CLEFIA is a 128-bit block cipher proposed by Shirai et al. at FSE2007. It has been reported that CLEFIA has a 9-round saturation characteristic, in which 32bits of the output of 9-th round 112-th order differential equals to zero. By using this characteristic, a 14-round CLEFIA with 256-bit secret key is attacked with 2113 blocks of chosen plaintext and 2244.5 times of data encryption. In this paper, we focused on a higher order differential of CLEFIA. This paper introduces two new concepts for higher order differential which are control transform for the input and observation transform for the output. With these concepts, we found a new 6-round saturation characteristic, in which 24bits of the output of 6-th round 9-th order differential equals to zero. We also show a new 9-round saturation characteristic using 105-th order differential which is a 3-round extension of the 6-round one. If we use it, instead of 112-th order differential, using the meet-in-the-middle attack technique for higher order differential table, the data and computational complexity for the attack to 14-round CLEFIA can be reduced to around 2-5, 2-34 of the conventional attack, respectively.

This letter improves two adaptive steganographic methods in Refs. [5], [6], which utilize the remainders of two consecutive pixels to record the information of secret data. Through analysis, we point out that they perform mistakenly under some conditions, and the recipient cannot extract the secret data exactly. We correct these by enlarging the adjusting range of the remainders of two consecutive pixels within the block in the embedding procedure. Furthermore, the readjusting phase in Ref. [6] is improved by allowing every two-pixel block to be fully modified, and then the sender can select the best choice that introduces the smallest embedding distortion. Experimental results show that the improved method not only extracts secret data exactly but also reduces the embedding distortion.

A hash function is an important primitive for cryptographic protocols. Since algorithms of well-known hash functions are almost serial, it seems difficult to take full advantage of recent multi-core processors. This paper proposes a multilane hashing (MLH) mode that achieves both of high parallelism and high security. The MLH mode is designed in such a way that the processing speed is almost linear in the number of processors. Since the MLH mode exploits an existing hash function as a black box, it is applicable to any hash function. The bound on the indifferentiability of the MLH mode from a random oracle is beyond the birthday bound on the output length of an underlying primitive.

We present transmission- and reflection-type measurement methods for the differential mode delay (DMD) of a multimode optical fiber (MMF) optimized for high-speed local area networks (LANs) for the 850-nm band. Compared with a previously reported transmission-type measurement method for the 1550-nm wavelength band, we demonstrate here high-resolution DMD measurement methods for MMFs in the 850-nm band. As the method is based on a Fourier-domain intermodal interference technique, the measurement sensitivity is ∼60-dB, and it requires a fiber only a few meters in length. The shorter wavelength also allows a threefold improvement in the measurement resolution. The reflection-type measurement technique is a more practical than the transmission-type measurement technique for the field testing of short MMFs already installed in networks. We believe that this method will be a practical tool not only for field testing of short-length MMFs already installed in networks but also for the development of new plastic optical fibers (POFs).

Mutual information (MI) is a standard measure of statistical dependence of random variables. However, due to the log function and the ratio of probability densities included in MI, it is sensitive to outliers. On the other hand, the L2-distance variant of MI called quadratic MI (QMI) tends to be robust against outliers because QMI is just the integral of the squared difference between the joint density and the product of marginals. In this paper, we propose a kernel least-squares QMI estimator called least-squares QMI (LSQMI) that directly estimates the density difference without estimating each density. A notable advantage of LSQMI is that its solution can be analytically and efficiently computed just by solving a system of linear equations. We then apply LSQMI to dependence-maximization clustering, and demonstrate its usefulness experimentally.

A Simple decoding method for short-range MIMO (SR-MIMO) transmission can reduce the power consumption for MIMO decoding, but the distance between the transceivers requires millimeter-order accuracy in order to satisfy the required transmission quality. In this paper, we propose a phase difference control method between each propagation channel to alleviate the requirements for the transmission distance accuracy. In the proposed method, the phase difference between each propagation channel is controlled by changing the transmission (or received) power ratio of each element of sub-array antennas. In millimeter-wave broadband transmission simulation, we clarified that when sub-array antenna spacing is set to 6.6 mm and element spacing of sub-array antenna is set to 2.48mm, the proposed method can extend the transmission distance range satisfying the required transmission quality, which is that bit error rate (BER) before error correction is less than 10-2 from 9∼29mm to 0∼50mm in QPSK, from 15∼19mm to 0∼30mm in 16QAM, and from only 15mm to 4∼22mm in 64QAM.

