles an open question posed by Kyncl et al. (2014).

Current mobile communication terminals are equipped with multiple RF circuits that cover all frequency bands assigned for the communication. In order to make efficient use of frequency spectrum and to reduce circuits in a terminal, a low-loss reconfigurable RF filter is necessary to flexibly change RF frequencies. In this paper, a new reconfigurable bandpass filter (BPF) having eight-frequency (three-bit) selection capability is proposed. It employs branch-line switched type variable resonators that provide low insertion loss. One of the design issues is how to control pass bandwidths among selectable frequencies. In order to analyze the bandwidth variation of the reconfigurable BPF, we calculate the changes of external Q and coupling coefficients. It is shown that the inductive coupling design can achieve less variation of bandwidth for the reconfigurable BPF, compared with commonly used capacitive coupling design. A prototype BPF on a printed circuit board with high dielectric constant substrate has been fabricated and evaluated in 2 GHz bands. It presents performance very close to the design results with respect to insertion loss, center frequency and passband bandwidth. Low insertion loss of less than 1 dB is achieved among the eight frequencies.

This paper presents a new way to classify different radiation sources by the parameter of directivity, which is a characteristic parameter of electromagnetic radiation sources. The parameter can be determined from measurements of the electric field intensity radiating in all directions in space. We develop three basic antenna models, which are for 3GHz operation, and set 125,000 groups of cube receiving arrays along the main lobe of their radiation patterns to receive the data of far field electric intensity in groups. Then the Back Propagation (BP) neural network and the Support Vector Machine (SVM) method are adopted to analyze training data set, and build and test the classification model. Owing to the powerful nonlinear simulation ability, the SVM method offers higher classification accuracy than the BP neural network in noise environment. At last, the classification model is comprehensively evaluated in three aspects, which are capability of noise immunity, F1 measure and the normalization method.

Multiple-way (N-way) asynchronous arbitration is an important issue in asynchronous system design. In this paper, novel implementation methods of N-way asynchronous arbiters are presented. We first present N-way rectangle mesh arbiters using 2-way mutual exclusion elements. Then, N-way token-ring arbiters based on the non-return-to-zero signaling is also presented. The former can issue grant signals with the same percentage for all the arriving request signals while the latency is proportional to the number of inputs. The latter can achieve low latency and low energy arbitration for a heavy workload environment and a large number of inputs. In this paper, we compare their performances using the 28nm FD-SOI process technologies qualitatively and quantitatively.

Novel multi-band mixers that can receive multiple band signals concurrently are proposed and evaluated. The mixers achieve independent gain control through novel relative power control method of the multiple local oscillator (LO) signals. Linear control is also achieved through multiple LO signal input with total LO power control. Theoretical analysis shows that odd-order nonlinearity components of the multiple LO signals support linear conversion gain control. Dual- and triple-band tests are conducted using typical three MOSFET mixers fabricated by a 0.25 µm SiGe BiCMOS process. Measurements confirm over 40 dB independent control of conversion gain, linear control achieved through LO input power control. The proposed mixers have high input linearity with a 5 dBm output third intercept point. A method is also proposed to reduce interference caused by mixing between multiple LO signals.

This paper provides a method based on electromagnetic (EM) analysis to predict conducted currents in the bulk current injection (BCI) test system for automotive components. The BCI test system is comprised of an injection probe, equipment under test (EUT), line impedance stabilization networks (LISNs), wires and an electric load. All components are modeled in full-wave EM analysis. The EM model of the injection probe enables us to handle multi wires. By using the transmission line theory, the BCI setup model is divided into several parts in order to reduce the calculation time. The proposed method is applied to an actual BCI setup of an automotive component and the simulated common mode currents at the input terminals of EUT have a good accuracy in the frequency range of 1-400MHz. The model separation reduces the calculation time to only several hours.

Electromagnetic analysis (EMA) against public-key cryptographic software on an embedded OS is presented in this paper. First, we propose a method for finding an observation point for EMA, where the EM radiation caused by cryptographic operations can be observed with low noise. The basic idea is to find specific EM radiation patterns produced by cryptographic operations given specific input pattern. During the operations, we scan the surface of the target device(s) with a micro magnetic probe. The scan is optimized in advanced using another compatible device that has the same central processing unit (CPU) and OS as the target device. We demonstrate the validity of the proposed EMAs through some EMA experiments with two types of RSA software on an embedded OS platform. The two types of RSA software have different implementations for modular multiplication algorithms: one is a typical and ready-made implementation using BigInteger class on Java standard library, and another is a custom-made implementation based on the Montgomery multiplication algorithm. We conduct experiments of chosen-message EMA using our scanning method, and show such EMAs successfully reveal the secret key of RSA software even under the noisy condition of the embedded OS platform. We also discuss some countermeasures against the above EMAs.

In this paper, a new parameter estimator for coherently distributed (CD) noncircular (NC) signals is proposed, and can estimate both the central direction-of-arrivals (DOAs) and the angular spreads. It can also be considered as an extended version of the generalized Capon method by using both covariance matrix and an elliptic covariance matrix. The central DOAs and angular spreads are obtained by two-dimensional spectrum-peak searching. Numerical examples illustrate that the proposed method can estimate the central DOAs and the angular spreads when the number of signals is greater than the number of sensors. The proposed method also offers better performance than the methods against which it is compared.

