IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Volume E98.A, Issue 1

Dual Pairing Vector Spaces and Their Applications

The concept of dual pairing vector spaces (DPVS) was introduced by Okamoto and Takashima in 2009, and it has been employed in various applications, functional encryption (FE) including attribute-based encryption (ABE) and inner-product encryption (IPE) as well as attribute-based signatures (ABS), generic conversion from composite-order group based schemes to prime-order group based ones and public-key watermarking. In this paper, we show the concept of DPVS, the major applications to FE and the key techniques employed in these applications. This paper presents them with placing more emphasis on plain and intuitive descriptions than formal preciseness.

Trends and Development of Information-Theoretic Cryptography

This paper briefly deals with a wide range of topics in information-theoretic cryptography. First, we focus on the results on symmetric-key encryption and authentication codes, since these protocols are fundamental in the field and well studied in the frameworks by Shannon and Simmons, respectively. Secondly, we explain several existing assumptions and security criteria whose merit mainly lies in realizing cryptographic protocols with short/weak shared secret-keys, correlated weak secret-keys, or no shared secrets. Thirdly, we consider research themes by three aspects for further development of information-theoretic cryptography. Finally, we refer to trends of technical approaches in information-theoretic cryptography and explain our recent results brought by using the approach.

Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5 and MD5-MAC

This paper presents key recovery attacks on Sandwich-MAC instantiating MD5, where Sandwich-MAC is an improved variant of HMAC and achieves the same provable security level and better performance especially for short messages. The increased interest in lightweight cryptography motivates us to analyze such a MAC scheme. Our attacks are based on a distinguishing-H attack on HMAC-MD5 proposed by Wang et al. We first improve its complexity from 2⁹⁷ to 2^89.04. With this improvement, we then propose key recovery attacks on Sandwich-MAC-MD5 by combining various techniques such as distinguishing-H for HMAC-MD5, IV Bridge for APOP, dBB-near-collisions for related-key NMAC-MD5, meet-in-the-middle attack etc. In particular, we generalize a previous key-recovery technique as a new tool exploiting a conditional key-dependent distribution. Surprisingly, a key which is even longer than the tag size can be recovered without the knowledge of the key size. Finally, our attack also improves the previous partial-key (K₁) recovery on MD5-MAC, and extends it to recover both of K₁ and K₂.

Upper Bounds for the Security of Several Feistel Networks

In this paper, we deal with upper bounds for the security of some Feistel networks. Such a topic has been discussed since the introduction of Luby-Rackoff construction. The Luby-Rackoff construction is unrealistic because its round functions must be chosen at random from the set of all functions. Knudsen dealt with a more practical construction whose round functions are chosen at random from a family of 2^k randomly chosen functions, and showed an upper bound for the security by demonstrating generic key recovery attacks. However it is still difficult for designers to choose functions randomly. Then, this paper considers the security of some Feistel networks which have more efficient and practical round functions, and such Feistel networks are indeed used by some Feistel ciphers in practice. We show new properties using the relationship between plaintexts and ciphertexts. We propose new generic key recovery attacks by using our properties, and confirm the feasibility by implementing the attack on Feistel ciphers with small block sizes. As a result, we conclude that efficient and practical 6-round Feistel networks are not secure.

Bitwise Partial-Sum: A New Tool for Integral Analysis against ARX Designs

In this paper, we present a new cryptanalytic tool that can reduce the complexity of integral analysis against Addition-Rotation-XOR (ARX) based designs. Our technique is based on the partial-sum technique proposed by Ferguson et al. at FSE 2000, which guesses subkeys byte to byte in turn, and the data to be analyzed is compressed for each key guess. In this paper, the technique is extended to ARX based designs. Subkeys are guessed bit by bit, and the data is compressed with respect to the value of the guessed bit position and carry values to the next bit position. We call the technique bitwise partial-sum. We demonstrate this technique by applying it to reduced-round versions of HIGHT, which is one of the ISO standard 64-bit block ciphers. Another contribution of this paper is an independent improvement specific to HIGHT. By exploiting linear computations inside the round function, the number of guessed bits during the key recovery phase can be greatly reduced. Together with the bitwise partial-sum, the integral analysis on HIGHT is extended from previous 22 rounds to 26 rounds, while full HIGHT consists of 32 rounds.

