IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Online ISSN : 1745-1337
Print ISSN : 0916-8508
Volume E93.A, Issue 1
Displaying 1-44 of 44 articles from this issue
Special Section on Cryptography and Information Security
  • Kazuo TAKARAGI
    2010 Volume E93.A Issue 1 Pages 1-2
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Download PDF (64K)
  • Dai YAMAMOTO, Jun YAJIMA, Kouichi ITOH
    Article type: PAPER
    Subject area: Symmetric Cryptography
    2010 Volume E93.A Issue 1 Pages 3-12
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper proposes a compact hardware (H/W) implementation for the MISTY1 block cipher, which is one of the ISO/IEC 18033-3 standard encryption algorithms. In designing the compact H/W, we focused on optimizing the implementation of FO/FI/FL functions, which are the main components of MISTY1. For this optimization, we propose three new methods; reducing temporary registers for the FO function, shortening the critical path for the FI function, and merging the FL/FL-1 functions. According to our logic synthesis on a 0.18-µm CMOS standard cell library based on our proposed methods, the gate size is 3.4Kgates, which is the smallest as far as we know.
    Download PDF (599K)
  • Atsushi MITSUDA, Tetsu IWATA
    Article type: PAPER
    Subject area: Symmetric Cryptography
    2010 Volume E93.A Issue 1 Pages 13-21
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Tweakable pseudorandom permutations have wide applications such as the disk sector encryption, and the underlying primitive for efficient MACs and authenticated encryption schemes. Goldenberg et al. showed constructions of a tweakable pseudorandom permutation based on the Feistel structure. In this paper, we explore the possibility of designing tweakable pseudorandom permutations based on the Generalized Feistel Structure. We show that tweakable pseudorandom permutations can be obtained without increasing the number of rounds compared to the non-tweakable versions. We also present designs that take multiple tweaks as input.
    Download PDF (499K)
  • Masayuki ABE, Eike KILTZ, Tatsuaki OKAMOTO
    Article type: PAPER
    Subject area: Public Key Cryptography
    2010 Volume E93.A Issue 1 Pages 22-33
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Every public-key encryption scheme has to incorporate a certain amount of randomness into its ciphertexts to provide semantic security against chosen ciphertext attacks (IND-CCA). The difference between the length of a ciphertext and the embedded message is called the ciphertext overhead. While a generic brute-force adversary running in 2t steps gives a theoretical lower bound of t bits on the ciphertext overhead for IND-CPA security, the best known IND-CCA secure schemes demand roughly 2t bits even in the random oracle model. Is the t-bit gap essential for achieving IND-CCA security? We close the gap by proposing an IND-CCA secure scheme whose ciphertext overhead matches the generic lower bound up to a small constant. Our scheme uses a variation of a four-round Feistel network in the random oracle model and hence belongs to the family of OAEP-based schemes. Maybe of independent interest is a new efficient method to encrypt long messages exceeding the length of the permutation while retaining the minimal overhead.
    Download PDF (261K)
  • Naoki OGURA, Shigenori UCHIYAMA
    Article type: PAPER
    Subject area: Public Key Cryptography
    2010 Volume E93.A Issue 1 Pages 34-41
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In 2007, Ding et al. proposed an attractive scheme, which is called the l-Invertible Cycles (lIC) scheme. lIC is one of the most efficient multivariate public-key cryptosystems (MPKC); these schemes would be suitable for using under limited computational resources. In 2008, an efficient attack against lIC using Gröbner basis algorithms was proposed by Fouque et al. However, they only estimated the complexity of their attack based on their experimental results. On the other hand, Patarin had proposed an efficient attack against some multivariate public-key cryptosystems. We call this attack Patarin's attack. The complexity of Patarin's attack can be estimated by finding relations corresponding to each scheme. In this paper, we propose an another practical attack against the lIC encryption/signature scheme. We estimate the complexity of our attack (not experimentally) by adapting Patarin's attack. The attack can be also applied to the lIC- scheme. Moreover, we show some experimental results of a practical attack against the lIC/lIC- schemes. This is the first implementation of both our proposed attack and an attack based on Gröbner basis algorithm for the even case, that is, a parameter l is even.
    Download PDF (176K)
  • Toshiyuki ISSHIKI, Koichiro WADA, Keisuke TANAKA
    Article type: PAPER
    Subject area: Public Key Cryptography
    2010 Volume E93.A Issue 1 Pages 42-49
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this paper, we propose a rational m-out-of-n secret sharing scheme, a dealer wishes to entrust a secret with a group of n players such that any subset of m or more players can reconstruct the secret, but a subset of less than m players cannot learn anything about the secret. The reconstruction protocol of our scheme is fair and stable in the rational settings, allowing all players to obtain the designated secret. Our scheme is based on RSA-OAEP with the distributed decryption. The security of our scheme relies on a computational assumption and uses the random oracles. The size of each share in our scheme is independent of the utility function and the computation cost of the reconstruction protocol is constant. Moreover, our scheme prevents the attacks with at most m-1 coalitions.
