In this paper we propose SAS-Coin, a very practical micro payment scheme based on a hash chain and a simple one time password authentication protocol called SAS. While it has many desirable features of a coin (anonymity etc.), it has no public key operations at any stage and has very little overheads. Moreover authentication is also available and a session key could be generated for encrypted information supply without any additional cost at all. Since there are no public key operations this is extremely useful for mobile telephone applications. This has sufficient security even for larger payments. Comparative analysis with some of the already proposed systems is also done.

With the rising innovative antigens (such as intruders and viruses) through Internet, reliable security mechanisms are required to perceptively detect and put them down. However, defense techniques of the current host system over Internet may not properly analyze Internet antigens, because trends of attacks are unexpectedly shifted. In this paper, we introduce an Antibody Layer that mediates proper security services based on the biological mechanism to rapidly disclose and remove innovative antigens. The proposed Antibody Layer also employs a new topology called antibody cooperation protocol to support real-time security QoS for one host as well as host alliance.

We study how to generalize a key agreement and password authentication protocol on the basis of the well known hard problems such as a discrete logarithm problem and a Diffie-Hellman problem. The key agreement and password authentication protocol is necessary for networked or internetworked environments to provide the user knowledge-based authentication and to establish a new cryptographic key for the further secure session. The generalized protocol implies in this paper to require only weak constraints and to be generalized easily in any other cyclic groups which preserve two hard problems. The low entropy of password has made it difficult to design such a protocol and to prove its security soundness. In this paper, we devise a protocol which is easy to be generalized and show its security soundness in the random oracle model. The proposed protocol reduces the constraints extremely only to avoiding a smooth prime modulus. Our main contribution is in solving the password's low entropy problem in the multiplicative group for the generalization.

In 1996, Chiu and Hsu proposed a multi-role-based access control (MRBAC) policy. Nevertheless, the Chiu-Hsu scheme can be further enforced by role list, union, and intersection (i. e. containment) to deal with the problems regarding the MRBAC and the object role with different security ranks. The author presents an improvement of the Chiu-Hsu scheme using more detailed list structure. This improvement offers some significant advantages.

In the Internet and Mobile communication environment, authentication of the users is very important. Although at present password is extensively used for authentication, bare password transmission suffers from some inherent shortcomings. Several password-based authentication methods have been proposed to eliminate such shortcomings. Those proposed methods have relative demerits as well as merits. In this letter we propose a method where those demerits are eliminated. The prominent feature is security improvement apart from low processing, storage and transmission overheads compared to previous methods. This method can be used in several applications like remote login, encrypted and authenticated communication and electronic payment etc.

This paper proposes an electronic soccer lottery protocol suitable for the Internet environment. Recently, protocols based on public-key schemes such as digital signature have been proposed for electronic voting systems or other similar systems. For a soccer lottery system in particular, it is important to reduce the computational complexity and the amount of communication data required, because we must expect that a large number of tickets will be purchased simultaneously. These problems can be solved by introducing hash functions as the core of protocol. This paper shows a practical soccer lottery system based on bit commitment and hash functions, in which the privacy of prize-winners is protected and illegal acts by the lottery promoter or lottery ticket shops can be revealed.

The Mobile Agent technology helps in the development of applications in open, distributed and heterogeneous environments such as the Internet and the Web, but it has to answer to the requirements of security and interoperability to achieve wide acceptance. The paper focuses on security and interoperability, and describes a Secure and Open Mobile Agent (SOMA) programming environment where both requirements are main design objectives. On the one hand, SOMA is based on a thorough security model and provides a wide range of mechanisms and tools to build and enforce flexible security policies. On the other hand, the SOMA framework permits to interoperate with different application components designed with different programming styles. SOMA grants interoperability by closely considering compliance with the OMG CORBA and MASIF standards. SOMA has already shown the feasibility and effectiveness of the approach for the development of flexible and adaptive applications in several areas, particularly in network and systems management.

