Journal of Information Processing Volume 29

IEEE 802.19.3 Standardization for Coexistence of IEEE 802.11ah and IEEE 802.15.4g Systems in Sub-1GHz Frequency Bands

Low power wide area wireless communication technologies are attracting attention particularly from various IoT applications. IEEE 802.11ah and IEEE 802.15.4g are two wireless technologies designed for outdoor IoT applications and installed on consumer devices and systems, for which both technologies operate in frequencies below 1GHz (Sub-1GHz Band). In addition, both technologies have communication range up to 1, 000 meters. Therefore, IEEE 802.11ah and IEEE 802.15.4g networks are likely to coexist. Our simulation results using standard defined coexistence mechanisms show that IEEE 802.11ah network can severely interfere with IEEE 802.15.4g network and lead to significant packet loss in IEEE 802.15.4g network. IEEE 802.15.4g network can also impact on packet latency in IEEE 802.11ah network. Accordingly, IEEE New Standards Committee and Standard Board formed IEEE 802.19.3 Task Group in December 2018 to develop an IEEE 802 standard for the coexistence of IEEE 802.11ah and IEEE 802.15.4g systems in the Sub-1GHz frequency bands to guide product deployment. The authors of this paper have been actively leading this standard development. This paper introduces IEEE 802.19.3 standardization activities to address coexistence issues of IEEE 802.11ah and IEEE 802.15.4g systems and summarizes our technical contributions for interference mitigation. Simulation results show that our coexistence technologies achieve better coexistence performance.

Work-stealing Strategies That Consider Work Amount and Hierarchy

This paper proposes work-stealing strategies for an idle worker (thief) to select a victim worker. These strategies avoid small tasks being stolen to reduce the total task-division cost. We implemented these strategies on a work-stealing framework called Tascell. First, we propose new types of priority- and weight-based steal strategies. Programmers can let each worker estimate and declare, as a real number, the amount of remaining work required to complete its current task so that declared values are used as “priorities” or “weights”. With a priority-based strategy, a thief selects the victim that has the highest known priority at that time. With a weight-based non-uniformly random strategy, a thief uses the relative weights of victim candidates as their selection probabilities. Second, we propose work-stealing strategies to alleviate excessive intra-node work stealing and excessive “steal backs” (or leapfroggings); for example, we allow workers to steal tasks from external nodes with some frequency even if work remains inside the current node. Our evaluation uses a parallel implementation of the “highly serial” version of the Barnes-Hut force-calculation algorithm in a shared memory environment and five benchmark programs in a distributed memory environment.

Effects and Mitigation of Out-of-vocabulary in Universal Language Models

One of the most important recent natural language processing (NLP) trends is transfer learning - using representations from language models implemented through a neural network to perform other tasks. While transfer learning is a promising and robust method, downstream task performance in transfer learning depends on the robustness of the backbone model's vocabulary, which in turn represents both the positive and negative characteristics of the corpus used to train it. With subword tokenization, out-of-vocabulary (OOV) is generally assumed to be a solved problem. Still, in languages with a large alphabet such as Chinese, Japanese, and Korean (CJK), this assumption does not hold. In our work, we demonstrate the adverse effects of OOV in the context of transfer learning in CJK languages, then propose a novel approach to maximize the utility of a pre-trained model suffering from OOV. Additionally, we further investigate the correlation of OOV to task performance and explore if and how mitigation can salvage a model with high OOV.

Real-time Container Integrity Monitoring for Large-Scale Kubernetes Cluster

Container integrity monitoring is defined as a key requirement for regulatory compliance such as PCI-DSS, in which any unexpected changes such as file updates or program runs must be logged for later audit. System call monitoring provides comprehensive monitoring of such change events on container since it may suffer from large amount of false alarms unless well-defined allowlist rules are coordinated before deploying a container. Defining such a comprehensive allowlist is not feasible especially when managing various kinds of application workloads in large-scale enterprise cluster. We propose a new approach for identifying real anomalies in system call events effectively without relying on any predefined allowlist configuration in this paper. Our novel filtering algorithm based on the knowledge acquired autonomously from Kubernetes cluster control plane reduces 99.999% of noise effectively and distills only abnormal events in real time. Furthermore, we define concrete criteria for highly-scalable container integrity monitoring and verify the implementation of proposing filtering method that has actual high scalability while maintaining its detection capability. Our experiment with real applications on around 3, 800 containers demonstrates its effectiveness even on large-scale clusters, and we clarified how detected events are triggered by user operation.