    Download PDF (202K)
  • Toru NAKANISHI, Hiroki FUJII, Yuta HIRA, Nobuo FUNABIKI
    Article type: PAPER
    Subject area: Digital Signature
    2010 Volume E93.A Issue 1 Pages 50-62
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Lots of revocable group signature schemes have been proposed so far. In one type of revocable schemes, signing and/or verifying algorithms have O(N) or O(R) complexity, where N is the group size and R is the number of revoked members. On the other hand, in Camenisch-Lysyanskaya scheme and the followers, signing and verifying algorithms have O(1) complexity. However, before signing, the updates of the secret key are required. The complexity is O(R) in the worst case. In this paper, we propose a revocable scheme with signing and verifying of O(1) complexity, where any update of secret key is not required. The compensation is the long public key of O(N). In addition, we extend it to the scheme with O(√N)-size public key, where signing and verifying have constant extra costs.
    Download PDF (287K)
  • Le Trieu PHONG, Kaoru KUROSAWA, Wakaha OGATA
    Article type: PAPER
    Subject area: Digital Signature
    2010 Volume E93.A Issue 1 Pages 63-75
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this paper, we design and analyze some new and practical (selectively) convertible undeniable signature (SCUS) schemes in both random oracle and standard model, which enjoy several merits over existing schemes in the literature. In particular, we design the first practical RSA-based SCUS schemes secure in the standard model. On the path, we also introduce two moduli RSA assumptions, including the strong twin RSA assumption, which is the RSA symmetry of the strong twin Diffie-Hellman assumption (Eurocrypt'08).
    Download PDF (286K)
  • Kan YASUDA
    Article type: PAPER
    Subject area: Hash Function
    2010 Volume E93.A Issue 1 Pages 76-83
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    We introduce the “split padding” into a current Merkle-Damgård hash function H. The patched hash function $\\bar{H}$ satisfies the following properties: (i) $\\bar{H}$ is second-preimage-resistant (SPR) if the underlying compression function h satisfies an “SPR-like” property, and (ii) $\\bar{H}$ is one-way (OW) if h satisfies an “OW-like” property. The assumptions we make about h are provided with simple definitions and clear relations to other security notions. In particular, they belong to the class whose existence is ensured by that of OW functions, revealing an evident separation from the strong collision-resistance (CR) requirement. Furthermore, we get the full benefit from the patch at almost no expense: The new scheme requires no change in the internals of a hash function, runs as efficiently as the original, and as usual inherits CR from h.
    Download PDF (417K)
  • Yu SASAKI, Lei WANG, Kazuo OHTA, Kazumaro AOKI, Noboru KUNIHIRO
    Article type: PAPER
    Subject area: Hash Function
    2010 Volume E93.A Issue 1 Pages 84-92
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password||Challenge), which is called prefix approach, previous work needs to ask 237 queries to recover a password. Asking 237 queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 234 MD4 off-line computations. To recover up to 12-octet passwords, we only need 210 times the amount of eavesdropping, 210 queries, and 241 off-line MD4 computations. When responses are computed as MD4(Password||Challenge||Password), which is called hybrid approach, previous work needs to ask 263 queries, while in our attack, up to 8-octet passwords are practically recovered by 28 times the amount of eavesdropping, 28 queries, and 239 off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.
    Download PDF (341K)
  • Shungo NAKAMURA, Tetsu IWATA
    Article type: PAPER
    Subject area: Hash Function
    2010 Volume E93.A Issue 1 Pages 93-101
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    A Multi-Property-Preserving (MPP) hash function is a hash function that simultaneously preserves several security properties of the underlying compression function. The Merkle-Damgård with a Permutation (MDP) was shown to preserve unforgeability and pseudorandom oracle property. In this paper, we consider the most basic security properties of hash functions, namely collision resistance, second-preimage resistance, and preimage-resistance. We first show which of these properties are preserved by MDP in the dedicated-key setting. We also identify the properties preserved by four variants of MDP, and five other variants of Merkle-Damgård iterated hash functions. As a result, for the ten hash functions we analyze, we obtain their complete MPP characteristics.
    Download PDF (199K)
  • SeongHan SHIN, Kazukuni KOBARA, Hideki IMAI
    Article type: PAPER
    Subject area: Secure Protocol
    2010 Volume E93.A Issue 1 Pages 102-115
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    An anonymous password-authenticated key exchange (anonymous PAKE) protocol is designed to provide both password-only authentication and user anonymity against a semi-honest server, who follows the protocol honestly. Very recently, Yang and Zhang [25] have proposed a new anonymous PAKE (NAPAKE) protocol that is claimed efficient compared to the previous constructions. In this paper, we propose a very-efficient anonymous PAKE (called, VEAP) protocol that provides the most efficiency among their kinds in terms of computation and communication costs. The VEAP protocol guarantees semantic security of session keys in the random oracle model under the chosen target CDH problem, and unconditional user anonymity against a semi-honest server. If the pre-computation is allowed, both the user and the server are required to compute only one modular exponentiation, respectively. Surprisingly, this is the same computation cost of the well-known Diffie-Hellman protocol that does not provide authentication at all. In addition, we extend the VEAP protocol in two ways: the first is designed to reduce the communication costs of the VEAP protocol and the second shows that stripping off anonymity parts from the VEAP protocol results in a new PAKE protocol.
