The ESIGN signature scheme was initially proposed in 1985. Since then, several variants have been proposed, but only a few have been formally supported using the methodology of provable security. In addition, these schemes are different from the ESIGN-PSS signature scheme submitted to ISO/IEC-14888-2 for standardization. It is believed that ESIGN-PSS is secure against the chosen-message attack, however, there has not yet been any report verifying this belief. This paper presents the security proofs of ESIGN-PSS and a variant of this scheme, denoted ESIGN-PSS-R, which is a signature scheme comprising the ESIGN signature mechanism and the PSS-R mechanism.

Although a great deal of research has been done on electronic cash schemes with blind multisignatures to prevent an insider attack, there is no discussion of a formal security model in the literature. Firstly we discussed the security model of e-cash schemes based on the blind multisignature scheme against a (restricted) attack model and proposed a concrete scheme proven to be secure in the model [1]; however, this attack model disallows an attacker from corrupting an issuing bank and shops in the forgery game. In this paper, first, we reconsider the security model to remove the restriction of the attack model. Second, we propose a new untraceable e-cash scheme with a blind multisignature scheme and prove that the proposed scheme is secure against the (non-restricted) attacks under the DDH assumption in the random oracle model.

Business Processes are considered a crucial issue by many enterprises because they are the key to maintain competitiveness. Moreover, business processes are important for software developers, since they can capture from them the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. Security is important for business performance, but traditionally, it is considered after the business processes definition. Empirical studies show that, at the business process level, customers, end users, and business analysts are able to express their security needs. In this work, we will present a proposal aimed at integrating security requirements through business process modeling. We will summarize our Business Process Modeling Notation extension for modeling secure business process through Business Process Diagrams, and we will apply this approach to a typical health-care business process.

To control various access privileges in group-oriented applications having multiple data streams, we present a novel reactive key management scheme where each member can obtain the key of a data stream from public parameters only when necessary. Compared with the previous schemes, this scheme significantly reduces the amount of rekey messages for dynamic membership change due to its reactive nature.

Web metering is an effective means of measuring the number of visits from clients to Web servers during a specific time frame. Naor and Pinkas, in 1998, first introduced metering schemes to evaluate the popularity of Web servers. Ogata and Kurosawa proposed two schemes that improve on the Naor-Pinkas metering schemes. This study presents a Web metering scheme which is based on the bilinear pairings and built on the GDH group. The proposed scheme can resist fraud attempts by malicious Web servers and disruptive attacks by malicious clients.

The electromagnetic disturbance that leaks from ICT (information and communications technology) equipment might contain important information. Our measurements show that the information hidden inside of the electromagnetic disturbance can be monitored. First, we measured the level of the electromagnetic disturbance that leaks from laser printers and collected the waveform in the time domain. Then, we reconstructed the printed image from the data. As a result of our measurements, we found that at points 200 cm away or beyond it is difficult to reconstruct the printed image, and therefore the threat to electromagnetic security is not significant.

Due to the exponentially increasing threat of cyber attacks, many e-commerce organizations around the world have begun to recognize the importance of information security. When considering the importance of security in e-commerce, we need to train e-commerce security experts who can help ensure the reliable deployment of e-commerce. The purpose of this research is to design and evaluate an e-commerce security curriculum useful in training e-commerce security experts. In this paper, we use a phase of the Delphi method and the Analytic Hierarchy Process (AHP) method. To validate our results, we divide the respondents into two groups and compare the survey results.

A secure and efficient route discovery protocol is proposed for ad hoc networks, where only one-way hash functions are used to authenticate nodes in the ROUTE REQUEST, while additional public-key cryptography is used to guard against active attackers disguising a node in the ROUTE REPLY.

We propose a model for constructing a multilayered boundary in an information system to defend against intrusive anomalies by correlating a number of parametric anomaly detectors. The model formulation is based on two observations. First, anomaly detectors differ in their detection coverage or blind spots. Second, operating environments of the anomaly detectors reveal different information about system anomalies. The correlation among observation-specific anomaly detectors is first formulated as a Partially Observable Markov Decision Process, and then a policy-gradient reinforcement learning algorithm is developed for an optimal cooperation search, with the practical objectives being broader overall detection coverage and fewer false alerts. A host-based experimental scenario is developed to illustrate the principle of the model and to demonstrate its performance.