Preimage Attacks on Feistel-SP Functions: Impact of Omitting the Last Network Twist

In this paper, generic attacks are presented against hash functions that are constructed by a hashing mode instantiating a Feistel or generalized Feistel networks with an SP-round function. It is observed that the omission of the network twist in the last round can be a weakness against preimage attacks. The first target is a standard Feistel network with an SP round function. Up to 11 rounds can be attacked in generic if a condition on a key schedule function is satisfied. The second target is a 4-branch type-2 generalized Feistel network with an SP round function. Up to 15 rounds can be attacked in generic. These generic attacks are then applied to hashing modes of ISO standard ciphers Camellia-128 without FL and whitening layers and CLEFIA-128.

Improved MILP Modeling for Automatic Security Evaluation and Application to FOX

Counting the number of differentially active S-boxes is of great importance in evaluating the security of a block cipher against differential attack. Mouha et al. proposed a technique based on Mixed-Integer Linear Programming (MILP) to automatically calculate a lower bound of the number of differentially active S-boxes for word-oriented block ciphers, and applied it to symmetric ciphers AES and Enocoro-128v2. Later Sun et al. extended the method by introducing bit-level representations for S-boxes and new constraints in the MILP problem, and applied the extended method to PRESENT-80 and LBlock. This kind of methods greatly depends on the constraints in the MILP problem describing the differential propagation of the block cipher. A more accurate description of the differential propagation leads to a tighter bound on the number of differentially active S-boxes. In this paper, we refine the constraints in the MILP problem describing XOR operations, and apply the refined MILP modeling to determine a lower bound of the number of active S-boxes for the Lai-Massey type block cipher FOX in the model of single-key differential attack, and obtain a tighter bound in FOX64 than existing results. Experimental results show that 6, instead of currently known 8, rounds of FOX64 is strong enough to resist against basic single-key differential attack since the differential characteristic probability is upper bounded by 2^-64, and thus the maximum differential characteristic probability of 12-round FOX64 is upper bounded by 2^-128, where 128 is the key-length of FOX64. We also get the lower bound of the number of differentially active S-boxes for 5-round FOX128, and proved the security of the full-round FOX128 with respect to single-key differential attack.

Full Plaintext Recovery Attacks on RC4 Using Multiple Biases

RC4 is a widely-used stream cipher, adopted in many standard protocols, such as WEP, WPA and SSL/TLS, as a standard encryption algorithm. Isobe et al. proposed a plaintext recovery attack on RC4 in the broadcast setting, where the same plaintext is encrypted with different secret keys. Their attack is able to recover the first 257bytes by exploiting the biases of the initial bytes of a keystream. In this paper, we propose two types of full plaintext recovery attacks that are able to recover all the bytes, even after the 258th byte, of a plaintext, unlike Isobe et al.'s attack. To achieve this, we combine the use of multiple keystream biases appropriately. The first attack utilizes the initial byte biases and Mantin's long-term bias. This attack can recover the first 1000 terabytes of a plaintext from 2³⁴ ciphertexts with a probability of almost one. The second attack is based on two long-term biases. Since this attack does not rely on the biases of the initial bytes of the RC4 keystream, it can recover any byte of a plaintext, even if the initial bytes are disregarded. Given 2³⁵ ciphertexts encrypted by different keys, any byte of a target plaintext can be recovered with a probability close to one.

Certificateless Aggregate Signature Schemes with Improved Security

A certificateless aggregate signature scheme saves cost from complicated certificate management in PKI and compresses many signatures on different messages signed by different users to one single signature. It is originally required to be secure against a conspiring group of malicious signers (type I adversary) and against malicious KGC (type II adversary). In this paper, we define a novel fundamental type of adversary for certificateless aggregate signature schemes, type III adversary, called malicious KGC & Signers Coalition, who can break Zhang-Zhang scheme. We also propose two new certificateless aggregate schemes which are provably secure against all three types of adversary.