    Download PDF (454K)
  • Nuttapong ATTRAPADUNG, Hideki IMAI
    Article type: PAPER
    Subject area: Secure Protocol
    2010 Volume E93.A Issue 1 Pages 116-125
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    We present a new variant of Attribute based encryption (ABE) called Dual-Policy ABE. Basically, it is a conjunctively combined scheme between Key-Policy and Ciphertext-Policy ABE, the only two previous types of ABE. Dual-Policy ABE allows simultaneously two access control mechanisms over encrypted data: one involves policies over objective attributes ascribed to data and the other involves policies over subjective attributes ascribed to user credentials. The previous two types of ABE can only allow either functionality above one at a time.
    Download PDF (232K)
  • Toshinori ARAKI, Wakaha OGATA
    Article type: PAPER
    Subject area: Secure Protocol
    2010 Volume E93.A Issue 1 Pages 126-135
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In the model, a sender S wants to send a message to a receiver R secretly and reliably in r-round. They do not share any information like keys, but there are n independent communication channels between S and R, and an adversary A can observe and/or substitute the data which goes through some channels (but not all). In this paper, we propose almost secure (1-round, 3t+1 -channel) MTSs which have following two properties where t is the number of channels A can observe and/or forge. (1) The running time of message decryption algorithm is polynomial in n. (2) Communication cost is smaller than the previous MTSs, if the message is large to some degree.
    Download PDF (207K)
  • Junko TAKAHASHI, Toshinori FUKUNAGA
    Article type: PAPER
    Subject area: Cryptanalysis
    2010 Volume E93.A Issue 1 Pages 136-143
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper describes a differential fault analysis (DFA) attack against CLEFIA. The proposed attack can be applied to CLEFIA with all supported keys: 128, 192, and 256-bit keys. DFA is a type of side-channel attack. This attack enables the recovery of secret keys by injecting faults into a secure device during its computation of the cryptographic algorithm and comparing the correct ciphertext with the faulty one. CLEFIA is a 128-bit blockcipher with 128, 192, and 256-bit keys developed by the Sony Corporation in 2007. CLEFIA employs a generalized Feistel structure with four data lines. We developed a new attack method that uses this characteristic structure of the CLEFIA algorithm. On the basis of the proposed attack, only 2 pairs of correct and faulty ciphertexts are needed to retrieve the 128-bit key, and 10.78 pairs on average are needed to retrieve the 192 and 256-bit keys. The proposed attack is more efficient than any previously reported. In order to verify the proposed attack and estimate the calculation time to recover the secret key, we conducted an attack simulation using a PC. The simulation results show that we can obtain each secret key within three minutes on average. This result shows that we can obtain the entire key within a feasible computational time.
    Download PDF (285K)
  • Yukiyasu TSUNOO, Teruo SAITO, Maki SHIGERI, Takeshi KAWABATA
    Article type: PAPER
    Subject area: Cryptanalysis
    2010 Volume E93.A Issue 1 Pages 144-152
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    MISTY1 is a 64-bit block cipher that has provable security against differential and linear cryptanalysis. MISTY1 is one of the algorithms selected in the European NESSIE project, and it has been recommended for Japanese e-Government ciphers by the CRYPTREC project. This paper shows that higher order differential attacks can be successful against 7-round versions of MISTY1 with FL functions. The attack on 7-round MISTY1 can recover a partial subkey with a data complexity of 254.1 and a computational complexity of 2120.8, which signifies the first successful attack on 7-round MISTY1 with no limitation such as a weak key. This paper also evaluates the complexity of this higher order differential attack on MISTY1 in which the key schedule is replaced by a pseudorandom function. It is shown that resistance to the higher order differential attack is not substantially improved even in 7-round MISTY1 in which the key schedule is replaced by a pseudorandom function.
    Download PDF (323K)
  • Mun-Kyu LEE, Jeong Eun SONG, Dooho CHOI, Dong-Guk HAN
    Article type: PAPER
    Subject area: Cryptanalysis
    2010 Volume E93.A Issue 1 Pages 153-163
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    The NTRU cryptosystem is a public key system based on lattice problems. While its theoretical security has been well studied, little effort has been made to analyze its security against implementation attacks including power analysis attacks. In this paper, we show that a typical software implementation of NTRU is vulnerable to the simple power analysis and the correlation power analysis including a second-order power attack. We also present novel countermeasures to prevent these attacks, and perform experiments to estimate the performance overheads of our countermeasures. According to our experimental results, the overheads in required memory and execution time are only 8.17% and 9.56%, respectively, over a Tmote Sky equipped with an MSP430 processor.
