Liu ZHANG Zilong WANG Jinyu LU
Based on the framework of a multi-stage key recovery attack for a large block cipher, 2 and 3-round differential-neural distinguishers were trained for AES using partial ciphertext bits. The study introduces the differential characteristics employed for the 2-round ciphertext pairs and explores the reasons behind the near 100% accuracy of the 2-round differential neural distinguisher. Utilizing the trained 2-round distinguisher, the 3-round subkey of AES is successfully recovered through a multi-stage key guessing. Additionally, a complexity analysis of the attack is provided, validating the effectiveness of the proposed method.
Katsuya KOSUKEGAWA Kazuhiko KAWAMOTO
We considered the problem of forecasting the degradation recovery process of civil structures for prognosis and health management. In this process, structural health degrades over time but recovers when a maintenance intervention is performed. Maintenance interventions are typically recorded in terms of date and type. Such records can be represented as binary time series. Using binary maintenance intervention records, we forecast the process by using Long Short-Term Memory (LSTM). In this study, we experimentally examined how to feed binary time series data into LSTM. To this end, we compared the concatenation and reinitialization methods. The former is used to concatenate maintenance intervention records and health data and feed them into LSTM. The latter is used to reinitialize the LSTM internal memory when maintenance intervention is performed. The experimental results with the synthetic data revealed that the concatenation method outperformed the reinitialization method.
Xinqun LIU Tao LI Yingxiao ZHAO Jinlin PENG
Conventional Nyquist folding receiver (NYFR) uses zero crossing rising (ZCR) voltage times to control the RF sample clock, which is easily affected by noise. Moreover, the analog and digital parts are not synchronized so that the initial phase of the input signal is lost. Furthermore, it is assumed in most literature that the input signal is in a single Nyquist zone (NZ), which is inconsistent with the actual situation. In this paper, we propose an improved architecture denominated as a dual-channel NYFR with adjustable local oscillator (LOS) and an information recovery algorithm. The simulation results demonstrate the validity and viability of the proposed architecture and the corresponding algorithm.
Tetsuya IIZUKA Meikan CHIN Toru NAKURA Kunihiro ASADA
This paper proposes a reference-clock-less quick-start-up CDR that resumes from a stand-by state only with a 4-bit preamble utilizing a phase generator with an embedded Time-to-Digital Converter (TDC). The phase generator detects 1-UI time interval by using its internal TDC and works as a self-tunable digitally-controlled delay line. Once the phase generator coarsely tunes the recovered clock period, then the residual time difference is finely tuned by a fine Digital-to-Time Converter (DTC). Since the tuning resolution of the fine DTC is matched by design with the time resolution of the TDC that is used as a phase detector, the fine tuning completes instantaneously. After the initial coarse and fine delay tuning, the feedback loop for frequency tracking is activated in order to improve Consecutive Identical Digits (CID) tolerance of the CDR. By applying the frequency tracking architecture, the proposed CDR achieves more than 100bits of CID tolerance. A prototype implemented in a 65nm bulk CMOS process operates at a 0.9-2.15Gbps continuous rate. It consumes 5.1-8.4mA in its active state and 42μA leakage current in its stand-by state from a 1.0V supply.
Hashcash, which is a Proof of Work (PoW) of bitcoin, is based on a preimage problem of hash functions of SHA-2 and RIPEMD. As these hash functions employ the Merkle-Damgard (MD) construction, a preimage can be found with negligible memory. Since such calculations can be accelerated by dedicated ASICs, it has a potential risk of a so-called 51% attack. To address this issue, we propose a new PoW scheme based on the key recovery problem of cascade block ciphers. By choosing the appropriate parameters, e.g., block sizes and key sizes of underlying block ciphers, we can make this problem a memory-hard problem such that it requires a lot of memory to efficiently solve it. Besides, we can independently adjust the required time complexity and memory complexity, according to requirements by target applications and progress of computational power.