Blind signatures allow a signer to digitally sign a document without being able to glean any information about the document. In this paper, we investigate the symmetric analog of blind signatures, namely blind message authentication codes (blind MACs). One may hope to get the same efficiency gain from blind MAC constructions as is usually obtained when moving from asymmetric to symmetric cryptosystems. Our main result is a negative one however: we show that the natural symmetric analogs of the unforgeability and blindness requirements cannot be simultaneously satisfied. Faced with this impossibility, we show that blind MACs do exist (under the one-more RSA assumption in the random oracle model) in a more restrictive setting where users can share common state information. Our construction, however, is only meant to demonstrate the existence; it uses an underlying blind signature scheme, and hence does not achieve the desired performance benefits. The construction of an efficient blind MAC scheme in this restrictive setting is left as an open problem*.

In 2004, Tsuji and Shimizu proposed a one-time password authentication protocol, named 2GR (Two-Gene-Relation password authentication protocol). The design goal of the 2GR protocol is to eliminate the stolen-verifier attack on SAS-2 (Simple And Secure password authentication protocol, ver.2) and the theft attack on ROSI (RObust and SImple password authentication protocol). Tsuji and Shimizu claimed that in the 2GR an attacker who has stolen the verifiers from the server cannot impersonate a legitimate user. This paper, however, will point out that the 2GR protocol is still vulnerable to an impersonation attack, in which any attacker can, without stealing the verifiers, masquerade as a legitimate user.

There are many kinds of control networks, which have been used in various non-IP network areas, such as BA (Building Automation), FA (Factory Automation) and PA (Process Automation). They are now introducing IP and face the issues of security and configuration complexity. The authors have proposed a model which intends to solve these issues while satisfying restrictions, i.e. small embedded devices, isolated networks and private naming system/name space, which are required when introducing new functionality into existing control networks. Secure bootstrap sequence and device-to-device communication using the chain of trust are the points of the model. This paper shows the practicability of the model through implementing the model experimentally.

The present paper proposes a novel cache architecture, called SCache, to detect buffer overflow attacks at run time. In addition, we evaluate the energy-security efficiency of the proposed architecture. On a return-address store, SCache generates one or more copies of the return address value and saves them as read only in the cache area. The number of copies generated strongly affects both energy consumption and vulnerability. When the return address is loaded (or popped), the cache compares the value loaded from the memory stack with the corresponding copy existing in the cache. If they are not the same, then return-address corruption has occurred. In the present study, the proposed approach is shown to protect more than 99.5% of return-address loads from the threat of buffer overflow attacks, while increasing the total cache-energy consumption by, at worst, approximately 23%, compared to a well-known low-power cache. Furthermore, we explore the tradeoff between energy consumption and security, and our experimental results show that an energy-aware SCache model provides relatively higher security with only a 10% increase in energy consumption.

Large-throughput anomaly prevention mechanism in the upstream side of high-speed (over 10-Gbps) networks is required to prevent various anomalies such as distributed denial of service (DDoS) from causing various network problems. This mechanism requests the processors achieving not only high-speed response for analyzing many packets in a short time but also the flexibility to update the anomaly prevention algorithm. In this research, I assumed a dynamic reconfigurable processor (DRP) was most effective in achieving this anomaly prevention mechanism, for processors used in nodes with the mechanism, and I designed an anomaly prevention mechanism using DRPs. The mechanism can shorten anomaly prevention time in high-speed (10 Gbps) lines using an all-packet analysis. Through a simulation, I achieved the goal of the mechanism achieving a throughput of 83-M packets per second using three DRPs (432 execution elements used). Moreover, with the prototype, it was confirmed that the proposed mechanism prevented anomalies in a short time (constant 0.01 second), which was 3000 times faster than that of a legacy mechanism using a packet sampling method. I also proposed integrated prevention, which was able to reduce the number of execution elements comprising anomaly prevention algorithm against various kinds of anomalies. It was achieved with a simulation that the proposed integrated prevention against three kinds of anomalies (DDoS, worm, and peer to peer (P2P)) reduced the number of execution elements by 24% compared to legacy prevention. In addition, non-stop update was proposed to maintain throughput when updating an anomaly prevention algorithm without packet loss. It was confirmed with a simulation that there was enough time for non-stop update in 10 Gbps 4 lines.

