ICT development progresses, and many cryptographic algorithms are used. The most of cryptographic algorithms require assumptions to guarantee their security, but it is sometimes not clearly written. This causes many problems. This paper shows previous cases, and suggests to concede cryptographers and system developer each other from an industrial cryptographers viewpoint.

We present a new cryptanalysis approach to analyze the security of a class of authenticated encryption schemes, which shares similarity with the previous length extension attack against hash-function-based MACs. Hence we name our approach by message extension attack. For an authenticated encryption from the target class, it consists of three phases; initialization with nonce and key as input, state update function with associated data and message as input and tag generation with updated state as input. We will show how to mount a forgery attack in the nonce-repeating model under the chosen-plaintext scenario, when both state update function and tag generation is built based on the same function. To demonstrate the effectiveness of our message extension attack approach, we apply it to a dedicated authenticated encryption called PANDA, which is a candidate of the ongoing CAESAR cryptographic competition. We successfully found an existential forgery attack on PANDA with 25 chosen plaintexts, 264 computations, and a negligible memory, and it breaks the claimed 128-bit security for the nonce-repeating model. We note that this is the first result that breaks the security claim of PANDA, which makes it withdrawn from the CAESAR competition by its designer.

This study investigated the relationship between human use of automation and their sensitivity to changes in automation and manual performance. In the real world, automation and manual performance change dynamically with changes in the environment. However, a few studies investigated whether changes in automation or manual performance have more effect on whether users choose to use automation. We used two types of experimental tracking tasks in which the participants had to select whether to use automation or conduct manual operation while monitoring the variable performance of automation and manual operation. As a result, we found that there is a mutual relationship between human use of automation and their sensitivity to automation and manual performance changes. Also, users do not react equally to both automation and manual performance changes although they use automation adequately.

This paper proposed a novel intelligent intrusion detection, decision, response system with fuzzy theory. This system utilized the two essential informations: times and time, of the failed login to decide automatically whether this login is a misuse user as alike as experienced system/security administrators. The database of this system isn't preestablished before working but is built and updated automatically during working. And this system is not only notification system but gives the exact and rapid decision and response to a misuse.