Reboot-based recovery is a simple but powerful method to recover applications from failures and unstable states. Reboot-based recovery faces a challenge to apply it to a new type of applications, in-memory databases (DBs). Unlike legacy applications, since rebooting in-memory DBs loses memory objects including key-value pairs and DB blocks, it is required to restore them, causing severe performance degradation after the reboot. This paper presents an approach that allows us to perform reboot-based recovery of in-memory DBs with lower performance degradation. Our key insight is to decouple data content objects from all the memory objects. Our approach treats data items as data content objects, preserves data content objects on memory across reboots, and enforces restarted in-memory DBs to attach them. To show the effectiveness of our approach, we elaborate the idea into two real-world DBs, MyRocks and memcached. The prototypes successfully mitigate performance degradation after their reboot-based recovery.
Tianshi MU Huabing ZHANG Jian WANG Huijuan LI
With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.
The previous communication-induced checkpointing may considerably induce worthless forced checkpoints because each process receiving messages cannot obtain sufficient information related to non-causal Z-paths. This paper presents an enhanced sender-based message logging protocol applicable to any communication-induced checkpointing to lead to a high decrease of the forced checkpointing overhead of communication-induced checkpointing in an effective way while permitting no useless checkpoint. The protocol allows each process sending a message to know the exact timestamp of the receiver of the message in its logging procedures without any extra message. Simulation verifies their great efficiency of overhead alleviation regardless of communication patterns.
This paper proposes a pulse-width modulated (PWM) signaling[1] to send clock and data over a pair of channels for in-vehicle network where a closed chain of point-to-point (P2P) interconnection between electronic control units (ECU) has been established. To improve detection speed and margin of proposed receiver, we also proposed a novel clock and data recovery (CDR) scheme with 0.5 unit-interval (UI) tuning range and a PWM generator utilizing 10 equally-spaced phases. The feasibility of proposed system has been proved by successfully detecting 1.25 Gb/s data delivered via 3 ECUs and inter-channels in 180 nm CMOS technology. Compared to previous study, the proposed system achieved better efficiency in terms of power, cost, and reliability.
As NAND flash-based storage has been settled, a flash translation layer (FTL) has been in charge of mapping data addresses on NAND flash memory. Many FTLs implemented various mapping schemes, but the amount of mapping data depends on the mapping level. However, the FTL should contemplate mapping consistency irrespective of how much mapping data dwell in the storage. Furthermore, the recovery cost by the inconsistency needs to be considered for a faster storage reboot time. This letter proposes a novel method that enhances the consistency for a page-mapping level FTL running a legacy logging policy. Moreover, the recovery cost of page mappings also decreases. The novel method is to adopt a virtually-shrunk segment and deactivate page-mapping logs by assembling and storing the segments. This segment scheme already gave embedded NAND flash-based storage enhance its response time in our previous study. In addition to that improved result, this novel plan maximizes the page-mapping consistency, therefore improves the recovery cost compared with the legacy page-mapping FTL.
This paper presents new key correlations of the keystream bytes generated from RC4 and their application to plaintext recovery on WPA-TKIP. We first observe new key correlations between two bytes of the RC4 key pairs and a keystream byte in each round, and provide their proofs. We refer to these correlations as iterated RC4 key correlations since two bytes of the RC4 key pairs are iterated every 16 rounds. We then extend the existing attacks by Isobe et al. at FSE 2013 and AlFardan et al. at USENIX Security 2013, 0and finally propose an efficient attack on WPA-TKIP. We refer to the proposed attack as chosen plaintext recovery attack (CPRA) since it chooses the best approach for each byte from a variety of the existing attacks. In order to recover the first 257 bytes of a plaintext on WPA-TKIP with success probability of at least 90%, CPRA requires approximately 230 ciphertexts, which are approximately half the number of ciphertexts for the existing attack by Paterson et al. at FSE 2014.
In this short note, we formally show that Keyed-Homomorphic Public Key Encryption (KH-PKE) is secure against key recovery attacks and ciphertext validity attacks that have been introduced as chosen-ciphertext attacks for homomorphic encryption.
How to restore virtual network against substrate network failure (e.g. link cut) is one of the key challenges of network virtualization. The traditional virtual network recovery (VNR) methods are mostly based on the idea of centralized control. However, if multiple virtual networks fail at the same time, their recovery processes are usually queued according to a specific priority, which may increase the average waiting time of users. In this letter, we study distributed virtual network recovery (DVNR) method to improve the virtual network recovery efficiency. We establish exclusive virtual machine (VM) for each virtual network and process recovery requests of multiple virtual networks in parallel. Simulation results show that the proposed DVNR method can obtain recovery success rate closely to centralized VNR method while yield ~70% less average recovery time.