Client-aided Robust Bit-composition Protocol with Deterministic Cheater Identification in Standard Model

Secure multiparty computation (MPC) enables parties to compute an arbitrary function without revealing each party's inputs. A typical MPC is secret-sharing based MPC (SS-MPC). In the SS-MPC, each party distributes its inputs, and the computation proceeds with secret shares that look exactly like random numbers distributed among the parties. In the SS-MPC protocol, the parties can compute any function represented as a circuit by using shares locally and communicating among the parties. In particular, when the parties compute a complex function composed of binary and arithmetic circuits, an efficient share conversion protocol facilitates the computation of it. An important conversion protocol is a bit-composition protocol that converts a k-dimensional vector with shares on ℤ₂ (i.e., shares of binary sequence) to shares on ℤ_2^k (i.e., shares of decimal value). Previous studies proposed a maliciously secure bit-composition protocol with robustness, which is a security notion that all parties learn the correct output regardless of the attacker's behaviour. However, its security is dependent on a statistical parameter or proved in the random oracle model. In this paper, we propose a novel bit-composition protocol with robustness independent of a statistical parameter by introducing additional clients generating the pair of shares of random values only in the offline phase (which can be performed without the parties' inputs). Our protocol is based on a maliciously secure four-party protocol with one corruption using replicated secret sharing. The security of our protocol is proved in the standard model (which is a weaker assumption than the random oracle model). Our protocol achieves efficiency and the strongest security simultaneously. We also propose a protocol for the Hamming distance with robustness by modifying our bit-composition protocol. It can achieve a secure iris recognition service via MPC with robustness. Furthermore, we extend our protocol with a constant number of parties and clients to one with an arbitrary number of parties and clients.

A New Schnorr Multi-Signatures to Support Both Multiple Messages Signing and Key Aggregation

A digital signature is essential for verifying people's reliability and data integrity over networks and is used in web server certificates, authentication, and blockchain technologies. Specifically, to solve the bitcoin scalability problem, Multi-Signature (MS) schemes have recently attracted attention because the MS's aggregate algorithm can reduce the amount of signature data in transactions. While such schemes support only a single message signing, Interactive Aggregate Signatures (IAS) and Aggregate Multi-Signature Protocol (AMSP) support signing of multiple messages. However, there are some issues with these schemes, for example, key aggregation is unavailable. In this paper, we propose a key aggregatable IAS scheme called KAIAS that can sign multiple messages with key aggregation. In terms of cases using Multi-Signature, previous studies have mainly discussed the benefits of reducing the size of signatures. On the other hand, we also propose a practical application of KAIAS that leverages its benefits in aggregating both signatures and public keys with a low computing cost for verification.

RA: A Static Analysis Tool for Analyzing Re-Entrancy Attacks in Ethereum Smart Contracts

Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network. Several re-entrancy attacks that aim to steal Ether, the cryptocurrency used in Ethereum, stored in deployed smart contracts have been found in the recent years. A countermeasure to such attacks is based on dynamic analysis that executes the smart contracts themselves, but it requires the spending of Ether and knowledge of attack patterns for analysis in advance. In this paper, we present a static analysis tool named RA (Re-entrancy Analyzer), a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze vulnerability of smart contracts to re-entrancy attacks. In contrast to existing tools, RA supports analysis of inter-contract behaviors by using only the Ethereum Virtual Machine bytecodes of target smart contracts, i.e., even without prior knowledge of attack patterns and without spending Ether. Furthermore, RA can verify existence of vulnerability to re-entrancy attacks without execution of smart contracts and it does not provide false positives and false negatives. We also present an implementation of RA to evaluate its performance in analyzing the vulnerability of deployed smart contracts to re-entrancy attacks and show that RA can precisely determine which smart contracts are vulnerable.

