The differential fault analysis of SOSEMNAUK was presented in Africacrypt in 2011. In this paper, we improve previous work with algebraic techniques which can result in a considerable reduction not only in the number of fault injections but also in time complexity. First, we propose an enhanced method to determine the fault position with a success rate up to 99% based on the single-word fault model. Then, instead of following the design of SOSEMANUK at word levels, we view SOSEMANUK at bit levels during the fault analysis and calculate most components of SOSEMANUK as bit-oriented. We show how to build algebraic equations for SOSEMANUK and how to represent the injected faults in bit-level. Finally, an SAT solver is exploited to solve the combined equations to recover the secret inner state. The results of simulations on a PC show that the full 384 bits initial inner state of SOSEMANUK can be recovered with only 15 fault injections in 3.97h.

In this paper, we study the problem of noise with regard to the perfect reconstruction of non-bandlimited signals, the class of signals having a finite number of degrees of freedom per unit time. The finite rate of innovation (FRI) method provides a means of recovering a non-bandlimited signal through using of appropriate kernels. In the presence of noise, however, the reconstruction function of this scheme may become ill-conditioned. Further, the reduced sampling rates afforded by this scheme can be accompanied by increased error sensitivity. In this paper, to obtain improved noise robustness, we propose the matrix pencil (MP) method for sample signal reconstruction, which is based on principal component analysis (PCA). Through the selection of an adaptive eigenvalue, a non-bandlimited signal can be perfectly reconstructed via a stable solution of the Yule-Walker equation. The proposed method can obtain a high signal-to-noise-ratio (SNR) for the reconstruction results. Herein, the method is applied to certain non-bandlimited signals, such as a stream of Diracs and nonuniform splines. The simulation results demonstrate that the MP and PCA are more effective than the FRI method in suppressing noise. The FRI method can be used in many applications, including those related to bioimaging, radar, and ultrasound imaging.

Purchase behavior prediction is one of the most important issues to promote both e-commerce companies' sales and the consumers' satisfaction. The prediction usually uses features based on the statistics of items. This kind of features can lead to the loss of detailed information of items. While all items are included, a large number of features has the negative impact on the efficiency of learning the predictive model. In this study, we propose to use the most popular items for improving the prediction. Experiments on the real-world dataset have demonstrated the effectiveness and the efficiency of our proposed method. We also analyze the reason for the performance of the most popular items. In addition, our work also reveals if interactions among most popular items are taken into account, the further significant improvement can be achieved. One possible explanation is that online retailers usually use a variety of sales promotion methods and the interactions can help to predict the purchase behavior.

A simple but efficient method for evaluating the channel capacity of 2×2 multiple-input multiple-output (MIMO) antenna systems is proposed. First, the channel capacity of a half-wavelength dipole array antenna is calculated using the Monte Carlo method by changing the incident-wave signal-to-noise power ratio, the power difference between two elements, and the correlation coefficient. Using the calculated results, a polynomial function is derived by multivariate regression analysis to estimate the channel capacity. The validity of the developed function is confirmed by comparing the channel capacity estimated by the developed function with that calculated by the Monte Carlo method using a MIMO array antenna operated under various scenarios, including antenna-human body electromagnetic interactions and radio-wave propagation environments, for future MIMO systems. The function is also validated by means of two experimental approaches: the use of radiation patterns measured in an anechoic chamber and the use of a spatial fading emulator that can create a two-dimensional fading environment.

An adaptive time-step control method is proposed for the damped pseudo-transient analysis (DPTA) method. The new method is based on the idea of switched evolution/relaxation (SER), which can automatically adapt the step size for different circuit states. Considering the number of iterations needed for the convergence of Newton-Raphson (NR) method and the states in previous steps, the proposed method can automatically optimize the time-step size. Using numerical examples, the new method is proven to improve robustness, simulation efficiency, and the convergence of DPTA for solving nonlinear DC circuit equations.

In order to prevent the synonym substitution breaking the balance among frequencies of synonyms and improve the statistical undetectability, this paper proposed a novel linguistic steganography based on synonym run-length encoding. Firstly, taking the relative word frequency into account, the synonyms appeared in the text are digitized into binary values and expressed in the form of runs. Then, message are embedded into the parities of runs' lengths by self-adaptively making a positive or negative synonym transformation on boundary elements of two adjacent runs, while preserving the number of relative high and low frequency synonyms to reduce the embedding distortion. Experimental results have shown that the proposed synonym run-length encoding based linguistic steganographic algorithm makes fewer changes on the statistical characteristics of cover texts than other algorithms, and enhances the capability of anti-steganalysis.