Key-Private Proxy Re-Encryption from Lattices, Revisited

We propose two unidirectional proxy re-encryption schemes from the LWE assumptions. The schemes enjoy key privacy defined by Ateniese, Benson, and Hohenberger (CT-RSA 2009), that is, a delegator and a delegatee of a re-encryption key are anonymous.

Revocable Group Signatures with Compact Revocation List Using Accumulators

A group signature scheme allows a group member to anonymously sign a message on behalf of the group. One of the important issues is the member revocation, and lots of revocable schemes have been proposed so far. A scheme recently proposed by Libert et al. achieves that O(1) or O(log N) efficiency of communication and computation except for the revocation list size (also the revocation cost), for the total number of members N and the number of revoked members R. However, since a signature is required for each subset separated from the set of non-revoked members, the size is about 900R Bytes in the 128-bit security. In the case of R=100,000, it amounts to about 80MB. In this paper, we extend the scheme to reduce the revocation list (also the revocation cost), by accumulating T subsets, which is signed for the revocation list. The revocation list size is reduced by 1/T. Unfortunately, the public key size, membership certificate size and the cost of a witness computation needed for signing increase related to T.

Compact Authenticated Key Exchange from Bounded CCA-Secure KEM

How to reduce communication complexity is a common important issue to design cryptographic protocols. This paper focuses on authenticated key exchange (AKE). Several AKE schemes have been studied, which satisfy strong security such as exposure-resilience in the standard model (StdM). However, there is a large gap on communication costs between schemes in the StdM and in the random oracle model. In this paper, we show a generic construction that is significantly compact (i.e., small communication cost) and secure in the StdM. We follow an existing generic construction from key encapsulated mechanism (KEM). Our main technique is to use a bounded chosen-ciphertext secure KEM instead of an ordinary chosen-ciphertext secure KEM. The communication cost can be reduced to half by this technique, and we achieve the most compact AKE scheme in the StdM. Moreover, our construction has instantiations under wider classes of hardness assumptions (e.g., subset-sum problems and multi-variate quadratic systems) than existing constructions. This work pioneers the first meaningful application of bounded chosen-ciphertext secure KEM.

Cryptanalysis of the Quaternion Rainbow

Rainbow is one of signature schemes based on the problem solving a set of multivariate quadratic equations. While its signature generation and verification are fast and the security is presently sufficient under suitable parameter selections, the key size is relatively large. Recently, Quaternion Rainbow — Rainbow over a quaternion ring — was proposed by Yasuda, Sakurai and Takagi (CT-RSA'12) to reduce the key size of Rainbow without impairing the security. However, a new vulnerability emerges from the structure of quaternion ring; in fact, Thomae (SCN'12) found that Quaternion Rainbow is less secure than the same-size original Rainbow. In the present paper, we further study the structure of Quaternion Rainbow and show that Quaternion Rainbow is one of sparse versions of the Rainbow. Its sparse structure causes a vulnerability of Quaternion Rainbow. Especially, we find that Quaternion Rainbow over even characteristic field, whose security level is estimated as about the original Rainbow of at most 3/4 by Thomae's analysis, is almost as secure as the original Rainbow of at most 1/4-size.

Security Analysis on AUTH Protocol and Its Variant against the Man-in-the-Middle Attack

At Eurocrypt 2011, Kiltz et al. presented two efficient authentication protocols for resource-constrained devices such as radio-frequency identification tags. Kiltz et al. proved that their protocols were provably secure against active attackers. However, they did not refer to the security against man-in-the-middle (MIM) attackers. In this paper, we analyze the security of the protocols against the MIM attacks and reveal the vulnerabilities. More concretely, we propose MIM attacks on them and evaluate authentication rounds required in these attacks precisely. We assume that the tag and reader share a 2l-bit secret key. The expected number of authentication rounds to recover the secret information in the first and second protocol is at most 2l+2 and 4l+4, respectively. These attacks do not contradict the proof of security since the MIM attack is located outside the attack model that Kiltz et al. considered.