    Download PDF (627K)
  • Ryoichi TERAMURA, Yasuo ASAKURA, Toshihiro OHIGASHI, Hidenori KUWAKADO ...
    Article type: PAPER
    Subject area: Cryptanalysis
    2010 Volume E93.A Issue 1 Pages 164-171
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Conventional efficient key recovery attacks against Wired Equivalent Privacy (WEP) require specific initialization vectors or specific packets. Since it takes much time to collect the packets sufficiently, any active attack should be performed. An Intrusion Detection System (IDS), however, will be able to prevent the attack. Since the attack logs are stored at the servers, it is possible to prevent such an attack. This paper proposes an algorithm for recovering a 104-bit WEP key from any IP packets in a realistic environment. This attack needs about 36, 500 packets with a success probability 0.5, and the complexity of our attack is equivalent to about 220 computations of the RC4 key setups. Since our attack is passive, it is difficult for both WEP users and administrators to detect our attack.
    Download PDF (833K)
  • Kazuo SAKIYAMA, Kazuo OHTA
    Article type: PAPER
    Subject area: Cryptanalysis
    2010 Volume E93.A Issue 1 Pages 172-179
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    As one of the logic-level countermeasures against DPA (Differential Power Analysis) attacks, Random Switching Logic (RSL) was proposed by Suzuki, Saeki and Ichikawa in 2004 [9]. The RSL technique was applied to AES hardware and a prototype chip was implement with a 0.13-µm standard CMOS library for evaluating the DPA resistance [10]. Although the main purpose of using RSL is to resist the DPA attacks, our experimental results of Clock-based Fault Analysis (CFA) show that one can reveal the secret information from the prototype chip. This paper explains the mechanism of the CFA attack and discusses the reason for the success of the attack against a prototype implementation of AES with RSL (RSL-AES). Furthermore, we consider an ideal RSL-AES implementation that counteracts the CFA attacks.
    Download PDF (438K)
  • Masayuki YOSHINO, Katsuyuki OKEYA, Camille VUILLAUME
    Article type: PAPER
    Subject area: Mathematics
    2010 Volume E93.A Issue 1 Pages 180-187
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    A technique for computing the quotient (⌊ ab/n ⌋) of Euclidean divisions from the difference of two remainders (ab (mod n) - ab (mod n+1)) was proposed by Fischer and Seifert. The technique allows a 2l-bit modular multiplication to work on most l-bit modular multipliers. However, the cost of the quotient computation rises sharply when computing modular multiplications larger than 2l bits with a recursive approach. This paper addresses the computation cost and improves on previous 2l-bit modular multiplication algorithms to return not only the remainder but also the quotient, resulting in an higher performance in the recursive approach, which becomes twice faster in the quadrupling case and four times faster in the octupling case. In addition to Euclidean multiplication, this paper proposes a new 2l-bit Montgomery multiplication algorithm to return both of the remainder and the quotient.
    Download PDF (236K)
  • Maki YOSHIDA, Shigeo MITSUNARI, Toru FUJIWARA
    Article type: PAPER
    Subject area: Mathematics
    2010 Volume E93.A Issue 1 Pages 188-193
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper introduces a new computational problem on a two-dimensional vector space, called the vector decomposition problem (VDP), which is mainly defined for designing cryptosystems using pairings on elliptic curves. We first show a relation between the VDP and the computational Diffie-Hellman problem (CDH). Specifically, we present a sufficient condition for the VDP on a two-dimensional vector space to be at least as hard as the CDH on a one-dimensional subspace. We also present a sufficient condition for the VDP with a fixed basis to have a trapdoor. We then give an example of vector spaces which satisfy both sufficient conditions and on which the CDH is assumed to be hard in previous work. In this sense, the intractability of the VDP is a reasonable assumption as that of the CDH.
    Download PDF (192K)
  • Sanghan LEE, Hae-Yong YANG, Yongjin YEOM, Jongsik PARK
    Article type: PAPER
    Subject area: Application
    2010 Volume E93.A Issue 1 Pages 194-201
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    The security level of an internet protocol television (IPTV) digital right management (DRM) system ultimately relies on protection of secret keys. Well known devices for the key protection include smartcards and battery backup SRAMs (BB-SRAMs); however, these devices could be vulnerable to various physical attacks. In this paper, we propose a secure and cost-effective design of a cryptographic system on chip (SoC) that integrates the BB-SRAM with a cell-based design technique. The proposed SoC provides robust safeguard against the physical attacks, and satisfies high-speed and low-price requirements of IPTV set-top boxes. Our implementation results show that the maximum encryption rate of the SoC is 633Mb/s. In order to verify the data retention capabilities, we made a prototype chip using 0.18µm standard cell technology. The experimental results show that the integrated BB-SRAM can reliably retain data with a 1.4µA leakage current.