In recent years, the reduced cost and increased capacity of memory have resulted in a growing number of buffers in switches and routers. Consequently, today's networks suffer from bufferbloat, a term that refers to excess frame buffering resulting in high latency, high jitter, and low throughput. Although ring aggregation is an efficient topology for forwarding traffic from multiple, widely deployed user nodes to a core network, a fairness scheme is needed to achieve throughput fairness and avoid bufferbloat, because frames are forwarded along ring nodes. N Rate N+1 Color Marking (NRN+1CM) was proposed to achieve per-flow fairness in ring aggregation networks. The key idea of NRN+1CM is to assign a color that indicates the dropping priority of a frame according to the flow-input rate. When congestion occurs, frames are selectively discarded based on their color and the frame-dropping threshold. Through the notification process for the frame-dropping threshold, frames are discarded at upstream nodes in advance, avoiding the accumulation of a queuing delay. The performance of NRN+1CM was analyzed theoretically and evaluated with computer simulations. However, its ability to avoid bufferbloat has not yet been proven mathematically. This paper uses an M(n)/M/1/K queue model to demonstrate how bufferbloat is avoided with NRN+1CM's frame-dropping threshold-notification process. The M(n)/M/1/K queue is an M/M/1/K queuing system with balking. The state probabilities and average queue size of each ring node were calculated with the model, proving that the average queue size is suppressed in several frames, but not in the most congested queue. Computer simulation results confirm the validity of the queue model. Consequently, it was logically deducted from the proposed M(n)/M/1/K model that bufferbloat is successfully avoided with NRN+1CM independent of the network conditions including the number of nodes, buffer sizes, and the number and types of flows.

This paper presents human-centered video feature selection via mRMR-SCMMCCA (minimum Redundancy and Maximum Relevance-Specific Correlation Maximization Multiset Canonical Correlation Analysis) algorithm for preference extraction. The proposed method derives SCMMCCA, which simultaneously maximizes two kinds of correlations, correlation between video features and users' viewing behavior features and correlation between video features and their corresponding rating scores. By monitoring the derived correlations, the selection of the optimal video features that represent users' individual preference becomes feasible.

This paper explores the feasibility of power analysis attacks against low-latency block ciphers implemented with unrolled architectures capable of encryption/decryption in a single clock cycle. Unrolled architectures have been expected to be somewhat resistant against side-channel attacks compared to typical loop architectures because of no memory (i.e. register) element storing intermediate results in a synchronous manner. In this paper, we present a systematic method for selecting Points-of-Interest for power analysis on unrolled architectures as well as calculating dynamic power consumption at a target function. Then, we apply the proposed method to PRINCE, which is known as one of the most efficient low-latency ciphers, and evaluate its validity with an experiment using a set of unrolled PRINCE processors implemented on an FPGA. Finally, a countermeasure against such analysis is discussed.

The online unit clustering problem is one of the most basic clustering problems proposed by Chan and Zarrabi-Zadeh (WAOA2007 and Theory of Computing Systems 45(3), 2009). Several variants of this problem have been extensively studied. In this letter, we propose a new variant of the online unit clustering problem, called the online unit clustering problem with capacity constraints. For this problem, we use competitive analysis to evaluate the performance of an online algorithm. Then, we develop an online algorithm whose competitive ratio is at most 3.178, and show that a lower bound on the competitive ratio of any online algorithm is 2.

In this paper, we present several cryptanalyses of Hierocrypt-L1 block cipher, which was selected as one of the CRYPTREC recommended ciphers in Japan in 2003. We present a differential attack and an impossible differential attack on 8 S-function layers in a related-key setting. We first show that there exist the key scheduling differential characteristics which always hold, then we search for differential paths for the data randomizing part with the minimum active S-boxes using the above key differentials. We also show that our impossible differential attack is a new type.

In 1999, Boneh and Durfee introduced the small inverse problem, which solves the bivariate modular equation x(N+y)≡1(mod e. Absolute values of solutions for x and y are bounded above by X=Nδ and Y=Nβ, respectively. They solved the problem for β=1/2 in the context of small secret exponent attacks on RSA and proposed a polynomial time algorithm that works when δ<(7-2√7)/6≈0.284. In the same work, the bound was further improved to δ<1-1/≈2≈0.292. Thus far, the small inverse problem has also been analyzed for an arbitrary β. Generalizations of Boneh and Durfee's lattices to obtain the stronger bound yielded the bound δ<1-≈β. However, the algorithm works only when β≥1/4. When 0<β<1/4, there have been several works where the authors claimed their results are the best. In this paper, we revisit the problem for an arbitrary β. At first, we summarize the previous results for 0<β<1/4. We reveal that there are some results that are not valid and show that Weger's algorithms provide the best bounds. Next, we propose an improved algorithm to solve the problem for 0<β<1/4. Our algorithm works when δ<1-2(≈β(3+4β)-β)/3. Our algorithm construction is based on the combinations of Boneh and Durfee's two forms of lattices and it is more natural compared with previous works. For the cryptographic application, we introduce small secret exponent attacks on Multi-Prime RSA with small prime differences.