Internet Key Exchange (IKE) is very important as an entrance to secure communication over the Internet. The first phase of IKE is based on Diffie-Hellman (DH) key-agreement protocol. Since DH protocol on its own is vulnerable to man-in-the-middle (MIM) attack, IKE provides authentication to protect the protocol from MIM. This authentication owes a lot to public-key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-of-Service (DoS) attacks; computational burden caused by malicious requests may exhaust the CPU resource of the target. DoS attackers can also abuse inappropriate use of Cookies in IKE; as an anti-clogging token, Cookie must eliminate the responder's state during initial exchanges of the protocol while IKE Cookies do not. Thus a large number of malicious requests may exhaust the memory resource of the target. In search of resistance against those DoS attacks, this paper first reviews DoS-resistance of the current version of IKE and basic ideas on DoS-protection. The paper then proposes a DoS-resistant version of three-pass IKE Phase 1 where attackers are discouraged by heavy stateful computation they must do before the attack really burdens the target. DoS-resistance is evaluated in terms of the computational cost and the memory cost caused by bogus requests. The result shows that the proposed version gives the largest ratio of the attacker's cost to the responder's cost.

While the secure concurrency controllers (SCCs) in multilevel secure database systems (MLS/DBMSs) synchronize transactions cleared at different security levels, they must consider the problem of covert channel. We propose a new SCC, named Verified Order-based secure concurrency controller (VO) that founds on multiversion database. VO maintains elaborated information about ordering relationships among transactions in a way of actively investigating and renewing the ordering relationships whenever it receives operations. With the elaborated information, it becomes capable of aborting transactions selectively whose non-interfered executions definitely violate one-copy serializability and providing more recent data versions to read requests than the other multiversion-based SCCs. Therefore, it comes to reduce the abort ratio and provide data versions of improved trustworthiness to transactions. By virtue of the elaborated information, moreover, VO is able to distinguish worthful versions and worthful transactions from worthless ones, so that it is capable lightening the burdens of maintaining multiple versions and accumulated transaction ordering relationships. For the aborts that are inevitable for preserving one-copy serializability, VO achieves security by deriving the conflicts to occur between transactions that have been cleared at the same security level.

Consider a set of parties who do not trust each other but want to compute some agreed function of their inputs in a secure way. This problem is known as multi-party computation. It has various interesting applications including election over the internet, electric contracts, private and secret database, joint signatures, and others. A number of techniques for the problem have been proposed. Secure protocols for multi-paty computation known so far are mainly based on threshold secret sharing, verifiable secret sharing, zero-knowledge proofs, and error-correcting codes. We survey important and interesting results on secure multi-party computation under the existence of various types of adversaries.

This paper proposes an efficient algorithm for finding preimages of the reduced MD4 compression function consisting of only the first round and the third round. We thus show that the reduced MD4 is not a one-way function.

Two classes of nonlinear feedforward logic (NLFFL) pseudonoise (PN) code generators based on the use of AND and majority logic (ML) gates are compared. Cross-correlation and code-division multiple-access (CDMA) properties of properly designed NLFFL sequences are found to be comparable with the properties of well-known linear PN codes. It is determined that code design employing ML gates with an odd number of inputs is easier compared with designing with AND gates. This is especially true when the degree of nonlinearity is large, since the nonbalance problem, e. g. , at the output of an AND gate, can be avoided. ML type sequences are less vulnerable to correlation attack and jamming by the m-sequence of an NLFFL generator

Authentication protocols are necessary for the receiver of a message to ascertain its origin in a distributed environment. Since they exchange cryptographic messages at the beginning of communication, their security is an essential requirement. However, most of the protocols have suffered from several kinds of attacks. A replay attack is one kind of those attacks. Attackers could launch it easily by replaying an eavesdropped message. Moreover, there are many types of replay attacks while most of the formal methods are not capable of detecting them. [3] classified various kinds of replay attacks and proposed a taxonomy. Therefore, it is necessary to verify authentication protocols deliberately with such a taxonomy for a basis. In this paper, at first, we give a clear definition and several remarks on replay attacks. Secondly we review the taxonomy of replay attacks presented in [3], and comment on its minor mistake. Finally we examine on the basis of the taxonomy the password-based authentication protocol, K1P, which was proposed in our earlier papers for protecting weak secrets efficiently. As a result of the examination, we have found that three way mutual K1P shown in [2] was vulnerable to one of replay attacks. Therefore, we improve three way K1P on security against the replay attack. Improved three way K1P is secure against replay attacks as well as guessing attacks and therefore it may be useful for security services of various communication networks.