    Download PDF (789K)
  • Koichi SHIMIZU, Daisuke SUZUKI, Toyohiro TSURUMARU
    Article type: PAPER
    Subject area: Application
    2010 Volume E93.A Issue 1 Pages 202-209
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    We propose an FPGA-based high-speed search system for cryptosystems that employ a passphrase-based security scheme. We first choose PGP as an example of such cryptosystems, clear several hurdles for high throughputs and manage to develop a high-speed search system for it. As a result we achieve a throughput of 1.1 × 105 passphrases per second, which is 38 times the speed of the fastest software. Furthermore we can do many flexible passphrase generations in addition to a simple brute force one because we assign the passphrase generation operation to software. In fact we implement a brute force and a dictionary-based ones, and get the same maximum throughput as above in both cases. We next consider the speed of passphrase generation in order to apply our system to other cryptosystems than PGP, and implement a hardware passphrase generator to achieve higher throughputs. In the PGP case, the very heavy iteration of hashing, 1025 times in our case, lowers the total throughput linearly, and makes the figure 1.1 × 105 suffice. In other cases without any such iteration structure, we have to generate even more passphrases, for example 108 per second. That can easily exceed the generation speed that software can offer and thus we conclude that it is now necessary to place the passphrase generation in hardware instead of in software.
    Download PDF (600K)
  • Katsunari YOSHIOKA, Tsutomu MATSUMOTO
    Article type: PAPER
    Subject area: Application
    2010 Volume E93.A Issue 1 Pages 210-218
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Malware sandbox analysis, in which a malware sample is actually executed in a testing environment (i.e. sandbox) to observe its behavior, is one of the promising approaches to tackling the emerging threats of exploding malware. As a lot of recent malware actively communicates with remote hosts over the Internet, sandboxes should also support an Internet connection, otherwise important malware behavior may not be observed. In this paper, we propose a multi-pass sandbox analysis with a controlled Internet connection. In the proposed method, we start our analysis with an isolated sandbox and an emulated Internet that consists of a set of dummy servers and hosts that run vulnerable services, called Honeypots in the Sandbox (HitS). All outbound connections from the victim host are closely inspected to see if they could be connected to the real Internet. We iterate the above process until no new behaviors are observed. We implemented the proposed method in a completely automated fashion and evaluated it with malware samples recently captured in the wild. Using a simple containment policy that authorizes only certain application protocols, namely, HTTP, IRC, and DNS, we were able to observe a greater variety of behaviors compared with the completely isolated sandbox. Meanwhile, we confirmed that a noticeable number of IP scans, vulnerability exploitations, and DoS attacks are successfully contained in the sandbox. Additionally, a brief comparison with two existing sandbox analysis systems, Norman Sandbox and CWSandbox, are shown.
    Download PDF (1178K)
Regular Section
  • Tomohiro NISHINO, Ryo YAMAKI, Akira HIROSE
    Article type: PAPER
    Subject area: Ultrasonics
    2010 Volume E93.A Issue 1 Pages 219-226
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Ultrasonic imaging is useful in seabed or lakebed observations. We can roughly estimate the sea depth by hearing the echo generated by the boundary of water and rocks or sand. However, the estimation quality is usually not sufficient to draw seabed landscape since the echo signal includes serious distortion caused by autointerference. This paper proposes a novel method to visualize the shape of distant boundaries, such as the seawater-rock/sand boundary, based on the complex-valued Markov random field (CMRF) model. Our method realizes adaptive compensation of distortion without changing the global features in the measurement data, and obtains higher-quality landscape with less computational cost than conventional methods.
    Download PDF (1733K)
  • Byeong-Gwan IEM
    Article type: PAPER
    Subject area: Digital Signal Processing
    2010 Volume E93.A Issue 1 Pages 227-232
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    A generalized formulation of the instantaneous frequency based on the symmetric higher order differential energy operator is proposed. The motivation for the formulation is that there is some frequency misalignment in time when the ordinary higher order differential energy operator is used for the instantaneous frequency estimator. The special cases of the generalized formulation are also presented. The proposed instantaneous frequency estimators are compared with existing methods in terms of error performance measured in the mean absolute error. In terms of the estimation error performance, the third order instantaneous frequency estimator with the symmetrical structure shows the best result under noise free condition. Under noisy situation, the fourth order instantaneous frequency estimator with the symmetrical structure produces the best results. Application examples are provided to show the usefulness of the estimator.
    Download PDF (233K)
  • Ligang LIU, Masahiro FUKUMOTO, Sachio SAIKI, Shiyong ZHANG
    Article type: PAPER
    Subject area: Digital Signal Processing
    2010 Volume E93.A Issue 1 Pages 233-242
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Recently, proportionate adaptive algorithms have been proposed to speed up convergence in the identification of sparse impulse response. Although they can improve convergence for sparse impulse responses, the steady-state misalignment is limited by the constant step-size parameter. In this article, based on the principle of least perturbation, we first present a derivation of normalized version of proportionate algorithms. Then by taking the disturbance signal into account, we propose a variable step-size proportionate NLMS algorithm to combine the benefits of both variable step-size algorithms and proportionate algorithms. The proposed approach can achieve fast convergence with a large step size when the identification error is large, and then considerably decrease the steady-state misalignment with a small step size after the adaptive filter reaches a certain degree of convergence. Simulation results verify the effectiveness of the proposed approach.