Efficient group rekeying is an important issue for secure group communications. Most of the proposed group rekeying methods require expensive encryption and decryption operations to rekey the group. However, in a model where a trusted server is used to distribute group keys, the trusted server may become a bottleneck because of the expensive computation operations, such as encryption, that it has to perform. In this paper, we propose a new stateless group rekeying scheme to solve the multicast group rekeying problem. In our proposed scheme, the trusted server combines mask-based key-location hiding with the simple XOR-encryption using secret hash values to rekey the group. Without affecting the system security, our approach reduces the processing cost of the trusted server by eliminating the need to encrypt the group key. Moreover, to acquire the group key, the computational cost of the group members is low and stable regardless of the rekeying message size.

Lam, Chung, Gu and Sun (2003) proposed a lightweight security mechanism for mobile commerce transactions to meet the security needs in the face of the resource constraints of mobile devices. End-to-end security between the mobile device and the mobile commerce provider is established. However, its security builds on the assumption that customers can confirm every mobile commerce provider's public key by themselves before each transaction. Moreover, the mechanism still produces high overhead on the mobile device. This paper elucidates the causes of these drawbacks, and an enhanced mechanism is also proposed to protect mobile commerce transactions more effectively and efficiently.

A distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim or its Internet connection, or both. Defense against DDoS attacks as well as identification of their sources comprise demanding challenges in the realm of Internet security studies. In this paper, effective measures are proposed for detecting attacks in routers through the use of queuing models, which help detect attacks closer to the attack sources. Utilizing these measures, an effective DDoS attack detection and packet-filtering scheme is proposed. The suggested approach is a cooperative technique among routers intended to protect the network from persistent and severe congestion arising from a rapid increase in attack traffic. Through computer simulations, it is shown that the proposed scheme can trace attacks near to the attack sources, and can effectively filter attack packets.

Recently with the high expectation of voice over WLAN service, to support fast inter-AP security transition in WLAN Access Point (AP) is one of the most actively investigating issues. It is also very important problem to minimize inter-AP security transition (IAPST) latency, while maintaining constantly the secure association from old AP when a station transits to new AP. With this background, this paper presents a novel association control mechanism whose objective pursues to minimize IAPST latency time and to take countermeasures against attacks of rogue transition station. Experiment shows that the proposed scheme outperforms the legacy AP over 70% with regard to the transition latency.

The Virtual Software Token Protocol was proposed by Know as a practical method for secure public key infrastructure roaming. However, he recently found a weakness of the protocol under the original assumption, and proposed two revised versions, namely refinement and improvement, which lost the desirable properties of scalability and efficiency respectively. In this letter, a secure improvement is proposed for better performance in both scalability and efficiency. Unlike the author's improvement, our improvement provides parallel execution as the original protocol did.

We consider a network, where a special data called certificate is issued between two users, and all certificates issued by the users in the network can be represented by a directed graph. For any two users u and v, when u needs to send a message to v securely, v's public-key is needed. The user u can obtain v's public-key using the certificates stored in u and v. We need to disperse the certificates to the users such that when a user wants to send a message to the other user securely, there are enough certificates in them to get the reliable public-key. In this paper, when a certificate graph and a set of communication requests are given, we consider the problem to disperse the certificates among the nodes in the network, such that the communication requests are satisfied and the total number of certificates stored in the nodes is minimized. We formulate this problem as MINIMUM CERTIFICATE DISPERSAL (MCD for short). We show that MCD is NP-Complete, even if its input graph is restricted to a strongly connected graph. We also present a polynomial-time 2-approximation algorithm MinPivot for strongly connected graphs, when the communication requests satisfy some restrictions. We introduce some graph classes for which MinPivot can compute optimal dispersals, such as trees, rings, and some Cartesian products of graphs.