Key Update Mechanism Using All-or-Nothing Transform for Network Storage of Encrypted Data

Cryptography is now popularized and is widely used anywhere for many aims such as data confidentiality and integrity. The cryptographic key has a limited lifetime. For example, the National Institute of Standards and Technology published SP800-57 in order to provide cryptographic key management guidance, and it strictly limits the lifetime of the cryptographic key and the lifetime of encrypted data. That means, the data encryption key is required to be periodically updated and the associated encrypted data is required to be re-encrypted with the new key each time. The cost, especially network traffic, is crucial if the encrypted data is away from the key. In this paper we discuss what to be achieved by key updating and propose a key update mechanism reducing the communication and computation cost of re-encryption.

An Adaptive Multiple-Fault Injection Attack on Microcontrollers and a Countermeasure

This paper proposes a multiple-fault injection attack based on adaptive control of fault injection timing in embedded microcontrollers. The proposed method can be conducted under the black-box condition that the detailed cryptographic software running on the target device is not known to attackers. In addition, the proposed method is non-invasive, without the depackaging required in previous works, since such adaptive fault injection is performed by precisely generating a clock glitch. We first describe the proposed method which injects two kinds of faults to obtain a faulty output available for differential fault analysis while avoiding a conditional branch in a typical recalculation-based countermeasure. We then show that the faulty output can be obtained by the proposed method without using information from the detailed instruction sequence. In particular, the validity of the proposed method is demonstrated through experiments on Advanced Encryption Standard (AES) software with a recalculation-based countermeasure on 8-bit and 32-bit microcontrollers. We also present a countermeasure resistant to the proposed method.

Efficient DFA on SPN-Based Block Ciphers and Its Application to the LED Block Cipher

This paper presents an efficient method for differential fault analysis (DFA) on substitution-permutation network (SPN)-based block ciphers. A combination of a permutation cancellation and an algebraic key filtering technique makes it possible to reduce the computational cost of key filtering significantly and therefore perform DFAs with new fault models injected at an earlier round, which defeats conventional countermeasures duplicating or recalculating the rounds of interest. In this paper, we apply the proposed DFA to the LED block cipher. Whereas existing DFAs employ fault models injected at the 30th round, the proposed DFA first employs a fault model injected at the 29th round. We demonstrate that the proposed DFA can obtain the key candidates with only one pair of correct and faulty ciphertexts in about 2.1h even from the 29th round fault model and the resulting key space is reduced to 2^4.04

Evaluation Method for Access-Driven Cache Attacks Using Correlation Coefficient

This paper proposes a new accurate evaluation method for examining the resistance of cryptographic implementations against access-driven cache attacks (CAs). We show that a mathematical correlation method between the sets of measured access time and the ideal data, which depend on the guessed key, can be utilized to evaluate quantitatively the correct key in access-driven CAs. We show the effectiveness of the proposed method using the access time measured in noisy environments. We also estimate the number of key candidates based on mathematical proof while considering memory allocation. Furthermore, based on the proposed method, we analyze quantitatively how the correlation values change with the number of plaintexts for a successful attack.

A Strengthened Security Notion for Password-Protected Secret Sharing Schemes

Password-protected secret sharing (PPSS, for short) schemes were proposed by Bagherzandi, Jarecki, Saxena and Lu. In this paper, we consider another attack for PPSS schemes which is based on public parameters and documents. We show that the protocol proposed by Bagherzandi et al. is broken with the attack. We then propose an enhanced protocol which is secure against the attack.

Secret Sharing with Share-Conversion: Achieving Small Share-Size and Extendibility to Multiparty Computation

Secret sharing scheme (SS) has been extensively studied since SSs are important not only for secure data storage but also as a fundamental building block for multiparty computation (MPC). For an application to secure data storage, the share size of SS is an important factor. For an application to a building block for MPC, the extendibility to MPC is needed. Computationally secure SSs and a ramp scheme have a small share size but there have been few studies concerning their MPC. In contrast, there have been many studies about MPC on Shamir's and replicated SSs while their share size is large. We consider an application scenario of SS such as applying SSs to secure data storage service with MPC. In this application, users store their data in servers through SS, and sometimes the servers perform MPC as an optional feature. In this case, the extendibility to MPC is needed and good code-efficiency is preferable. We propose a new computational SS, and show how to convert shares of our SS and a ramp SS to those of multiparty-friendly SS such as Shamir's and replicated SS. This enables one to secretly-share data compactly and extend secretly-shared data to MPC if needed.

