Quite recently [IEEE Commu. Letters, Vol.14, No.1, 2010], Choi et al. proposed a handover authentication scheme using credentials based on chameleon hashing, claiming to provide several security features including Perfect Forward/Backward Secrecy (PFS/PBS). This paper examines the security of the scheme and shows that the scheme still fails to achieve PFS/PBS unlike their claims.

We investigate the secret key agreement from correlated Gaussian sources in which the legitimate parties can use the public communication with limited rate. For the class of protocols with the one-way public communication, we show a closed form expression of the optimal trade-off between the rate of key generation and the rate of the public communication. Our results clarify an essential difference between the key agreement from discrete sources and that from continuous sources.

Privacy amplification is a technique to distill a secret key from a random variable by a function so that the distilled key and eavesdropper's random variable are statistically independent. There are three kinds of security criteria for the key distilled by privacy amplification: the normalized divergence criterion, which is also known as the weak security criterion, the variational distance criterion, and the divergence criterion, which is also known as the strong security criterion. As a technique to distill a secret key, it is known that the encoder of a Slepian-Wolf (the source coding with full side-information at the decoder) code can be used as a function for privacy amplification if we employ the weak security criterion. In this paper, we show that the encoder of a Slepian-Wolf code cannot be used as a function for privacy amplification if we employ the criteria other than the weak one.

Secure channels can be realized by an authenticated key exchange (AKE) protocol that generates authenticated session keys between the involving parties. In, Shin et al., proposed a new kind of AKE (RSA-AKE) protocol whose goal is to provide high efficiency and security against leakage of stored secrets as much as possible. Let us consider more powerful attacks where an adversary completely controls the communications and the stored secrets (the latter is denoted by "replacement" attacks). In this paper, we first show that the RSA-AKE protocol is no longer secure against such an adversary. The main contributions of this paper are as follows: (1) we propose an RSA-based leakage-resilient AKE (RSA-AKE2) protocol that is secure against active attacks as well as replacement attacks; (2) we prove that the RSA-AKE2 protocol is secure against replacement attacks based on the number theory results; (3) we show that it is provably secure in the random oracle model, by showing the reduction to the RSA one-wayness, under an extended model that covers active attacks and replacement attacks; (4) in terms of efficiency, the RSA-AKE2 protocol is comparable to in the sense that the client needs to compute only one modular multiplication with pre-computation; and (5) we also discuss about extensions of the RSA-AKE2 protocol for several security properties (i.e., synchronization of stored secrets, privacy of client and solution to server compromise-impersonation attacks).

Secret Handshake protocol allows members of the same group to authenticate each other secretly. That is, two members who belong to the same group can learn counterpart is in the same group, while non-member of the group cannot determine whether the counterpart is a member of the group or not. Yamashita and Tanaka proposed Secret Handshake Scheme with Multiple Groups (SHSMG). They extended a single group setting to a multiple groups setting where two members output "accept" iff both member's affiliations of the multiple groups are identical. In this paper, we first show the flaw of their SHSMG, and we construct a new secure SHSMG. Second, we introduce a new concept of Secret Handshake scheme, "monotone condition Secret Handshake with Multiple Groups (mc-SHSMG)," in order to extend the condition of "accept." In our new setting of handshake protocol, members can authenticate each other in monotone condition (not only both member's affiliations are identical but also the affiliations are not identical). The communication costs and computational costs of our proposed mc-SHSMG are fewer than the trivial construction of mc-SHSMG.

Differential-phase-shift (DPS) quantum key distribution (QKD) is one scheme of quantum key distribution whose security is based on the quantum nature of lightwave. This protocol features simplicity, a high key creation rate, and robustness against photon-number-splitting attacks. We describe DPS-QKD in this paper, including its setup and operation, eavesdropping against DPS-QKD, system performance, and modified systems to improve the system performance.