Sugang XU Goshi SATO Masaki SHIRAIWA Katsuhiro TEMMA Yasunori OWADA Noboru YOSHIKANE Takehiro TSURITANI Toshiaki KURI Yoshinari AWAJI Naruto YONEMOTO Naoya WADA
Large-scale disasters can lead to a severe damage or destruction of optical transport networks including the data-plane (D-plane) and control and management-plane (C/M-plane). In addition to D-plane recovery, quick recovery of the C/M-plane network in modern software-defined networking (SDN)-based fiber optical networks is essential not only for emergency control of surviving optical network resources, but also for quick collection of information related to network damage/survivability to enable the optimal recovery plan to be decided as early as possible. With the advent of the Internet of Things (IoT) technologies, low energy consumption, and low-cost IoT devices have been more common. Corresponding long-distance networking technologies such as low-power wide-area (LPWA) and LPWA-based mesh (LPWA-mesh) networks promise wide coverage sensing and environment data collection capabilities. We are motivated to take an infrastructure-less IoT approach to provide long-distance, low-power and inexpensive wireless connectivity and create an emergency C/M-plane network for early disaster recovery. In this paper, we investigate the feasibility of fiber networks C/M-plane recovery using an IoT-based extremely narrow-band, and lossy links system (FRENLL). For the first time, we demonstrate a field-trial experiment of a long-latency/loss tolerable SDN C/M-plane that can take advantage of widely available IoT resources and easy-to-create wireless mesh networks to enable the timely recovery of the C/M-plane after disaster.
Yoshihide KOMATSU Akinori SHINMYO Mayuko FUJITA Tsuyoshi HIRAKI Kouichi FUKUDA Noriyuki MIURA Makoto NAGATA
With increasing technology scaling and the use of lower voltages, more research interest is being shown in variability-tolerant analog front end design. In this paper, we describe an adaptive amplitude control transmitter that is operated using differential signaling to reduce the temperature variability effect. It enables low power, low voltage operation by synergy between adaptive amplitude control and Vth temperature variation control. It is suitable for high-speed interface applications, particularly cable interfaces. By installing an aggressor circuit to estimate transmitter jitter and changing its frequency and activation rate, we were able to analyze the effects of the interface block on the input buffer and thence on the entire system. We also report a detailed estimation of the receiver clock-data recovery (CDR) operation for transmitter jitter estimation. These investigations provide suggestions for widening the eye opening of the transmitter.
Lu YIN Junfeng LI Yonghong YAN Masato AKAGI
The simultaneous utterances impact the ability of both the hearing-impaired persons and automatic speech recognition systems. Recently, deep neural networks have dramatically improved the speech separation performance. However, most previous works only estimate the speech magnitude and use the mixture phase for speech reconstruction. The use of the mixture phase has become a critical limitation for separation performance. This study proposes a two-stage phase-aware approach for multi-talker speech separation, which integrally recovers the magnitude as well as the phase. For the phase recovery, Multiple Input Spectrogram Inversion (MISI) algorithm is utilized due to its effectiveness and simplicity. The study implements the MISI algorithm based on the mask and gives that the ideal amplitude mask (IAM) is the optimal mask for the mask-based MISI phase recovery, which brings less phase distortion. To compensate for the error of phase recovery and minimize the signal distortion, an advanced mask is proposed for the magnitude estimation. The IAM and the proposed mask are estimated at different stages to recover the phase and the magnitude, respectively. Two frameworks of neural network are evaluated for the magnitude estimation on the second stage, demonstrating the effectiveness and flexibility of the proposed approach. The experimental results demonstrate that the proposed approach significantly minimizes the distortions of the separated speech.