Adaptively and Unconditionally Secure Conversion Protocols between Ramp and Linear Secret Sharing

Secret sharing (SS) has been extensively studied as for both secure data storage and a fundamental building block for multiparty computation (MPC). Recently, Kikuchi et al. proposed a passively and unconditionally secure conversion protocol that converts from a share of a ramp scheme to another of homomorphic SS scheme. The share-size of the ramp scheme is small, and the homomorphic SS scheme is a class of SS schemes that includes Shamir's and replicated SS schemes, which are convenient for MPC. Therefore, their protocol is a conversion from an SS scheme whose share-size is small to MPC-friendly SS schemes, and can be applied to reduce the amount of data storage while maintaining extendibility to MPC. We propose five unconditionally and actively secure protocols in the honest majority. In this paper, we consider a privacy and correctness as security requirement and does not consider a robustness: A cheat caused by an active adversary must be detected. These protocols consist of two conversion protocols, two reveal protocols and a protocol generating specific randomness. Main protocols among them are two conversion protocols for bilateral conversion between a ramp scheme and linear SS scheme, and the others are building blocks of the main protocols. Linear SS scheme is a subset of homomorphic SS scheme but includes both Shamir's and replicated SS schemes. Therefore, these main protocols are conversions between an SS scheme whose share-size is small to MPC-friendly SS schemes. These main protocols are unconditionally and actively secure so if MPC protocols used after the conversion are actively secure, the whole system involving SS scheme, conversion, and MPC protocols can be unconditionally and actively secure by using our main protocols. One of our two main protocols is the first to convert from MPC-friendly SS schemes to the ramp scheme. This enhances applications, such as secure backup, of the conversion protocol. Other than the two main protocols, we propose a protocol for generating specific randomnesses and two reveal protocols as building blocks. The latter two reveal protocols are actively and unconditionally secure in the honest majority and requires O(n||F||)-bit communication per revealing, and we believe that it is independently interest.

Generic Fully Simulatable Adaptive Oblivious Transfer

We aim at constructing adaptive oblivious transfer protocols, enjoying fully simulatable security, from various well-known assumptions such as DDH, d-Linear, QR, and DCR. To this end, we present two generic constructions of adaptive OT, one of which utilizes verifiable shuffles together with threshold decryption schemes, while the other uses permutation networks together with what we call loosely-homomorphic key encapsulation schemes. The constructions follow a novel designing approach called “blind permutation”, which completely differs from existing ones. We then show that specific choices of the building blocks lead to concrete adaptive OT protocols with fully simulatable security in the standard model under the targeted assumptions. Our generic methods can be extended to build universally composable (UC) secure OT protocols, with a loss in efficiency.

A Tighter Bound for the Character Sum of Primitive Sequences over Residue Rings Modulo Square-Free Odd Integers

Primitive linear recurring sequences over rings are important in modern communication technology, and character sums of such sequences are used to analyze their statistical properties. We obtain a new upper bound for the character sum of primitive sequences of order n over the residue ring modulo a square-free odd integer m, and thereby improve previously known bound m^n/2.

The History of and Prospects for ITS with a Focus on Car Navigation Systems

ITS refers to advanced transportation systems in which control technology and information communication technology are applied for the purpose of coping with issues concerning safety, congestion, the environment, resource usage, etc. Here, we will review the history of ITS and look at its prospects for the future, with a focus on the rise of car navigation systems in Japan.

The Challenge of Collaboration among Academies and Asia Pacific for ITS R&D

ITS R&D includes wide variety of research area such as mechanical engineering, road engineering, traffic engineering, information and communication engineering, and electrical engineering. In spite of initiatives across the variety of engineering is essential to solve the problems of practical social systems, it is difficult to collaborate among engineering. Based on the joint research of the Japan Society of Civil Engineers and the Institute of Electrical Engineers held at the Great East Japan Earthquake, this paper discusses about necessity of collaboration among academies on ITS R&D. International collaboration is also important for ITS R&D. Asian countries could share the same problems and solutions, since many of mega cities exist in Asia region and they suffers from heavy traffics. Therefore, we need to discuss the common solution to our problems.