    Download PDF (1053K)
  • Hyung Min CHANG, Won Cheol LEE
    Article type: PAPER
    Subject area: Digital Signal Processing
    2010 Volume E93.A Issue 1 Pages 243-253
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper proposes a novel crest factor reduction (CFR) algorithm applicable to currently deployed W-CDMA base stations. The peak-to-average ratio (PAR) reduction of the multiple carrier mixed signal, namely CFR, has been an issue in order to convey the benefit of using low-cost power amplifiers. The simple final clipping method (SFCM) as a conventional method has been widely utilized due to its simplicity and effectiveness. However, the SFCM degrades the adjacent channel leakage ratio (ACLR) characteristic as well as the signal quality indicated by either the error vector magnitude (EVM) or the peak code domain error (PCDE). Conventionally, in order to alleviate this undesired deterioration, extra channel filtering and signal quality enhancement followed by CFR might be processed in an open-loop style. Alternatively, to perform CFR by maintaining the PAR as low as possible subject to satisfying the prescribed ACLR and EVM/PCDE performance, this paper introduces the prediction filter dependent peak reduction (PFDPR) process collaboratively working with dynamic waterfilling-based code domain compensation (DWCDC). To verify the superiority of the proposed CFR algorithm, tentative simulations are conducted while maintaining the rules of legitimate W-CDMA base station test specifications.
    Download PDF (963K)
  • Osamu SHIMADA, Akihiko SUGIYAMA, Toshiyuki NOMURA
    Article type: PAPER
    Subject area: Digital Signal Processing
    2010 Volume E93.A Issue 1 Pages 254-260
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper proposes a low complexity noise suppressor with hybrid filterbanks and adaptive time-frequency tiling. An analysis hybrid filterbank provides efficient transformation by further decomposing low-frequency bins after a coarse transformation with a short frame size. A synthesis hybrid filterbank also reduces computational complexity in a similar fashion to the analysis hybrid filterbank. Adaptive time-frequency tiling reduces the number of spectral gain calculations. It adaptively generates tiling information in the time-frequency plane based on the signal characteristics. The average number of instructions on a typical DSP chip has been reduced by 30% to 7.5MIPS in case of mono signals sampled at 44.1kHz. A Subjective test result shows that the sound quality of the proposed method is comparable to that of the conventional one.
    Download PDF (539K)
  • Miki SATO, Toru IWASAWA, Akihiko SUGIYAMA, Toshihiro NISHIZAWA, Yosuke ...
    Article type: PAPER
    Subject area: Digital Signal Processing
    2010 Volume E93.A Issue 1 Pages 261-271
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper presents a single-chip speech dialogue module and its evaluation on a personal robot. This module is implemented on an application processor that was developed primarily for mobile phones to provide a compact size, low power-consumption, and low cost. It performs speech recognition with preprocessing functions such as direction-of-arrival (DOA) estimation, noise cancellation, beamforming with an array of microphones, and echo cancellation. Text-to-speech (TTS) conversion is also equipped with. Evaluation results obtained on a new personal robot, PaPeRo-mini, which is a scale-down version of PaPeRo, demonstrate an 85% correct rate in DOA estimation, and as much as 54% and 30% higher speech recognition rates in noisy environments and during robot utterances, respectively. These results are shown to be comparable to those obtained by PaPeRo.
    Download PDF (1030K)
  • Luis GRACIA, Carlos PEREZ-VIDAL
    Article type: PAPER
    Subject area: Systems and Control
    2010 Volume E93.A Issue 1 Pages 272-280
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this research a new prediction algorithm based on a Fuzzy Mix of Filters (FMF) is developed. The use of a fuzzy mix is a good solution because it makes intuitive the difficult design task of combining several types of filters, so that the outputs of the filters that work closer to their optimal behavior have higher influence in the predicted values. Therefore the FMF adapts, according to the motion of the tracked object or target, the filter weights to reduce the estimation error. The paper develops the theory about the FMF and uses it for applications with hard real-time requirements. The improvement of the proposed FMF is shown in simulation and an implementation on a parallel processor (FPGA) is presented. As a practical application of the FMF, experimental results are provided for a visual servoing task.
