- Funabashi, Chiba, Japan
Akira Kanaoka
Toho Univ. Fac. of Med., The Faculty of Science, Faculty Member
Technology called cloud computing entrusts a huge amount of information processing that can not be done sufficiently with only its own computing resources by connecting internal and external computing resources. By using a method called... more
Technology called cloud computing entrusts a huge amount of information processing that can not be done sufficiently with only its own computing resources by connecting internal and external computing resources. By using a method called secure computation, it is also possible to perform calculation processing while keeping the data concealed. In order to practically use secure computation, it is desirable that there is no load equal to or greater than the usual calculation processing time, independent of the data type to be handled. The data types dealt with in the existing secure computation studies are mainly integers, especially arithmetics on finite fields. But when using actual data such as statistics and geographic information, it is difficult to calculate them with integer arithmetic. Recently secure computation studies dealing with real numbers has increased. In this paper, based on Aliasgari’s method that achieve secure computation on floating point which can obtain sufficient precision, performance improvement of the methods is proposed and evaluated. As a result, improvement of performance is shown.
Research Interests:
As a mechanism for promoting improvement in the strength of the user password, there is a mechanism that measures the password strength and gives feedback to the user. There are a wide variety of current strength measurement methods, and... more
As a mechanism for promoting improvement in the strength of the user password, there is a mechanism that measures the password strength and gives feedback to the user. There are a wide variety of current strength measurement methods, and there are also methods that transmit a password during input to the remote server to perform strength measurement. However, the threat of sending passwords externally during input has not been sufficiently discussed. In this paper, we first survey the current password strength measurement method, and clarify how much remote side strength measurement exists. Then, the threat of remote strength measurement is organized, and the need for its protection is indicated. The necessity of the method of measuring the password strength without disclosure as the protection method is described, and three approaches are shown. Furthermore, the feasibility of each approach is discussed, and the prototype with the highest feasibility was developed. Moreover, we evaluate the performance and usability of the prototype system. As a result, although basic performance changes depending on system configuration, the result of the user study shows that the usability is not low, and the proposed method is sufficiently practical while reducing the threat.
Research Interests:
Research Interests:
Research Interests:
Growing threats of malwares has already caused great damage to the world. It is necessary to detect invasions and activities of unknown malwares, and to prevent damage. In this paper, we combine multiple machine learning methods to... more
Growing threats of malwares has already caused great damage to the world. It is necessary to detect invasions and activities of unknown malwares, and to prevent damage. In this paper, we combine multiple machine learning methods to achieve sustainable detection of attack communication including unknown attacks. We use the attack communication data of the CCCDATAset2011 for the analysis of the proposed method. As a result, it succeeded in stably detecting in high accuracy.
Research Interests:
Millions of people now use password strength meter when the user starts to sign up a service. The impact on password strength meter has been evaluated for several aspects. However, it is believed that there are still ways to design more e... more
Millions of people now use password strength meter when the user starts to sign up a service. The impact on password strength meter has been evaluated for several aspects. However, it is believed that there are still ways to design more e ective password strength meters. Recently, Das et al shows that social in uence or social proof is e ective to adopt security features[1, 2, 3]. It seems that social in uence is also e ective for password strength meters. Actually, Egelman, et al partially shows its e ectiveness[4]. In this poster, we prepare ve types of password strength meters using social in uence and evaluate them. First one is bar-type password strength meters, which has 2 meters on screen showing user's password strength and similar users' score (Fig. 2). In this case, similar means users who have same attributes like age, job, etc. Second one is also bartype similar to First one. It has 2 meters on screen showing user's password strength and the average score of ...
Research Interests: Engineering and Password
With the development of cloud environments and smartphones, and increasing awareness of security and privacy, client-side encryption, represented by end-to-end encryption (E2E Encryption), has made rapid progress over the last 10 years.... more
With the development of cloud environments and smartphones, and increasing awareness of security and privacy, client-side encryption, represented by end-to-end encryption (E2E Encryption), has made rapid progress over the last 10 years. When client-side encryption is adopted, a wide variety of utility functions such as search and sorting provided by the cloud side, utilization on multiple terminals, and data sharing with other users are restricted. To solve this problem, there has been a great deal of interest in technologies such as searchable encryption and order preserving encryption, which allow data to be processed while being encrypted. However, there are few examples in which the effectiveness was discussed by applying these actually to the application. In particular, these technologies were rarely discussed from the viewpoint of usability. Therefore, we focus on cloud storage and propose an application that combines multiple encryption technologies on the client side to real...