Takanori ISOBE Kyoji SHIBUTANI
In this paper, we explore the security of single-key Even-Mansour ciphers against key-recovery attacks. First, we introduce a simple key-recovery attack using key relations on an n-bit r-round single-key Even-Mansour cipher (r-SEM). This attack is feasible with queries of DTr=O(2rn) and $2^{rac{2r}{r + 1}n}$ memory accesses, which is $2^{rac{1}{r + 1}n}$ times smaller than the previous generic attacks on r-SEM, where D and T are the number of queries to the encryption function EK and the internal permutation P, respectively. Next, we further reduce the time complexity of the key recovery attack on 2-SEM by a start-in-the-middle approach. This is the first attack that is more efficient than an exhaustive key search while keeping the query bound of DT2=O(22n). Finally, we leverage the start-in-the-middle approach to directly improve the previous attacks on 2-SEM by Dinur et al., which exploit t-way collisions of the underlying function. Our improved attacks do not keep the bound of DT2=O(22n), but are the most time-efficient attacks among the existing ones. For n=64, 128 and 256, our attack is feasible with the time complexity of about $2^{n} cdot rac{1}{2 n}$ in the chosen-plaintext model, while Dinur et al.'s attack requires $2^{n} cdot rac{{ m log}(n)}{ n} $ in the known-plaintext model.
Kouji HIRATA Hiroshi YAMAMOTO Shohei KAMAMURA Toshiyuki OKA Yoshihiko UEMATSU Hideki MAEDA Miki YAMAMOTO
This paper proposes a traveling maintenance method based on the resource pool concept, as a new network maintenance model. For failure recovery, the proposed method utilizes permissible time that is ensured by shared resource pools. In the proposed method, even if a failure occurs in a communication facility, maintenance staff wait for occurrence of successive failures in other communication facilities during the permissible time instead of immediately tackling the failure. Then, the maintenance staff successively visit the communication facilities that have faulty devices and collectively repair them. Therefore, the proposed method can reduce the amount of time that the maintenance staff take for fault recovery. Furthermore, this paper provides a system design that optimizes the proposed traveling maintenance according to system requirements determined by the design philosophy of telecommunication networks. Through simulation experiments, we show the effectiveness of the proposed method.
Yi GUO Heming SUN Ping LEI Shinji KIMURA
Approximate computing has emerged as a promising approach for error-tolerant applications to improve hardware performance at the cost of some loss of accuracy. Multiplication is a key arithmetic operation in these applications. In this paper, we propose a low-cost approximate multiplier design by employing new probability-driven inexact compressors. This compressor design is introduced to reduce the height of partial product matrix into two rows, based on the probability distribution of the sum result of partial products. To compensate the accuracy loss of the multiplier, a grouped error recovery scheme is proposed and achieves different levels of accuracy. In terms of mean relative error distance (MRED), the accuracy losses of the proposed multipliers are from 1.07% to 7.86%. Compared with the Wallace multiplier using 40nm process, the most accurate variant of the proposed multipliers can reduce power by 59.75% and area by 42.47%. The critical path delay reduction is larger than 12.78%. The proposed multiplier design has a better accuracy-performance trade-off than other designs with comparable accuracy. In addition, the efficiency of the proposed multiplier design is assessed in an image processing application.
Songlin DU Yuhao XU Tingting HU Takeshi IKENAGA
High frame rate and ultra-low delay matching system plays an important role in various human-machine interactive applications, which demands better performance in matching deformable and out-of-plane rotating objects. Although many algorithms have been proposed for deformation tracking and matching, few of them are suitable for hardware implementation due to complicated operations and large time consumption. This paper proposes a hardware-oriented template update and recovery method for high frame rate and ultra-low delay deformation matching system. In the proposed method, the new template is generated in real time by partially updating the template descriptor and adding new keypoints simultaneously with the matching process in pixels (proposal #1), which avoids the large inter-frame delay. The size and shape of region of interest (ROI) are made flexible and the Hamming threshold used for brute-force matching is adjusted according to pixel position and the flexible ROI (proposal #2), which solves the problem of template drift. The template is recovered by the previous one with a relative center-shifting vector when it is judged as lost via region-wise difference check (proposal #3). Evaluation results indicate that the proposed method successfully achieves the real-time processing of 784fps at the resolution of 640×480 on field-programmable gate array (FPGA), with a delay of 0.808ms/frame, as well as achieves satisfactory deformation matching results in comparison with other general methods.