Detecting Fake QR Codes Using Information from Error-Correction

In 2018, Takita et al. proposed a construction method of a fake QR code by adding stains to a target QR code, that probabilistically leads users to a malicious website. The construction abused the error-correction of error-correcting code used in the QR code, namely, the added stains induce decoding errors in black and white detection by a camera, so that the decoded URL leads to the malicious website. Also, the same authors proposed a detection method against such fake QR codes by comparing decoded URLs among multiple QR code readings since the decoded URLs may differ because of its probabilistic property. However, the detection method cannot work well over a few readings. Moreover, the proposed detection method does not consider the environmental or accidental changes such as sudden sunshine or reflection, nor recognizes the fake QR code as non-fake when the probability is low. This paper proposes new detection methods for such fake QR codes by analyzing information obtained from the error-correcting process. This paper also reports results from implementing the new detection methods on an Android smartphone. Results show that a combination of these detection methods works very well compared to when using only a single detection method.

Novel Deception Techniques for Malware Detection on Industrial Control Systems

To maintain the availability of industrial control systems (ICS), it is important to robustly detect malware infection that spreads within the ICS network. In ICS, a host often communicates with the determined hosts; for instance, a supervisory control host observes and controls the same devices routinely via the network. Therefore, a communication request to the unused internet protocol (IP) address space, i.e., darknet, in the ICS network is likely to be caused by malware in the compromised host in the network. That is, darknet monitoring may enable us to detect malware that tries to spread indiscriminately within the network. On the other hand, clever malware, such as malware determining target hosts of infection with reference to host lists in the networks, infects the confined hosts in the networks, and consequently evades detection by security sensors or honeypots. In this paper, we propose novel deception techniques that lure such malware to our sensor, by embedding the sensor information continuously in the lists of hosts in the ICS networks. In addition, the feasibility of the proposed deception techniques is shown through our simplified implementation by using actual malware samples: WannaCry and Conficker.

Empirical Analysis of Security and Power-Saving Features of Port Knocking Technique Applied to an IoT Device

The digital boom brought empowerment to seamless connectivity by enabling manufacturers to harness the power of the Internet into their products, opening up the world of the Internet of Things (IoT). However, such connectivity has also brought the side effect of such power being abused by unscrupulous agents, who scan open ports for services and exploit vulnerabilities in the system. The Mirai botnet malware attack is one such example that caused havoc by compromising millions of IoT devices having unpatched/weaker security. There is an increasing need to enable IoT devices to be fully patched and secured, but such methods are often under attack. This paper examines a stealth technology and its impact on the CPU and power consumption to secure resource-constraint IoT devices that are growing exponentially. By enabling secure remote operations and management of such devices using a unique but practical method of security called “Port Knocking, ” we can ensure timely patching of security vulnerabilities in a safe and stealthy manner. Our experimental results on a resource-constraint IoT device show that port knocking not only secures the device and provides a secure remote management option but also helps in keeping its power consumption low. The results obtained make it an effective security layer for securing resource-constraint IoT devices.

SVTester: Finding DoS Vulnerabilities of Virtual Switches

Nowadays, virtualization is being deployed in many companies and institutions' systems. However, a noticeable security problem of virtualization is the fact that multiple virtual machines are run on one physical host machine called hypervisor. Hypervisors often implement a virtual switch to manage network connections between the internal virtual network and the external physical network. However, an adversary could exploit virtual switch flaws and use them to sabotage the entire virtual network. As a consequence, the attack could make all applications running on virtual machines unavailable. In this paper, we present SVTester, a fuzzing-based testing tool that can automatically identify possible vulnerabilities of a virtual switch that can be exploited for certain types of Denial-of-Service attack. We used an initial version of SVTester to check several hypervisors that implement the virtual switch. The results show that SVTester was able to rediscover DoS weaknesses on an old version of VMware hypervisor and found a novel possible vulnerability in the Oracle VirtualBox hypervisor. Our results also prove the effectiveness and potential of SVTester in evaluating virtual network security.

Fairness Improvement of Congestion Control with Reinforcement Learning

With fast deployment of high speed wireless access networks, communication environments for internet access have been changing drastically. According to these wide range of network environments, a lot of TCP variants have been proposed. Each of these algorithms focuses on the specific environment and is designed with hardwired logic. This means there is no one-size-fits-all congestion control which can adapt to all environments. To resolve this problem, reinforcement learning based congestion control which learns operation suitable for each environment has been proposed. QTCP (Q-learning Based TCP) is one of the promising learning based TCPs. In this paper, we first reveal that a QTCP flow only behaves in the selfish manner of just increasing its own utility function, which causes unfairness between resource sharing flows. We propose a new QTCP congestion window control mechanism which is based on AIMD. Performance evaluation results show our proposal improves fairness without degrading high throughput and low latency characteristics of QTCP.