Gap Acceptance on Car Following for Aerodynamic Drag Reduction — Relationships among Gap Distance, Vehicle Types, and Driver Characteristics —

Energy conservation is one of the hot topics within the domain of traffic problems. It is well known that shortening the distance between vehicles reduces the aerodynamic drag of the lagging (or following) vehicle and leads to energy savings, which benefits the drivers. Recently, systems have been developed in which trucks or vehicles travel in a platoon with reduced headway from the preceding vehicle by using automated driving or driver assistance systems. The objective of the present study is to investigate how human factors, such as driving style, a driver's condition, or a driver's personal characteristics, influence the decision of a driver to close the gap with a preceding vehicle and obtain the benefit of aerodynamic drag reduction. We developed a realistic experimental paradigm for investigating the relationship between distance and several factors including the driver's personal characteristics and the size of preceding vehicle. Our experimental setup made use of real vehicles on a test track, as opposed to a vehicle simulator. We examined behavior of subjects that drove the following vehicle as well as subjects that sat in the passenger seat in the following vehicle. The experimental results demonstrate that all subjects attempted to reduce the distance to the preceding vehicle in order to gain the benefit. Based on the experimental and questionnaire results, we conclude that there are relationships between the category of subjects and subject's following distances.

Positioning Method by Two GNSS Satellites and Distance Sensor in Urban Area

For estimating user's location, Global Navigation Satellite System (GNSS) is very useful. Especially, Global Positioning System (GPS) by USA is very popular. A GPS receiver needs multiple satellites (usually 4 and more satellites). Propagation to the satellites needs line-of-sight. However, in urban area, there are many buildings. Received signals tend to become bad quality. Such signals are often called as non-line-of-sight (NLOS) or multipath signals. The problem is that the receiver cannot get line-of-sight signals from adequate number of the satellites coinstantaneously. This case leads to degradation of estimation quality or impossibility of estimation. In this paper, we will introduce a novel estimation algorithm, which can estimate own position with as low number of satellites as possible. The proposal achieves the estimation by only two satellites. The proposal also uses a traveling distance sensor which is often equipped on vehicles. By recorded satellite data, we will confirm our effectiveness.

Evaluation of Multi-GNSSs and GPS with 3D Map Methods for Pedestrian Positioning in an Urban Canyon Environment

Highly accurate pedestrian position information is required in many applications, especially in automatic driving system. Global Positioning System (GPS) developed by American has proven itself reliability in most of the environments. Unfortunately, urban areas contain the signal reflection, known as multipath and non-line-of-sight (NLOS) effects. In addition, the lake of line-of-sight (LOS) satellites caused by the blockage of skyscrapers also severely degrades the accuracy and availability of the GPS positioning. To solve these problems, a solution that interoperated several Global Navigation Satellite Systems (GNSSs) is proposed. However, the actual difficulty of satellite positioning in urban area is the distorted satellite distribution. This paper proposes a GPS with 3D map ray tracing positioning method to conquer the difficulty. The proposed method takes the advantage of the non-LOS (NLOS) and uses it as an additional measurement. Significantly, these measurements are sourced from the satellites that should be blocked. Thus, the dilution of precision (DOP) can be greatly improved. To verify the performance of the proposed method, real data is collected at Tokyo urban area. This paper compares the performance of GPS/GLONASS and the proposed GPS with 3D map ray tracing methods. The results reveals the proposed method is capable of identifying which side of street the pedestrian stands and the GPS+GLONASS method is not.

Novel Vehicle Information Acquisition Method Using 2D Reflector Code for Automotive Infrared Laser Radar

In recent years, there are many collision accidents between vehicles due to human errors. As one of countermeasures against the collision accidents, automotive radar systems have been supporting vehicle drivers. By the automotive radar mounted on the vehicle, it is possible to recognize the situation around the vehicle. The ranging with automotive infrared laser radar is very accurate, and able to understand the object existence in the observation around the vehicle. However, in order to grasp the situation around the vehicle, it is necessary to be aware of the attribute of the detected object. The information obtained by the automotive radar vehicle is only the direction and the distance of the object. Thus, the recognition of the attribute of the detected object is very difficult. In this paper, we propose a novel vehicle information acquisition method by using 2D reflector code. Through experiments, we show that the proposed method is able to detect 2D reflector code and is effective for vehicle information acquisition.