A secret image transmission scheme based on vector quantization (VQ) and a secret codebook is proposed in this article. The goal of this scheme is to transmit a set of good-quality images secretly via another high-quality cover image with the same image size. In order to reduce the data size of secret images, the images are encoded by an adaptive codebook. To guarantee the visual quality of secret images, the adaptive codebook applied at the transmitter is transmitted to the receiver secretly as well. Moreover, to enhance the security of the proposed scheme and to compact the data size of the codebook, the adaptive codebook is encoded based on VQ using another codebook generated from the cover image. Experiments show impressive results.

In this paper, we propose a rational m-out-of-n secret sharing scheme, a dealer wishes to entrust a secret with a group of n players such that any subset of m or more players can reconstruct the secret, but a subset of less than m players cannot learn anything about the secret. The reconstruction protocol of our scheme is fair and stable in the rational settings, allowing all players to obtain the designated secret. Our scheme is based on RSA-OAEP with the distributed decryption. The security of our scheme relies on a computational assumption and uses the random oracles. The size of each share in our scheme is independent of the utility function and the computation cost of the reconstruction protocol is constant. Moreover, our scheme prevents the attacks with at most m-1 coalitions.

In the model, a sender S wants to send a message to a receiver R secretly and reliably in r-round. They do not share any information like keys, but there are n independent communication channels between S and R, and an adversary A can observe and/or substitute the data which goes through some channels (but not all). In this paper, we propose almost secure (1-round, 3t+1-channel ) MTSs which have following two properties where t is the number of channels A can observe and/or forge. (1) The running time of message decryption algorithm is polynomial in n. (2) Communication cost is smaller than the previous MTSs, if the message is large to some degree.

Shamir's (k,n)-threshold secret sharing scheme (threshold scheme) has two problems: a heavy computational cost is required to make shares and recover the secret, and a large storage capacity is needed to retain all the shares. As a solution to the heavy computational cost problem, several fast threshold schemes have been proposed. On the other hand, threshold ramp secret sharing schemes (ramp scheme) have been proposed in order to reduce each bit-size of shares in Shamir's scheme. However, there is no fast ramp scheme which has both low computational cost and low storage requirements. This paper proposes a new (k,L,n)-threshold ramp secret sharing scheme which uses just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret at a low computational cost. Moreover, by proving that the fast (k,n)-threshold scheme in conjunction with a method to reduce the number of random numbers is an ideal secret sharing scheme, we show that our fast ramp scheme is able to reduce each bit-size of shares by allowing some degradation of security similar to the existing ramp schemes based on Shamir's threshold scheme.

We explicitly describe and analyse blind hierachical identity-based encryption (blind HIBE) schemes, which are natural generalizations of blind IBE schemes [20]. We then uses the blind HIBE schemes to construct: (1) An identity-based blind signature scheme secure in the standard model, under the computational Diffie-Hellman (CDH) assumption, and with much shorter signature size and lesser communication cost, compared to existing proposals. (2) A new mechanism supporting a user to buy digital information over the Internet without revealing what he/she has bought, while protecting the providers from cheating users.

With the widespread use of Internet applications such as Teleconference, Pay-TV, Collaborate tasks, and Message services, how to construct and distribute the group session key to all group members securely is becoming and more important. Instead of adopting the point-to-point packet delivery, these emerging applications are based upon the mechanism of multicast communication, which allows the group member to communicate with multi-party efficiently. There are two main issues in the mechanism of multicast communication: Key Distribution and Scalability. The first issue is how to distribute the group session key to all group members securely. The second one is how to maintain the high performance in large network groups. Group members in conventional multicast systems have to keep numerous secret keys in databases, which makes it very inconvenient for them. Furthermore, in case that a member joins or leaves the communication group, many involved participants have to change their own secret keys to preserve the forward secrecy and the backward secrecy. We consequently propose a novel version for providing secure multicast communication in large network groups. Our proposed framework not only preserves the forward secrecy and the backward secrecy but also possesses better performance than existing alternatives. Specifically, simulation results demonstrate that our scheme is suitable for high-mobility environments.

We study the interaction of TCP and the proportional fair scheduling algorithm in wireless networks. We show that the additive increase and multiplicative decrease algorithm of TCP can favor bad channel users, which results in inefficient use of radio resources. To remedy the problem, a proportional queue management scheme is proposed. The effectiveness of the algorithm is shown by simulations.