Due to outsourcing of numerous stages of the IC manufacturing process to different foundries, the security risk, such as hardware Trojan becomes a potential threat. In this paper, we present a layout aware localized hardware Trojan detection method that magnifies the detection sensitivity for small Trojan in power-based side-channel analysis. A scan segmentation approach with a modified launch-on-capture (LoC) transition delay fault test pattern application technique is proposed so as to maximize the dynamic power consumption of any target region. The new architecture allows activating any target region and keeping others quiet, which reduces total circuit toggling activity. We evaluate our approach on ISCAS89 benchmark and two practical circuits to demonstrate its effectiveness in side-channel analysis.

Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.

SUMMARY This paper proposes a power-supply-noise-aware timing analysis and test pattern regeneration framework suitable for testing 3D IC. The proposed framework analyzes timing with reasonable accuracy at much faster speed than existing tools. This technique is very scalable because it is based on analytical functions, instead of solving nonlinear equations. The experimental results show, for small circuits, the error is less than 2% compared with SPICE. For large circuits, we achieved 272 times speed up compared with a commercial tool. For a large benchmark circuit (638K gates), we identified 88 risky patterns out of 31K test patterns. We propose a test pattern regeneration flow to replace those risky patterns with very little (or even no) penalty in fault coverage. Our test sets are shorter than commercial power-aware ATPG while the fault coverage is almost the same as power-unaware ATPG.

This paper presents an analytical model for network throughput of WLANs, taking into account heterogeneous conditions, namely network nodes transmit different length frames with various offered load individually. The airtime concept, which is often used in multi-hop network analyses, is firstly applied for WLAN analysis. The proposed analytical model can cover the situation that there are saturation and non-saturation nodes in the same network simultaneously, which is the first success in the WLAN analyses. This paper shows the network throughput characteristics of four scenarios. Scenario 1 considers the saturation throughputs for the case that one or two length frames are transmitted at the identical offered load. Scenarios 2 and 3 are prepared for investigating the cases that all network nodes transmit different length frames at the identical offered load and identical length frames at the different offered loads, respectively. The heterogeneous conditions for not only frame length but also offered load are investigated in Scenario 4.

Kernel discriminant analysis (KDA) is the mainstream approach of nonlinear discriminant analysis (NDA). Since it uses the kernel trick, KDA does not consider its nonlinear discriminant mapping explicitly. In this paper, another NDA approach where the nonlinear discriminant mapping is analytically given is developed. This study is based on the theory of optimal nonlinear discriminant analysis (ONDA) of which the nonlinear mapping is exactly expressed by using the Bayesian posterior probability. This theory indicates that various NDA can be derived by estimating the Bayesian posterior probability in ONDA with various estimation methods. Also, ONDA brings an insight about novel kernel functions, called discriminant kernel (DK), which is defined by also using the posterior probabilities. In this paper, several NDA and DK derived from ONDA with several posterior probability estimators are developed and evaluated. Given fine estimation methods of the Bayesian posterior probability, they give good discriminant spaces for visualization or classification.

Automatic detection of immunoreactive areas in fluorescence microscopic images is becoming a key technique in the field of biology including neuroscience, although it is still challenging because of several reasons such as low signal-to-noise ratio and contrast variation within an image. In this study, we developed a new algorithm that exhaustively detects co-localized areas in multi-channel fluorescence images, where shapes of target objects may differ among channels. Different adaptive binarization thresholds for different local regions in different channels are introduced and the condition of each segment is assessed to recognize the target objects. The proposed method was applied to detect immunoreactive spots that labeled membrane receptors on dendritic spines of mouse cerebellar Purkinje cells. Our method achieved the best detection performance over five pre-existing methods.

This paper presents a Multi-channel MAC protocol with channel grouping for multi-channel ad-hoc networks. The proposed protocol has both concepts of the multiple rendezvous and the single control channel protocols, which were proposed as a MAC protocol for multi-channel ad-hoc network without centralized stations. In the proposed protocol, all the channels are divided into some groups and each group has a control channel. Network nodes circulate among the groups and channel negotiations are carried out on a control channel of the group. By applying the channel grouping, it is possible to enhance network throughput without reducing the channel-usage probability. Because there is an optimum group number for obtaining the highest throughput, this paper gives analytical expressions of maximum network throughput for the proposed protocol as a function of system parameters. The effectiveness of the proposed protocol is shown from simulation results. In addition, the validity of the analytical expressions is confirmed from quantitative agreements between analytical predictions and simulation results.

Kiasu-BC is a recently proposed tweakable variant of the AES-128 block cipher. The designers of Kiasu-BC claim that no more than 7-round Meet-in-the-Middle (MitM) attack can be launched against it. In this letter, we present a MitM attack, utilizing the differential enumeration technique, on the 8-round reduced cipher. The attack has time complexity of 2116 encryptions, memory complexity of 286 128-bit blocks, and data complexity of 2116 plaintext-tweak combinations.