MPVUS: A Moving Prediction Based Video Streaming Uploading Scheme over Vehicular Networks

Video streaming uploading over vehicular ad hoc networks (VANETs) can support many interesting applications. Due to the high mobility and dynamic topology of VANETs, how to support video streaming using wireless communications between vehicles and road-side access points still remains an open issue. In this paper, we propose a geographical uploading scheme, called MPVUS, which uses the moving prediction to keep the stable forwarding and reduce the high link failure probability over VANETs. The scheme also decides the AP switch opportunity by traffic flow estimation, so as to adjust the forwarding direction timely to avoid the short-sighted switch decision. Simulation results demonstrate the effectiveness of our scheme, which can achieve good performance in terms of the start-up delay, playback interruption ratio and video frame distortion.

Pedestrian Dead Reckoning for Mobile Phones Using Magnetic Deviation Map

Pedestrian dead reckoning (PDR) is an effective positioning means that can be used in urban-canyon environments where the accuracy of GPS is significantly degraded. Magnetic disturbances caused by artificial objects affect the accuracy of positioning if the PDR system uses a magnetometer to estimate the heading direction. Conventional PDR systems consider magnetic disturbances as unpredictable error sources, but the error becomes predictable and removable if the amount of the deviation in the magnetic field can be calculated at any position. In this study, we propose a method to correct the heading direction by referring to a map of magnetic deviation. The experimental results show that our method reduced the error in the heading direction caused by magnetic disturbances. Our approach removed the error components that differ depending on the position, and consequently, the resultant trajectory represented better the shape of the true trajectory.

Adaptive Assignment of Deadline and Clock Frequency in Real-Time Embedded Control Systems

Computing and power resources are often limited in real-time embedded control systems. In this paper, we resolve the trade-off problem between control performance and power consumption in a real-time embedded control system with a dynamic voltage and frequency scaling (DVFS) uniprocessor implementing multiple control tasks. We formulate an optimization problem whose cost function depends on both the control performance and the power consumption. We introduce an adapter into the real-time embedded control system that adaptively assigns deadlines of jobs and clock frequencies according to the plant's stability and schedulability by solving the optimization problem. In numerical simulations, we show that the proposed adapter can reduce the power consumption while maintaining the control performance.

Stabilizing Unknown and Unstable Periodic Orbits in DC-DC Converters by Temporal Perturbations of the Switching Time

A dynamic controller, based on the Stability Transformation Method (STM), has been used to stabilize unknown and unstable periodic orbits (UPOs) in dynamical systems. An advantage of the control method is that it can stabilize unknown UPOs. In this study, we introduce a novel control method, based on STM, to stabilize UPOs in DC-DC switching power converters. The idea of the proposed method is to apply temporal perturbations to the switching time. These perturbations are calculated without information of the locations of the target orbits. The effectiveness of the proposed method is verified by numerical simulations and laboratory measurements.

In-Phase and Anti-Phase Synchronization Phenomena in Coupled Systems of Piecewise Constant Oscillators

In this paper, we consider synchronization phenomena in coupled systems of piecewise constant oscillators. Both in-phase and anti-phase synchronization phenomena are observed in the oscillators, which are coupled by a voltage controlled current source (VCCS) with Signum-like characteristic. On the other hand, their co-existence is observed in the oscillators coupled by a VCCS with hysteresis characteristic. We analyze the stability of the synchronization phenomena in the coupled systems by using a fast calculation algorithm for the rigorous solutions. And we clarify the parameter regions of in-phase and anti-phase synchronization by deriving correlation coefficients. We suggest that the synchronization phenomena of the proposed systems qualitatively correspond to one of van der Pol oscillators coupled by passive elements. Some theoretical results are verified in the experimental circuits.