    Download PDF (1157K)
  • Zhiguo BAO, Takahiro WATANABE
    Article type: PAPER
    Subject area: Nonlinear Problems
    2010 Volume E93.A Issue 1 Pages 281-290
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Evolvable hardware (EHW) is a new research field about the use of Evolutionary Algorithms (EAs) to construct electronic systems. EHW refers in a narrow sense to use evolutionary mechanisms as the algorithmic drivers for system design, while in a general sense to the capability of the hardware system to develop and to improve itself. Genetic Algorithm (GA) is one of typical EAs. We propose optimal circuit design by using GA with parameterized uniform crossover (GApuc) and with fitness function composed of circuit complexity, power, and signal delay. Parameterized uniform crossover is much more likely to distribute its disruptive trials in an unbiased manner over larger portions of the space, then it has more exploratory power than one and two-point crossover, so we have more chances of finding better solutions. Its effectiveness is shown by experiments. From the results, we can see that the best elite fitness, the average value of fitness of the correct circuits and the number of the correct circuits of GApuc are better than that of GA with one-point crossover or two-point crossover. The best case of optimal circuits generated by GApuc is 10.18% and 6.08% better in evaluating value than that by GA with one-point crossover and two-point crossover, respectively.
    Download PDF (615K)
  • Hideki SATOH
    Article type: PAPER
    Subject area: Nonlinear Problems
    2010 Volume E93.A Issue 1 Pages 291-301
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    A method was developed for deriving the approximate global optimum of a nonlinear objective function with multiple local optimums. The objective function is expanded into a linear wave coefficient equation, so the problem of maximizing the objective function is reduced to that of maximizing a quadratic function with respect to the wave coefficients. Because a wave function expressed by the wave coefficients is used in the algorithm for maximizing the quadratic function, the algorithm is equivalent to a full search algorithm, i.e., one that searches in parallel for the global optimum in the whole domain of definition. Therefore, the global optimum is always derived. The method was evaluated for various objective functions, and computer simulation showed that a good approximation of the global optimum for each objective function can always be obtained.
    Download PDF (635K)
  • Jingwei ZHANG, Chang-An ZHAO, Xiao MA
    Article type: PAPER
    Subject area: Cryptography and Information Security
    2010 Volume E93.A Issue 1 Pages 302-308
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this paper, we compare two generalized cyclotomic binary sequences with length 2p2 in terms of the linear complexity. One classical sequence is defined using the method introduced by Ding and Helleseth, while the other modified sequence is defined in a slightly different manner. We show that the modified sequence has linear complexity of 2p2, which is higher than that of the classical one.
    Download PDF (187K)
  • Jin-Ho CHUNG, Yun Kyoung HAN, Kyeongcheol YANG
    Article type: PAPER
    Subject area: Coding Theory
    2010 Volume E93.A Issue 1 Pages 309-315
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this paper we present a construction method for quaternary sequences from a binary sequence of even period, which preserves the period and autocorrelation of the given binary sequence. By applying the method to the binary sequences with three-valued autocorrelation, we construct new quaternary sequences with three-valued autocorrelation, which are balanced or almost balanced. In particular, we construct new balanced quaternary sequences whose autocorrelations are three-valued and have out-of-phase magnitude 2, when their periods are N = pm - 1 and N ≡ 2 (mod 4) for any odd prime p and any odd integer m. Their out-of-phase autocorrelation magnitude is the known optimal value for N ≠ 2, 4, 8, and 16.
    Download PDF (165K)
  • Sang-Kyun KIM, Joon-Hyuk CHANG
    Article type: LETTER
    Subject area: Speech and Hearing
    2010 Volume E93.A Issue 1 Pages 316-319
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this study, a discriminative weight training is applied to a support vector machine (SVM) based speech/music classification for a 3GPP2 selectable mode vocoder (SMV). In the proposed approach, the speech/music decision rule is derived by the SVM by incorporating optimally weighted features derived from the SMV based on a minimum classification error (MCE) method. This method differs from that of the previous work in that different weights are assigned to each feature of the SMV a novel process. According to the experimental results, the proposed approach is effective for speech/music classification using the SVM.
    Download PDF (130K)
  • Minwoo LEE, Yoonjae LEE, Kihyeon KIM, Hanseok KO
    Article type: LETTER
    Subject area: Digital Signal Processing
    2010 Volume E93.A Issue 1 Pages 320-323
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this Letter, a residual acoustic echo suppression method is proposed to enhance the speech quality of hands-free communication in an automobile environment. The echo signal is normally a human voice with harmonic characteristics in a hands-free communication environment. The proposed algorithm estimates the residual echo signal by emphasizing its harmonic components. The estimated residual echo is used to obtain the signal-to-interference ratio (SIR) information at the acoustic echo canceller output. Then, the SIR based Wiener post-filter is constructed to reduce both the residual echo and noise. The experimental results confirm that the proposed algorithm is superior to the conventional residual echo suppression algorithm in terms of the echo return loss enhancement (ERLE) and the segmental signal-to-noise ratio (SEGSNR).
    Download PDF (120K)
  • Yong-Eun KIM, Kyung-Ju CHO, Jin-Gyun CHUNG, Xinming HUANG
    Article type: LETTER
    Subject area: VLSI Design Technology and CAD
    2010 Volume E93.A Issue 1 Pages 324-326
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    An efficient multiplier design method for predetermined coefficient groups is presented based on the variation of canonic signed digit (CSD) encoding and partial product sharing. By applications to radix-24 FFT structure and the pulse-shaping filter design used in CDMA, it is shown that the proposed method significantly reduces the area, propagation delay and power consumption compared with previous methods.