Predicting Next-use Mobile Apps Using App Semantic Representations

Using the app usage history of a target user as a basis, this study proposes a novel method for predicting next-use mobile apps of the user that can assist the user in selecting an app from a list of installed apps. The proposed method is designed to train a next-use app prediction model using semantic representations of the usage histories of other users (source users) to deal with the user and app cold-start problems of an app prediction system in which training data from a target user beginning to use the system and training data related to newly installed or released apps are considered to be insufficient. We predict the usage of apps by a target user by leveraging the semantic similarities between the apps that are installed on the smartphones of the source users and the apps that are installed on the smartphone of a target user, permitting us to predict next-use apps regardless of the apps installed in the target user's smartphone. We evaluate our method using the actual app usage data collected from 100 participants over a period of approximately 70 days with 300,000 app usage histories.

User Identification Method based on Head Shape Using Pressure Sensors Embedded in a Helmet

Various types of helmets exist, including industrial protective helmets, motorcycle helmets, sports helmets, and military/police helmets. By identifying individuals wearing a helmet, their name, affiliation, and qualification can be presented on a display mounted on the helmet, and sensor data collected through the helmet, such as acceleration, video, and eye-tracking data, can be labeled with the user's ID. In this paper, we propose a user identification method based on head shape using a helmet equipped with 32 pressure sensors. Our method has two functions: user identification and authentication. User identification is based on the assumption that a single helmet is shared by multiple individuals. The goal of this method is to identify which of the registered people is the person wearing the helmet. User authentication determines whether the individual wearing the helmet is the individual with the ID when the ID is provided to the system. In the evaluation, we obtained sensor values for 2 seconds 20 times from nine subjects as head shape data. The accuracy was evaluated using 5-fold cross-validation, and we achieved 100% accuracy with five sensors and 92% with two sensors for user identification and an average equal error rate of 0.076 with 32 sensors for user authentication.

Joint Position Estimation for Body Pressure Images during Sleep: An Extension for CPM Using Body Area and Posture Estimation Mashups

Estimating sleeping postures with body joint positions is critical for identifying potential sleeping problems and the risk of pressure ulcers. Many methods have estimated postures with body joint positions from camera images for general purposes. However, visual monitoring of sleeping contexts suffers from privacy and occlusion issues due to blankets, pillows, etc. An approach to solve those issues is the use of body pressure images obtained from bed surfaces. We have developed a textile-based sheet-type pressure sensor to avoid such issues. Unfortunately, its use raises other issues that are absent from camera images such as low resolution and noise caused by the wrinkling of sensor sheets. In this paper, we extend DNN-based joint estimation, called Convolutional Pose Machine (CPM), using body area and posture estimation mashups to improve the accuracy of joint estimation. The following are our evaluation results with cross-validation with 16 joints in six sleeping postures of 12 subjects: 7.15cm accuracy in mean absolute error (MAE), which is a 33.7% improvement from the standard CPM, and 8.52cm accuracy in MAE, which is a 37.4% improvement from CPM with camera images in situations using a pillow and a blanket.

Interval-based Counterexample Analysis for Error Explanation

Model checking is an automated reasoning technique for the verification of hardware and software. If there is a fault in a system description, model checkers return, as an explanation of failure, a single execution trace of the system that results in an error state. Counterexamples are useful clues for locating faults, however, there is a big gap between computing counterexamples and locating faults, and the fault localization task is done by a manual inspection of counterexamples, which largely depends on individual expertise and intuition. Effective explanation of the failure is, thus, considered as an important issue. Since a single counterexample returned by model checkers is only one instance of failing executions, it is hard to gain clear perspective on the failure with just one specific case. In this paper we take another approach for error explanation: we generate many counterexamples and then abstract an essence of the failure from them. For example, in the formal verification of network configuration, a range of possible values (naturally identified with integers) to a single variable often makes it easier to understand the essence of the failure. In our experiments, such a range of values (called interval) is simply a set of consecutive IP addresses and can be substantially represented in two end addresses. We formulate the notion of intervals in a general setting. The concept of intervals is not limited to network configuration and it can be considered in an arbitrary system model as long as a variable on which interval is computed substantially takes integers. We present a method for computing the longest interval by combining bounded model checking, BDD, and AllSAT solver. To evaluate our method for the longest interval computation, we conduct experiments with a real network dataset and its randomly modified dataset. We confirm that about 8 millions of counterexamples are generated in 1.61s and among them, the longest interval of length about 600 millions is reported in less than 0.01s.