Almost all the existing secret sharing schemes are based on a single dealer. Maybe in some situations, the secret needs to be maintained by multiple dealers. In this paper, we proposed a novel secret sharing scheme based on the multi-dealer by means of Shamir's threshold scheme and T. Okamoto and S. Uchiyama's public-key cryptosystem. Multiple dealers can commonly maintain the secret and the secret can be dynamically renewed by any dealer. Meanwhile, the reusable secret shadows just needs to be distributed only once. In the secret updated phase, the dealer just needs to publish a little public information instead of redistributing the new secret shadows. Its security is based on the security of Shamir's threshold scheme and the intractability of factoring problem and discrete logarithm problem.

The Chikazawa-Yamagishi scheme is an ID-based key distribution scheme which is based on the RSA cryptosystem. There are several variant schemes to improve the efficiency and the security of the Chikazawa-Yamagishi scheme. Unfortunately, all of the proposed schemes have some weaknesses. First, all the proposed schemes require time synchronization of the communicating parties. Second, none of the proposed schemes provide both forward secrecy and security against session state reveal attacks. In this paper, we suggest an ID-based key distribution scheme which does not require time synchronization and provides both forward secrecy and security against session state reveal attacks.

This primary objective of this study is to demonstrate simulation and ground-based experiment for the attitude control of flexible spacecraft. A typical spacecraft structure consists of the rigid body and flexible appendages which are large flexible solar panels, parabolic antennas built from light materials in order to reduce their weight. Therefore the attitude control has a big problem because these appendages induce structural vibration under the excitation of external forces. A single-axis rotational simulator with a flexible arm is constructed with on-off air thrusters and reaction wheel as actuation. The simulator is also equipped with payload pointing capability by simultaneous thruster and DC servo motor actuation. The experiment of flexible spacecraft attitude control is performed using only the reaction wheel. Using the reaction wheel the performance of the fuzzy-PID controller is illustrated by simulation and experimental results for a single-axis rotational simulator.

In this letter we provide a steering law for redundant single-gimbal control moment gyros. The proposed steering law is an extended version of the singular direction avoidance (SDA) steering law based on the singular value decomposition (SVD). All internal singularities are escapable for any non-zero constant torque command using the proposed steering law.

In a network with capacity h for multicast, information Xh=(X1, X2, , Xh) can be transmitted from a source node to sink nodes without error by a linear network code. Furthermore, secret information Sr=(S1, S2, , Sr) can be transmitted securely against wiretappers by k-secure network coding for k h-r. In this case, no information of the secret leaks out even if an adversary wiretaps k edges, i.e. channels. However, if an adversary wiretaps k+1 edges, some Si may leak out explicitly. In this paper, we propose strongly k-secure network coding based on strongly secure ramp secret sharing schemes. In this coding, no information leaks out for every (Si1, Si2, ,Sir-j) even if an adversary wiretaps k+j channels. We also give an algorithm to construct a strongly k-secure network code directly and a transform to convert a nonsecure network code to a strongly k-secure network code. Furthermore, some sufficient conditions of alphabet size to realize the strongly k-secure network coding are derived for the case of k < h-r.

We propose two multiple assignment secret sharing schemes realizing general access structures. One is always more efficient than the secret sharing scheme proposed by Ito, Saito and Nishizeki [5] from the viewpoint of the number of shares distributed to each participant. The other is also always more efficient than the scheme I of [7].

In Shamir's (k,n)-threshold secret sharing scheme (threshold scheme)[1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k and n are arbitrary. This paper proposes a new fast (k,n)-threshold scheme which uses just EXCLUSIVE-OR(XOR) operations to make n shares and recover the secret from k shares. We prove that every combination of k or more participants can recover the secret, but every group of less than k participants cannot obtain any information about the secret in the proposed scheme. Moreover, the proposed scheme is an ideal secret sharing scheme similar to Shamir's scheme, in which every bit-size of shares equals that of the secret. We also evaluate the efficiency of the scheme, and show that our scheme realizes operations that are much faster than Shamir's.