    Download PDF (315K)
  • Meiling ZHANG, Weiguo ZHANG, Jingmei LIU, Xinmei WANG
    Article type: LETTER
    Subject area: Cryptography and Information Security
    2010 Volume E93.A Issue 1 Pages 327-330
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    Impossible differential attack (IDA) uses impossible differential characteristics extracted from enough plaintext pairs to retrieve subkeys of the first and the last several rounds of AES. In this paper, a general IDA on 7-round AES is proposed. Such attack takes the number of all-zero columns of the 7th and the 6th round as parameters (α, β). And a trade-off relation between the number of plaintexts and times of encryptions in the process of the attack is derived, which makes only some values of (α, β) allowed in the attack for different key length.
    Download PDF (353K)
  • Mehdi FALLAHPOUR, David MEGÍAS
    Article type: LETTER
    Subject area: Cryptography and Information Security
    2010 Volume E93.A Issue 1 Pages 331-335
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This letter suggests a novel high capacity robust audio watermarking algorithm by using the high frequency band of the wavelet decomposition, for which the human auditory system (HAS) is not very sensitive to alteration. The main idea is to divide the high frequency band into frames and then, for embedding, the wavelet samples are changed based on the average of the relevant frame. The experimental results show that the method has very high capacity (about 5.5kbps), without significant perceptual distortion (ODG in [-1, 0] and SNR about 33dB) and provides robustness against common audio signal processing such as added noise, filtering, echo and MPEG compression (MP3).
    Download PDF (543K)
  • WenPing MA, YeFeng HE, Shaohui SUN
    Article type: LETTER
    Subject area: Coding Theory
    2010 Volume E93.A Issue 1 Pages 336-338
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    A new construction method for polyphase sequences with two-valued periodic auto- and crosscorrelation functions is proposed. This method gives L families of polyphase sequences for each prime length L which is bigger than three. For each family of sequences, the out-of-phase auto- and crosscorrelation functions are proved to be constant and asymptotically reach the Sarwate bound. Furthermore, it is shown that sequences of each family are mutually orthogonal.
    Download PDF (66K)
  • Shih-Hao FANG, Ju-Ya CHEN, Ming-Der SHIEH, Jing-Shiun LIN
    Article type: LETTER
    Subject area: Communication Theory and Signals
    2010 Volume E93.A Issue 1 Pages 339-343
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    A blind channel estimation algorithm based on the subspace method for single-input multiple-output (SIMO) orthogonal frequency division multiplexing (OFDM) systems is proposed in this letter. With the aid of a repetition index, the conventional algorithm is a special case of our algorithm. Compared with related studies, the proposed algorithm reduces the computational complexity of the SVD operation and is suitable for cyclic-prefix-free systems. In particular, the necessary condition of the proposed signal matrix to be full rank can be satisfied with fewer OFDM blocks. Simulation results demonstrate that the proposed algorithm outperforms conventional methods in normalized mean-square error.
    Download PDF (186K)
  • Hyung Seok KIM, Seok LEE, Namhoon KIM
    Article type: LETTER
    Subject area: Mobile Information Network and Personal Communications
    2010 Volume E93.A Issue 1 Pages 344-347
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    In this paper, an effective congestion control algorithm is proposed to increase the end-to-end delivery success ratio of upstream traffic by reduction of buffer drop probabilities and their deviation in wireless sensor networks. According to the queue length of parent and child nodes, each child node chooses one of the parents as the next hop to the sink and controls the delay before transmission begins. It balances traffics among parents and mitigates congestion based on congestion level of a node. Simulation results show that the proposed algorithm reduces buffer drop probabilities and their deviation and increases the end-to-end delivery success ratio in wireless sensor networks.
    Download PDF (148K)
  • Wonwoo JANG, Hagyong HAN, Wontae CHOI, Gidong LEE, Bongsoon KANG
    Article type: LETTER
    Subject area: Image
    2010 Volume E93.A Issue 1 Pages 348-353
    Published: January 01, 2010
    Released on J-STAGE: January 01, 2010
    JOURNAL RESTRICTED ACCESS
    This paper proposes an improved method that uses a K-means method to effectively reduce the ringing artifacts in a color moving picture. To apply this improved K-method, we set the number of groups for the process to two (K=2) in the three dimensional R, G, B color space. We then improved the R, G, B color value of all of the pixels by moving the current R, G, Bcolor value of each pixel to calculated center values, which reduced the ringing artifacts. The results were verified by calculating the overshoot and the slope of the light luminance around the edges of test images that had been processed by the new algorithm. We then compared the calculated results with the overshoot and slope of the light luminance of the unprocessed image.
    Download PDF (803K)
feedback
Top