Management and Network Orchestration for Edge/Fog-based Distributed Data Processing

In the age of edge/fog computing, it is important to consider not only computing resources but also network resources when hosting services. Since service is composed of multiple small functions in the microservice architecture, we treat a service as a set of BFs (basic functions) that fulfill a single task. It is required to place BFs at edge/fog nodes considering the computing resources and network requirements within a practical time. This paper proposes a MANO (Management and Network Orchestration) for deploying services composed of multiple BFs with requirements to computing and network resources of distributed nodes. The proposed MANO considers the computing resources of edge/fog/cloud as well as the network delay and the bandwidth between them. This paper proposes an optimal method and a heuristic method for calculating the placement of BFs. The evaluation results show that the placement calculation time for a service composed of four BFs is about 10 seconds with the optimal method and about 20 seconds with the heuristic method. The calculation time is within the practical range.

Risk Analysis of Cookie Sharing by Link Decoration and CNAME Cloaking

Privacy issues due to web tracking are a continuously evolving problem. One tracking method utilizes third-party cookies. This method analyzes user behavior and interest on the Web by sharing cookies with third-party vendors such as analytics and advertising brokers. Several regulations on third-party cookies have been considered by countries and browser vendors to address privacy issues due to such excessive web tracking. However, third-party vendors continue to track users with new technologies such as link decoration that embeds cookies in URLs and CNAME cloaking which tricks browsers into treating third-party cookies as a first-party. In this paper, we analyze cookie sharing by link decoration and CNAME cloaking and reveal their privacy issues. In addition, we reveal new security risks emerging from these technologies.

Modeling of Pre-Touch Reaction Distance for Faces in a Virtual Environment

One of the most common cues in human relations is the reaction when someone approaches for a touch interaction. While the “before touch” distance has been investigated in daily life scenarios, it has not been studied for virtual environments. The measurements of a pre-touch distance in virtual reality can be applied to study social interactions especially for haptic interactions in virtual spaces where virtual agents interact autonomously with human participants. In the first stage of this study, we collected data to define a pre-touch distance when a virtual agent tries to touch the participant's face. On the basis of these results, we then classified participants into two groups based on preferred pre-touch distance: a “Near” group and a “Far” group. Next, we experimentally investigated the relationship between the participant's perception of an avatar's reaction to touch interaction and their preferred pre-touch distance. The results indicated that the participants felt friendliness to the agent who reacts with shorter pre-touch distance. We also found that the participant's pre-touch distance defined their preferences regarding the agent's behavior: those with a shorter pre-touch distance preferred agents with a closer interaction distance, and those with a longer pre-touch distance preferred agents with a longer interaction distance.

Acceptability Evaluation of Inter-driver Interaction via a Vehicle Agent Using Vehicle-to-Vehicle Communication on a Driving Simulator

Vehicle-to-vehicle (V2V) communication is expected to serve as a new information exchange method to help reduce traffic accidents. Most current services can notify drivers of dangers predicted by exchanging vehicle information. However, human drivers use multiple modalities to express their intentions, such as gestures and lights as well as vehicle behavior, even if these interactions can cause misunderstandings. A solution to reduce these misunderstandings is to exchange driver intentions via V2V communication. This study proposes the concept of exchanging driver intentions via a driver agent that understands the driver's utterance and sends a message using V2V communication. An experiment including five scenarios was conducted by employing the Wizard of Oz method on a driving simulator. The acceptability of the inter-driver interaction was evaluated by conducting a questionnaire survey and a semi-structured interview. Furthermore, we analyzed the relationship between acceptability and one's usual driving style. Consequently, we formed hypothesized key factors of the inter-driver interaction via V2V communication.