Detecting security flaws is important in order to keep the database secure. A security flaw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security flaws can occur under the authorization. The main aim of this paper is to show an efficient decision algorithm for detecting a security flaw under a given authorization. This problem is solvable in polynomial time in practical cases by reducing it to the congruence closure problem. This paper also mentions the problem of finding a maximal subset of a given authorization under which no security flaw exists.

We introduce a new methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round functions, round functions with recursive structure, and substitution boxes of different sizes. The first realizes parallel computation of the round functions without losing provable security, and the second reduces the size of substitution boxes; moreover, the last is expected to make algebraic attacks difficult. This structure gives us a simple and effective method for designing secure and fast block ciphers in hardware as well as in software implementation. Block encryption algorithm MISTY was designed on the basis of this methodology.

This paper proposes the first provably secure multi-signature schemes under the random oracle model. The security of our schemes can be proven in the sense of concrete security in Ref. [13]. The proposed schemes are efficient if the random oracle is replaced by practical hash functions. The essential techniques in our proof of security are the optimal reduction from breaking the corresponding identification to breaking signatures (ID Reduction Technique), and the hierarchical heavy row lemmas used in the concrete reduction from solving the primitive problem to breaking the identification scheme.

Privacy, voter uncoercibility, collision freedom, verifiability, and tally correctness are essential properties of modern electronic election systems. None of the single-authority election systems proposed in the literatures achieves all the above five properties. In this paper we propose a universal single-authority election system that satisfies the five properties. In particular, the privacy of each voter is protected against the authority and other voters, and no voter can coerce any other voter into changing the value of his vote in our proposed system. We also show that it is impossible for a collision-free single-authority election system to possess the voter uncoercibility and authority uncoercibility at the same time.

Many object-oriented database systems have used the notion of implicit authorization to avoid the overhead caused by explicitly storing all authorizations for each object. In implicit authorization, it is very important to detect efficiently conflicts between existing authorizations and new authorizations to be added. In this article we propose a conflict detection mechanism in the OODBMSs using implicit authorization with the notion of intention type authorization. When we grant an authorization on a node n in the database granularity hierarchy, the existing method is inefficient in determining the conflicts since it needs to examine all authorizations on the descendants of the node n. In contrast, our mechanism has the advantage of detecting the conflicts at the node n where an explicit authorization is to be granted without examining any authorizations below the node n. Thus, the proposed mechanism can detect a conflict with the average time complexity of O(d), which is smaller than O(md) of existing methods, where m is the number of children nodes at an arbitrary level and d is the difference of levels between the node with an existing explicit authorization and the higher node where an explicit authorization is to be granted. We also show that the additional storage overhead of storing all authorizations is negligible when compared with the total number of all explicit authorizations.

A password authentication method PERM has been developed for application to e-mail forwarding. This method is suitable for communications in insecure network environments such as the Internet. In particular, it can be adapted to Internet appliances and Java applets which have limited performance. The PERM method does not require password resettings and enables high-speed authentication processing with a small-sized program. Moreover, it does not use facilities or mechanisms for generating random numbers and writing them into and reading them out of an IC card or similar storage medium on the user's side.

This paper presents an integrated network configuration of wired and wireless access systems for nomadic computing and discusses the virtual LAN on a wireless access system. Furthermore, different types of ad hoc networks are summarized to delineate nomadic computing styles. In terms of user mobility, the integrated network provides a seamless connection environment, so a user can move between wireless and wired networks without dropping data communication sessions. This function is critical for nomadic computing users. By defining the integrated network and employing a virtual LAN, a nomadic computing environment can be realized. This paper reviews the key issues to realize integrated networks. They are mobile management including mobile IP, virtual IP and Logical Office, a high performance MAC, and security control.