With the approval of IEEE 1901 standard for power line communications (PLC) and the recent Internet-enable home appliances like the IPTV having access to a content-on-demand service through the Internet as AcTVila in Japan, there is no doubt that PLC has taken a great step forward to emerge as the preeminent in-home-network technology. However, existing schemes developed so far have not considered the PLC network connected to an unstable Internet environment (i.e. more realistic situation). In this paper, we investigate the communication performance from the end-user's perspective in networks with large and variable round-trip time (RTT) and with the existence of cross-traffic. Then, we address the problem of unfair bandwidth allocation when multiple and different types of flows coexist and propose a TCP rate control considering the difference in terms of end-to-end delay to solve it. We validate our methodology through simulations, and show that it effectively deals with the throughput unfairness problem under critical communication environment, where multiple flows with different RTTs share the PLC and cross-traffic exists on the path of the Internet.

This paper introduces a radio frequency identification (RFID) tag for urination detection. The proposed tag is embedded into paper diapers in order to detect the patient's urination immediately. For this tag, we designed an RFID tag antenna at 950MHz, which matches the impedance of the associated integrated circuit (IC) chip. In addition, we calculate the antenna characteristics and measure the reflection coefficient (S11) and radiation pattern of the antenna. The results show that this system can be used to detect urination.

We present a round addition differential fault analysis (DFA) for some lightweight 80-bit block ciphers. It is shown that only one correct ciphertext and two faulty ciphertexts are required to reconstruct secret keys in 80-bit Piccolo and TWINE, and the reconstructions are easier than 128-bit CLEFIA.

Information security has been seriously threatened by the differential power analysis (DPA). Delay-based dual-rail precharge logic (DDPL) is an effective solution to resist these attacks. However, conventional DDPL convertors have some shortcomings. In this paper, we propose improved convertor pairs based on dynamic logic and a sense amplifier (SA). Compared with the reference CMOS-to-DDPL convertor, our scheme could save 69% power consumption. As to the comparison of DDPL-to-CMOS convertor, the speed and power performances could be improved by 39% and 54%, respectively.

A specification for digital cinema systems which deal with movies digitally from production to delivery as well as projection on the screens is recommended by DCI (Digital Cinema Initiative), and the systems based on this specification have already been developed and installed in theaters. The parameters of the systems that play an important role in determining image quality include image resolution, quantization bit depth, color space, gamma characteristics, and data compression methods. This paper comparatively discusses a relation between required bit depth and gamma quantization using both of a human visual system for grayscale images and two color difference models for color images. The required bit depth obtained from a contrast sensitivity function against grayscale images monotonically decreases as the gamma value increases, while it has a minimum value when the gamma is 2.9 to 3.0 from both of the CIE 1976 L* a* b* and CIEDE2000 color difference models. It is also shown that the bit depth derived from the contrast sensitivity function is one bit greater than that derived from the color difference models at the gamma value of 2.6. Moreover, a comparison between the color differences computed with the CIE 1976 L* a* b* and CIEDE2000 leads to a same result from the view point of the required bit depth for digital cinema systems.

This paper proposes a method for evaluating visual differences caused by decimation. In many applications it is important to evaluate visual differences of two different images. There exist many image assessment methods that utilize the model of the human visual system (HVS), such as the visual difference predictor (VDP) and the Sarnoff visual discrimination model. In this paper, we extend and elaborate on the conventional image assessment method for the purpose of evaluating the visual difference caused by the image decimation. Our method matches actual human evaluation more and requires less computational complexity than the conventional method.

We design and fabricate a double-layer hollow-waveguide slot array antenna with wide bandwidth and high antenna efficiency for the 120 GHz band. The antenna is fabricated by diffusion bonding of laminated thin metal plates for high precision and perfect electrical contact. The 1616-element antenna shows more than 70% antenna efficiency over a 13 GHz bandwidth. Furthermore, it realizes error-free data transmission in 2.5 m distance at up to 10 Gbit/s. To our knowledge, this is the first report of the design and fabrication of a high-efficiency wideband planar antenna for the 120 GHz band.

In this paper, a stochastic asymptotic stabilization method is proposed for deterministic input-affine control systems, which are randomized by including Gaussian white noises in control inputs. The sufficient condition is derived for the diffusion coefficients so that there exist stochastic control Lyapunov functions for the systems. To illustrate the usefulness of the sufficient condition, the authors propose the stochastic continuous feedback law, which makes the origin of the Brockett integrator become globally asymptotically stable in probability.

In this paper, we propose an identity-based authenticated key exchange (ID-AKE) protocol that is secure in the identity-based extended Canetti-Krawczyk (id-eCK) model in the random oracle model under the gap Bilinear Diffie-Hellman assumption. The proposed ID-AKE protocol is the most efficient among the existing ID-AKE protocols that is id-eCK secure, and it can be extended to use in asymmetric pairing.