Research Interests:
Research Interests:
Research Interests:
Currently, when companies conduct risk analysis of own networks and systems, it is common to outsource risk analysis to third-party experts. At that time, the company passes the information used for risk analysis including confidential... more
Currently, when companies conduct risk analysis of own networks and systems, it is common to outsource risk analysis to third-party experts. At that time, the company passes the information used for risk analysis including confidential information such as network configuration to third-party expert. It raises the risk of leakage and abuse of confidential information. Therefore, a method of risk analysis by using secure computation without passing confidential information of company has been proposed. Although Liu's method have firstly achieved secure risk analysis method using multiparty computation and attack tree analysis, it has several problems to be practical. In this paper, improvement of secure risk analysis method is proposed. It can dynamically reduce compilation time, enhance scale of target network and system without increasing execution time. Experimental work is carried out by prototype implementation. As a result, we achieved improved performance in compile time an...
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
ABSTRACT Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. As they rely critically on efficient implementations of pairing... more
ABSTRACT Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. As they rely critically on efficient implementations of pairing primitives, the study of hardware accelerators has become an active research area.In this paper, we propose two coprocessors for the reduced ηT pairing introduced by Barreto et al. as an alternative means of computing the Tate pairing on supersingular elliptic curves. We prototyped our architectures on FPGAs. According to our place-and-route results, our coprocessors compare favorably with other solutions described in the open literature. We eventually present the first ASIC implementation of the reduced ηT pairing.
Research Interests:
Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. As they rely critically on efficient implementations of pairing... more
Since their introduction in constructive cryptographic applications, pairings over (hyper)elliptic curves are at the heart of an ever increasing number of protocols. As they rely critically on efficient implementations of pairing primitives, the study of hardware accelerators has become an active research area.In this paper, we propose two coprocessors for the reduced ηT pairing introduced by Barreto et al. as
Research Interests:
ABSTRACT Android Package (APK) analysis is one of the basic processes for risk analysis of Androids. It requires huge amounts of APK files and related information to produce meaningful output, but individual organizations collecting and... more
ABSTRACT Android Package (APK) analysis is one of the basic processes for risk analysis of Androids. It requires huge amounts of APK files and related information to produce meaningful output, but individual organizations collecting and accumulating these in isolation is inefficient; collaborative accumulation of information is of greater help. This paper provides a data model for describing and exchanging information on APK files that can be used for analyzing their security risks. The model facilitates efficient exchange, sharing, and accumulation of such information. We then introduce a prototype implementation that accumulates and analyzes APK information and that visualizes security risks of the Android terminals to demonstrate the usability of the proposed data model. The paper discusses future directions of this work based on the prototype.
Research Interests:
Research Interests:
Research Interests:
ABSTRACT Users want to enjoy online services without sacrificing their security. Although there is a trade-off between the security of a service and its usability, the level of security required will differ depending on the user and the... more
ABSTRACT Users want to enjoy online services without sacrificing their security. Although there is a trade-off between the security of a service and its usability, the level of security required will differ depending on the user and the situation. To optimize the balance between security and usability, it can be customized for each user and each online transaction. Yet in order to do that, both users and service providers need to stipulate their security requirements. We have been working on a framework that provides security requirement classifications in multiple dimensions to help users identify and select their security requirements, and then apply these requirements to different dimensions. This paper shows how we implemented this framework and then evaluated it by conducting a user study along with our implementation. The study verifies that ordinary users without any particular technical knowledge prefer to clarify their security requirements using a taxonomy-based selection scheme (our scheme) as opposed to a free-form input scheme. It also discusses the coverage of pre-defined taxonomies and users' requirements. Through this study, we clarify the future direction of our research.