Rumpfr: A Fast and Memory Leak-free Rust Binding to the GNU MPFR Library

The GNU MPFR library for arbitrary-precision floating-point arithmetic is widely used, and its Foreign Function Interface bindings to various languages have been developed. For the Rust programming language, existing bindings to the MPFR library include gmp-mpfr-sys (a low-level binding) and Rug (a binding that utilizes gmp-mpfr-sys to provide a more user-friendly interface). However, neither has sufficient descriptiveness and performance as bindings for general users of Rust, which is a programming language featuring high memory safety and high speed. We have developed a Rust binding, Rumpfr, to the MPFR library, that offers an easy way to write programs that perform high-speed multiple-precision floating-point computation. Rumpfr provides an interface that follows that of the MPFR library but hides the complexity of managing the mantissa area of floating-point numbers from the user. Rumpfr uses Rust's variable-length arrays to allocate mantissa areas, making it easy to handle without compromising Rust's high memory safety. In this paper, we describe the design and implementation of Rumpfr and present the results of numerical experiments demonstrating that Rumpfr can be used to write programs with low overhead.

A Functional Reactive Programming Language for Small-Scale Embedded Systems with Recursive Data Types

We introduce a new type system to Emfrp, a functional reactive programming (FRP) language designed for resource-constrained embedded systems. Functional reactive programming is a programming paradigm that allows concise descriptions of reactive systems such as GUIs by combining time-varying values that express values changing over time. Emfrp is a domain-specific language based on FRP, designed and developed for small-scale embedded systems. Because the language can statically determine the amount of runtime memory and guarantee the termination of reactive actions, a program written in Emfrp can safely continue reactive behaviors in resource-constrained environments. To ensure these properties, Emfrp disallows the use of recursive data types and functions. However, such restrictions often impose unnatural representations of data structures like lists or trees. The declarative characteristic of FRP and these restrictions impel us to write poorly maintainable redundant codes or deter us from writing certain types of programs. In this paper, we propose Emfrp^BCT, an extended Emfrp with size-annotated recursive data types, to overcome this problem. The proposed system is more expressive than Emfrp, yet, it retains the aforementioned static properties. After explaining that through examples, we describe the features of Emfrp^BCT, formalize the language, present an algorithm for statically computing the runtime memory bounds, and prove its soundness. Moreover, we implemented a compiler from Emfrp^BCT to C, measured the translation time, and evaluated runtime overhead.

Person Identification Based on Accelerations Sensed in Smartphones with LSTM

User identification is an important task for a variety of purposes such as authentication or providing personalized advice for improving user experience. In this paper, we propose a method for identifying a user who is holding a smartphone out of previously given target users from acceleration data obtained from the accelerometer in the smartphone using a deep neural network. This proposed method preliminary creates the model from the acceleration data of each user while walking in its training phase. This method identifies the user from acceleration data for identification based on this model in the classification phase. We evaluated the proposed method with the acceleration obtained from the actual eight and twelve users in two aspects, which were identifications including no-decision choice and that without no-decision choice. Our evaluation showed that the proposed method achieved accuracies higher than 95% for two- to five-class identification without no-decision. The proposed method identified the user with no or little false positive in evaluations with “no-decision.”

Improving the Efficiency in Multiple Object Tracking by Tracker Switching According to Occlusion States

The objective of multiple object tracking (MOT) is to locate the positions of multiple objects in a video, maintain their identities, and obtain their individual trajectories. One of the most crucial challenges of MOT is how to handle object occlusion effectively. The existing methods try to treat different occlusion situations with the same architecture, which leads to limits on performance. More specifically some trackers can achieve fast speed (frame per second) but cannot handle occlusion effectively, while other trackers can handle occlusion properly but are expensive due to costly computational resources. The proposed method estimates the occlusion states of objects, applies different trackers according to the estimation results, and finally combines the results of different trackers. This method can reduce unnecessary computational costs, and consequently can improve the efficiency of the high accuracy trackers. We evaluate the effectiveness of our proposal for different scenarios.

Dynamic Hyperbolic Embeddings with Graph-Centralized Regularization for Recommender Systems

In this work, we propose two techniques for accurate and efficient hyperbolic embeddings for real-world recommender systems. The first technique is regularization. We found that the graphs of various recommendation datasets exhibit hierarchical or tree-like structures suitable for hyperbolic embeddings, while these structures are not well modeled by the original hyperbolic embeddings. Hence, we introduce a regularization term in the objective function of the hyperbolic embeddings for forcibly reflecting hierarchical or tree-like structures. The second technique is an efficient embedding method, which only updates the embedding of items that are recently added in a recommender system. In an offline evaluation with various recommendation datasets, we found that the regularization enforcing hierarchical or tree-like structures improved HR@10 up to +9% compared to hyperbolic embeddings without the regularization. Moreover, the evaluation result showed that our model update technique could achieve not only greater efficiency but also more robustness. Finally, we applied our proposed techniques to a million-scale news recommendation service and conducted an A/B test, which demonstrated that even 10-dimension hyperbolic embeddings successfully increased the number of clicks by +3.7% and dwell time by +10%.