In the sensor networks for surveillance, the requirements of providing energy efficiency and service differentiation, which is to deliver high-priority packets preferentially, while maintaining high goodput, which is to deliver many packets within their deadline are increasing. However, previous works have difficulties in satisfying the requirements simultaneously. Thus, we propose GES-MAC, which satisfies the requirements simultaneously. GES-MAC reduces idle listening energy consumption by using a duty cycle, periodic listen (i.e., turn on radio module) and sleep (i.e. turn off radio module) of sensor nodes. Cluster-based multi-hop scheduling provides high goodput in a duty-cycled environment by scheduling clusters of nodes in the listen period and opportunistically forwarding data packets in the sleep period. Priority-aware schedule switching makes more high-priority packets reach the sink node by letting high-priority packets preempt the schedules of low-priority packets. In experiments with MICA2 based sensor nodes and in simulations, the energy consumption of the radio module is reduced by 70% compared to the approaches without a duty cycle, while providing 80% 100% goodput of the approaches that provide high goodput. Service differentiation is also supported with little overhead.

This paper examines two-pass authenticated key exchange (AKE) protocols that are secure without the NAXOS technique under the gap Diffie-Hellman assumption in the random oracle model: FHMQV [18], KFU1 [21], SMEN- [13], and UP [17]. We introduce two protocol, biclique DH protocol and multiplied biclique DH protocol, to analyze the subject protocols, and show that the subject protocols use the multiplied biclique DH protocol as internal protocols. The biclique DH protocol is secure, however, the multiplied biclique DH protocol is insecure. We show the relations between the subject protocols from the viewpoint of how they overcome the insecurity of the multiplied biclique DH protocol: FHMQV virtually executes two multiplied biclique DH protocols in sequence with the same ephemeral key on two randomized static keys. KFU1 executes two multiplied biclique DH protocols in parallel with the same ephemeral key. UP is a version of KFU1 in which one of the static public keys is generated with a random oracle. SMEN- can be thought of as a combined execution of two multiplied biclique DH protocols. In addition, this paper provides ways to characterize the AKE protocols and defines two parameters: one consists of the number of static keys, the number of ephemeral keys, and the number of shared secrets, and the other is defined as the total sum of these numbers. When an AKE protocol is constructed based on some group, these two parameters indicate the number of elements in the group, i.e., they are related to the sizes of the storage and communication data.

Diffusion-weighted (DW)-functional magnetic resonance imaging (fMRI) is a recently reported technique for measuring neural activities by using diffusion-weighted imaging (DWI). DW-fMRI is based on the property that cortical cells swell when the brain is activated. This approach can be used to observe changes in water diffusion around cortical cells. The spatial and temporal resolutions of DW-fMRI are superior to those of blood-oxygenation-level-dependent (BOLD)-fMRI. To investigate how the DWI signal intensities change in DW-fMRI measurement, we carried out Monte Carlo simulations to evaluate the intensities before and after cell swelling. In the simulations, we modeled cortical cells as two compartments by considering differences between the intracellular and the extracellular regions. Simulation results suggested that DWI signal intensities increase after cell swelling because of an increase in the intracellular volume ratio. The simulation model with two compartments, which respectively represent the intracellular and the extracellular regions, shows that the differences in the DWI signal intensities depend on the ratio of the intracellular and the extracellular volumes. We also investigated the MPG parameters, b-value, and separation time dependences on the percent signal changes in DW-fMRI and obtained useful results for DW-fMRI measurements.

An instrumental variable (IV) based linear estimator is proposed for effective target localization in sensor network by using time-difference-of-arrival (TDOA) measurement. Although some linear estimation approaches have been proposed in much literature, the target localization based on TDOA measurement still has a room for improvement. Therefore, we analyze the estimation errors of existing localization estimators such as the well-known quadratic correction least squares (QCLS) and the robust least squares (RoLS), and demonstrate advantages of the proposition by comparing the estimation errors mathematically and showing localization results through simulation. In addition, a recursive form of the proposition is derived to consider a real time application.

In forthcoming sensor networks, a multitude of sensor nodes deployed over a large geographical area for monitoring traffic, climate, etc. are expected to become an inevitable infrastructure. Clustering algorithms play an important role in aggregating a large volume of data that are produced continuously by the huge number of sensor nodes. In such networks, equal-sized multi-hop clusters which include an equal number of nodes are useful for efficiency and resiliency. In addition, scalability is important in such large-scale networks. In this paper, we mathematically design a decentralized equal-sized clustering algorithm using a partial differential equation based on the Fourier transform technique, and then design its protocol by discretizing the equation. We evaluated through simulations the equality of cluster sizes and the resiliency against packet loss and node failure in two-dimensional perturbed grid topologies.