ABSTRACT Identity-based encryption (IBE) and cryptographic systems based on IBE, timed-release encryption (TRE), attribute-based encryption (ABE), and functional encryption (FE), use information that identify individuals or groups (e.g.,... more
ABSTRACT Identity-based encryption (IBE) and cryptographic systems based on IBE, timed-release encryption (TRE), attribute-based encryption (ABE), and functional encryption (FE), use information that identify individuals or groups (e.g., identities, attributes) for encryption and decryption. One significant advantage of FE is the fact that identity and attributes management leads to key management. If an infrastructure for managing identity and attributes existed, we could encrypt a message with identity and attributes (Functional Information, FI) for FE on it. With an infrastructure for FE, we can utilize existing FEs issued for FE and reduce the cost of issuing/managing a new FI only for FE. That is, we could regard FE as a service on the infrastructures in order to delegate management of FI to it. For PKG, a conventional IBE player, we propose a framework that divides it into three entities to enable it to correspond with complex FE systems that federate each function among several FE systems. We also examine use cases in which there are more than one instances of each entity in the same domain, and domain-use cases in which each entity coexists under multi-domain, and apply them to multiple FE systems among different domains. Consequently, we discover challenges that are not described in RFC 5408, also referred to as standardization scalability. On the basis of the use cases, to examine the management of these multi-domains, we develop ABE systems on ID management infrastructure with open protocols for authentication/authorization (OAuth and OpenID Connect) and demonstrate the feasibility of the framework in FE.
Research Interests:
ABSTRACT The number of computer security incidents is rising in unison with the development of cyber-society. One reason for this is a lack of users' security awareness. The widespread use of mobile devices further complicates... more
ABSTRACT The number of computer security incidents is rising in unison with the development of cyber-society. One reason for this is a lack of users' security awareness. The widespread use of mobile devices further complicates this problem. An approach for raising the awareness level is introducing a system that visualizes and issues alerts of security risks end-users. This paper introduces the architecture of such a system. It analyzes information by monitoring the user's end-to-end communication and its related entities, looks up knowledge bases, and provides alerts by directly visualizing risks to the user. One characteristic of this system is its ability to enable customized visualization for each user, which boosts the user's risk awareness and understanding. This paper also introduces the system's proof-of-concept implementation, which demonstrates the architecture's feasibility. Based on the prototype, the paper discusses the direction of further technical development.
Research Interests:
ABSTRACT Searchable symmetric encryption is a good building block toward ensuring privacy preserving keyword searches in a cloud computing environment. This area has recently attracted a great deal of attention and a large quantity of... more
ABSTRACT Searchable symmetric encryption is a good building block toward ensuring privacy preserving keyword searches in a cloud computing environment. This area has recently attracted a great deal of attention and a large quantity of research has been conducted. A security protocol generally faces a trade-off between security/privacy requirements and efficiency. Existing works aim to achieve the highest levels of security requirements, so they also come with high overhead. In this paper, we reconsider the security/privacy requirements for searchable symmetric encryption and relax the requirements for practical use. Then, we propose schemes suitable for the new requirements. We also show experimental results of our schemes and comparison to existing schemes. The results show that the index sizes of our proposals are only a few times of that of a Lucene (without encryption). In document update, our proposal requests additional index which depends only on the size of new document.
Research Interests:
Research Interests:
Research Interests:
CVSS (Common Vulnerability Scoring System) is a framework scoring IT vulnerabilities. CVSS is composed of three metric groups: Base, Temporal, and Environmental. Although, the environmental score which gives risk of vulnerabilities in... more
CVSS (Common Vulnerability Scoring System) is a framework scoring IT vulnerabilities. CVSS is composed of three metric groups: Base, Temporal, and Environmental. Although, the environmental score which gives risk of vulnerabilities in network environment of each user should be used for prioritizing actions, only base score is currently used. One of the reason for unused of environmental score is hard to score uniquely, because the criterion for determining ”Target Distribution (TD),” which is a parameter indicating impacted proportion, is vague. We propose a method for identifying the potentially-impacted area enabling TD measurement in networked systems in terms of three security objectives: confidentiality, integrity and availability. We also apply the method to some model cases of networked systems, and assess their TD. The results correspond to a popular wisdom that trilayer structure is more secure.