The Development and Practice for Exhibiting an HCI Device in a Public Space—A Case Study of Sight: A Sonification Device Towards a Visual Perception without Eyes—

We have been developing Sight—a wearable device that converts spatial information into sounds—to address the challenge of realizing “vision” through sounds without relying on visual information. This paper introduces a case of a three-month exhibition at the 21st Century Museum of Contemporary Art, Kanazawa. We explain the concept of Sight, its implementation, and the trial-and-error process to complete the exhibition. This exhibition required a system that ran stably, remotely, for a long period while providing hands-on experiences of Sight to more than several hundred people per day. We believe that the practices derived from our trials and errors are widely useful for designing demonstrations of HCI-related developments, especially for readers planning to exhibit an interactive system that integrates real-time audio synthesis and various sensors.

IoT-oriented Secure Data Sharing Using Public Cloud

The number of IoT devices is continuously increasing. Secure data sharing governed by appropriate access control is required to safely utilize data generated by IoT devices. Storing data in a public cloud is suitable for deploying services with distributed data sharing on a large scale. However, this raises security concerns since even when the data are encrypted, an adverse third party may access them if a decryption key is stored within the same environment (key escrow problem). Conventional methods are not supposed to be used in the IoT environment or have issues with security, key distribution, and changing access authority. We propose a novel approach to securely share the data generated by IoT devices within a public cloud. Our method enables 1) addressing the key escrow problem; 2) providing forward secrecy; 3) ensuring indistinguishability under Adaptive Chosen Ciphertext Attack (safety equivalent to IND-CCA2); 4) changing access authority easily; and 5) saving computational resources of IoT devices. We implemented this method and evaluated its performance. The experimental results show that it has comparable or better performance compared with conventional methods. Furthermore, we confirm that resource consumption in our method is more practical even in the large-scale IoT environment.

Timing Attack on Random Forests: Experimental Evaluation and Detailed Analysis

This paper proposes a novel implementation attack on machine learning. The threat of such attacks has recently become an problem in machine learning. These attacks include side-channel attacks that use information acquired from implemented devices and fault attacks that inject faults into implemented devices using external tools such as lasers. Thus far, these attacks have targeted mainly deep neural networks; however, other common methods such as random forests can also be targets. In this paper, we investigate the threat of implementation attacks to random forests. Specifically, we propose a novel timing attack that generates adversarial examples. Additionally, we experimentally evaluate and analyze its attack success rate. The proposed attack exploits a fundamental property of random forests: the response time from the input to the output depends on the number of conditional branches invoked during prediction. More precisely, we generate adversarial examples by optimizing the response time. This optimization affects predictions because changes in the response time indicate changes in the results of the conditional branches. For the optimization, we use an evolution strategy that tolerates measurement error in the response time. Experiments are conducted in a black-box setting where attackers can use only prediction labels and response times. Experimental results show that the proposed attack generates adversarial examples with higher probability than a state-of-the-art attack that uses only predicted labels. Detailed analysis of these results indicates an unfortunate trade-off that restricting tree depth of random forests may mitigate this attack but decrease prediction accuracy.

Centralized Control of Account Migration at Single Sign-On in Shibboleth

Single Sign-On (SSO) is adopted to use multiple services with a single log-in on the Internet. However, when a user tries to change the identity provider (IdP) which is responsible for authenticating the user, he needs to release the binding between the log-in account on the migration-source IdP and his service account on each service provider (SP) and needs to set a new binding between the account on the migration-destination IdP and the service account on the SP. There is no common migration system to support migration using the SSO function. In this research, we focus especially on Shibboleth's function as an SSO service. We propose a protocol to migrate accounts of a user on multiple SPs at once using an attribute provider (AP) in an SSO environment. We have implemented the mechanism as an open-source software using SimpleSAMLphp.