As semiconductor manufacturing processing scaling down, leakage current of CMOS circuits is becoming a dominant contributor to power dissipation. This paper provides an efficient leakage current reduction (LCR) technique for low-power and low-frequency circuit designs in terms of design rules and layout parameters related to layout dependent effects. We address the LCR technique both for analog and digital circuits, and present a design case when applying the LCR techniqe to a successive-approximation-register (SAR) analog-to-digital converter (ADC), which typically employs analog and digital transistors. In the post-layout simulation results by HSPICE, an SAR-ADC with the LCR technique achieves 38.6-nW as the total power consumption. Comparing with the design without the LCR technique, we attain about 30% total energy reduction.

We introduce a coding theoretic criterion for Yamamoto's strong security of the ramp secret sharing scheme. After that, by using it, we show the strong security of the strongly multiplicative ramp secret sharing proposed by Chen et al. in 2008.

A forward/reverse body bias generator (BBG) which operates under wide supply-range is proposed. Fine-grained body biasing (FGBB) is effective to reduce variability and increase energy efficiency on digital LSIs. Since FGBB requires a number of BBGs to be implemented, simple design is preferred. We propose a BBG with charge pumps for reverse body bias and the BBG operates under wide supply-range from 0.5,V to 1.2,V. Layout of the BBG was designed in a cell-based flow with an AES core and fabricated in a 65~nm CMOS process. Area of the AES core is 0.22 mm$^2$ and area overhead of the BBG is 2.3%. Demonstration of the AES core shows a successful operation with the supply voltage from 0.5,V to 1.2,V which enables the reduction of power dissipation, for example, of 17% at 400,MHz operation.

This paper presents a constant-current-controlled class-C VCO using a self-adjusting replica bias circuit. The proposed class-C VCO is more suitable in real-life applications as it can maintain constant current which is more robust in phase noise performance over variation of gate bias of cross-coupled pair comparing to a traditional approach without amplitude modulation issue. The proposed VCO is implemented in 180,nm CMOS process. It achieves a tuning range of 4.8--4.9,GHz with a phase noise of -121,dBc/Hz at 1,MHz offset. The power consumption of the core oscillators is 4.8,mW and an FoM of -189,dBc/Hz is achieved.

In this letter, we derive two lower bounds for the number of terms in a double-base number system (DBNS), when the digit set is {1}. For a positive integer n, we show that the number of terms obtained from the greedy algorithm proposed by Dimitrov, Imbert, and Mishra [1] is $Thetaleft(rac{log n}{log log n} ight)$. Also, we show that the number of terms in the shortest double-base chain is Θ(log n).

In this paper, we improve a width-3 joint sparse form proposed by Okeya, Katoh, and Nogami. After the improvement, the representation can attain an asymtotically optimal complexity found in our previous work. Although claimed as optimal by the authors, the average computation time of multi-scalar multiplication obtained by the representation is 563/1574n+o(n)≈0.3577n+o(n). That number is larger than the optimal complexity 281/786n+o(n)≈0.3575n+o(n) found in our previous work. To optimize the width-3 joint sparse form, we add more cases to the representation. After the addition, we can show that the complexity is updated to 281/786n+o(n)≈0.3575n+o(n), which implies that the modified representation is asymptotically optimal. Compared to our optimal algorithm in the previous work, the modified width-3 joint sparse form uses less dynamic memory, but it consumes more static memory.

This work presents a novel counter-based randomization method for use in a flying-adder frequency synthesizer with a cost-effective structure that can replace the fractional accumulator. The proposed technique involves a counter, a comparator and a modified linear feedback shift register. The power consumption and speed bottleneck of the conventional flying-adder are significantly reduced. The modified linear shift feedback register is used as a pseudo random data generator, suppressing the spurious tones arise from the periodic carry sequences that is generated by the fractional accumulator. Furthermore, the proposed counter-based randomization method greatly reduces the large memory size that is required by the conventional approach to carry randomization. A test chip for the proposed counter-based randomization method is fabricated in the TSMC 0.18,$mu $m 1P6M CMOS process, with the core area of 0.093,mm$^{mathrm{2}}$. The output frequency had a range of 43.4,MHz, extasciitilde 225.8,MHz at 1.8,V with peak-to-peak jitter (Pk-Pk) jitter 139.2,ps at 225.8,MHz. Power consumption is 2.8,mW @ 225.8,MHz with 1.8 supply voltage.

A current mode buck/boost DC-DC converter with automatic mode transition is presented in this paper. At heavy load, a control scheme adaptively changes operation mode between peak and valley current modes to achieve high efficiency, small output voltage ripple, and fast transient response. The switching loss is reduced by operating in pure modes, and the conduction loss is reduced by decreasing the average inductor current in transition modes. At light load, the equivalent switching frequency is decreased to reduce the switching loss. An automatic mode transition between heavy load PWM mode and light load PFM mode is achieved by introducing an average load current sensing method. The converter has been implemented with a standard 0.5,$mu$m CMOS process. The output voltage ripple is less than 10,mV in all modes, and the peak efficiency is 95%.

The number of states is a very important matter for model checking approach in Petri net's analysis. We first gave a formal definition of state number calculation problem: For a Petri net with an initial state (marking), how many states does it have? Next we showed the problem cannot be solved in polynomial time for a popular subclass of Petri nets, known as free choice workflow nets, if P≠NP. Then we proposed a polynomial time algorithm to solve the problem by utilizing a representational bias called as process tree. We also showed effectiveness of the algorithm through an application example.