Privacy Risk of Document Data and a Countermeasure Framework

A huge number of documents such as news articles, public reports, and personal essays have been released on websites and social media. Once documents containing privacy-sensitive information are published, the risk of privacy breaches increases, thus requiring very careful review of documents prior to publication. In many cases, human experts redact or sanitize documents before publishing them; however, this approach can be inefficient with regard to cost and accuracy. Furthermore, such measures do not guarantee that critical privacy risks are eliminated from the documents. In this paper, we present a generalized adversary model and apply it to document data. This work devises an attack algorithm for documents using a web search engine, and then proposes a privacy-preserving framework against the attacks. We evaluate the privacy risks for actual accident reports from schools and court documents. In experiments using these reports, we show that human-sanitized documents still contain privacy risks and that our proposed approach can contribute to risk reduction.

Comparative Evaluation of Dataflow Component Selection Methods in Distributed MQTT Broker Environment

Internet of Things applications often require reducing the communication delay and the traffic between sensors and actuators. In addition, research and development of dataflow platforms is ongoing. In these platforms, to meet the aforementioned requirements, geographically distributed dataflow components should be connected appropriately using edge computing environments. Existing approaches provide efficient communication considering the geographical distance using a distributed publish/subscribe broker that uses the peer-to-peer overlay; however, they do not consider resource information. In this paper, we propose two component selection methods - Multicast and Anycast - for inter-component communication considering resource information. Multicast selects a component by collecting resource information before selection, while Anycast selects a component using the aggregated resource information together with the overlay maintenance. We evaluated the hop count and amount of traffic using each method. As a result, we clarified that Anycast provides a smaller number of hops than Multicast when the aggregated values are sufficiently updated or there are sufficient available components. Furthermore, we examined how to use Anycast and Multicast considering the traffic volume against the sending interval of the component reservation request and the interval between sending the update query for maintaining the overlay. The sender node can choose the component selection method based on the number of hops and the traffic volume.

Auto-creation of Robust Android Malware Family Trees

Malware targeting Android OS has been increasing for years and Android malware cyberattacks in particular are growing in number. To provide effective countermeasures against Android malware, we need to not only detect the malware at a certain point in time but also analyze the time-series changes in the malware, given that the family of Android malware will increase in number over time. In this paper, we propose a new method for automatically creating a “family tree” of Android malware that can represent how the newly detected Android malware relates to existing Android malware and its families and how they have changed over time. Our evaluation based on two actual Android malware datasets shows that our proposed family tree can accurately represent time-series changes between malware families.

An Efficient and Scalable Distributed Hypergraph Processing System

The recent increase in the amount of graph data has drawn our attention to distributed graph processing systems scalable to large-scale inputs. Although distributed-memory processing is generally less efficient than shared-memory processing because of the communication costs and program complexity, state-of-the-art distributed graph processing systems, such as Gemini, have achieved a comparable efficiency by using lightweight graph partitioning and load balancing. However, the achievement of both scalability and efficiency in hypergraph processing remains an open issue because distributed hypergraph processing systems have not been extensively studied. In this paper, we propose a distributed hypergraph processing system based on Gemini that achieves both scalability and efficiency. Our system outperformed the state-of-the-art shared-memory hypergraph processing system Hygra from several folds to tens of folds on a single-node computer. In addition, it showed speedup in processing a large-scale dataset on a multi-node computer.

Durable Queue Implementations Built on a Formally Defined Strand Persistency Model

Emerging byte accessible non-volatile memory (NVM), or persistent memory (PM), technologies can promise durability like existing file systems even at an unexpected crash, as well as the competitive performance with DRAM. Similar to the memory consistency problems, appropriate order of memory access operations and cache eviction operations, or persistent operations, must be considered to guarantee both program recoverability and performance with the underlying persistency model. Several persistency models have been proposed in the literature. The strand persistency model, which potentially shows higher performance than the epoch persistency model, has more relaxed rules to exploit more parallelism. However, due to the lack of formal definition of the strand persistency model, legality and recoverability of strand persistency based programs against system crashes have been abandoned. To address this, we first propose an operational semantics of the strand persistency model to formalize the behavior of a program, memory propagation, and history generation under a concurrent environment. Then, we investigate the durability of library implementations for concurrent objects equipped with strand primitives, and propose a correctness criterion that the implementations should preserve, originated from buffered durable linearizability. Finally, as a case study, we discuss two concurrent queue implementations and show how the proposed semantics and criterion capture both the durability and linearizability of implementations.