Application of the Recursive Transfer Method to Flexural Waves II: Reflection Enhancement Caused by Resonant Scattering in Acoustic Waveguide

Resonant scattering of flexural waves in acoustic waveguide is analysed by using the recursive transfer method (RTM). Because flexural waves are governed by a fourth-order differential equation, a localized wave tends to be induced around the scattering region and dampening wave tails from the localized wave may reach the ends of a simulation domain. A notable feature of RTM is its ability to extract the localized wave even if the dampening tail reaches the end of the simulation domain. Using RTM, the enhanced reflection caused by a localized wave is predicted and the shape of the localized wave is explored at its resonance with the incident wave.

A Multi-Learning Immune Algorithm for Numerical Optimization

The emergence of nature-inspired algorithms (NIA) is a great milestone in the field of computational intelligence community. As one of the NIAs, the artificial immune algorithm (AIS) mimics the principles of the biological immune system, and has exhibited its effectiveness, implicit parallelism, flexibility and applicability when solving various engineering problems. Nevertheless, AIS still suffers from the issues of evolution premature, local minima trapping and slow convergence due to its inherent stochastic search dynamics. Much effort has been made to improve the search performance of AIS from different aspects, such as population diversity maintenance, adaptive parameter control, etc. In this paper, we propose a novel multi-learning operator into the AIS to further enrich the search dynamics of the algorithm. A framework of embedding multiple commonly used mutation operators into the antibody evolution procedure is also established. Four distinct learning operators including baldwinian learning, cauchy mutation, gaussian mutation and lateral mutation are selected to merge together as a multi-learning operator. It can be expected that the multi-learning operator can effectively balance the exploration and exploitation of the search by enriched dynamics. To verify its performance, the proposed algorithm, which is called multi-learning immune algorithm (MLIA), is applied on a number of benchmark functions. Experimental results demonstrate the superiority of the proposed algorithm in terms of convergence speed and solution quality.

Generalization to Any Field of Toeplitz Matrix Vector Product Based on Multi-Way Splitting Method and Its Application

In several important applications, we often encounter with the computation of a Toeplitz matrix vector product (TMVP). In this work, we propose a k-way splitting method for a TMVP over any field F, which is a generalization of that over GF(2) presented by Hasan and Negre. Furthermore, as an application of the TMVP method over F, we present the first subquadratic space complexity multiplier over any finite field GF(pⁿ) defined by an irreducible trinomial.

A Fixed-Parameter Algorithm for Detecting a Singleton Attractor in an AND/OR Boolean Network with Bounded Treewidth

The Boolean network can be used as a mathematical model for gene regulatory networks. An attractor, which is a state of a Boolean network repeating itself periodically, can represent a stable stage of a gene regulatory network. It is known that the problem of finding an attractor of the shortest period is NP-hard. In this article, we give a fixed-parameter algorithm for detecting a singleton attractor (SA) for a Boolean network that has only AND and OR Boolean functions of literals and has bounded treewidth k. The algorithm is further extended to detect an SA for a constant-depth nested canalyzing Boolean network with bounded treewidth. We also prove the fixed-parameter intractability of the detection of an SA for a general Boolean network with bounded treewidth.

Graphical Calculus for Qutrit Systems

We introduce a graphical calculus for multi-qutrit systems (the qutrit ZX-calculus) based on the framework of dagger symmetric monoidal categories. This graphical calculus consists of generators for building diagrams and rules for transforming diagrams, which is obviously different from the qubit ZX-calculus. As an application of the qutrit ZX-calculus, we give a graphical description of a (2, 3) threshold quantum secret sharing scheme. In this way, we prove the correctness of the secret sharing scheme in a intuitively clear manner instead of complicated linear algebraic operations.

Bit-Express: A Loss Tolerant Network Transmission via Network Coding

Lossy communication networks may be one of the most challenging issues for Transmission Control Protocol (TCP), as random loss could be erroneously interpreted into congestion due to the original mechanism of TCP. Network coding (NC) promises significant improvement in such environment thanks to its ability to mix data across time and flows. Therefore, it has been proposed to combine with TCP called TCP-NC by MIT. In this paper, we dedicated to quantifying the R, a key parameter for redundant packets, and make it close to the loss rate as much as possible, which has not been considered in the previous research. All of these are done by the sender who is completely unconscious of the network situation. Simulation results by NS2 under both wired and wireless networks showed that our method retains all the advantages of TCP-NC, and meanwhile outperforms TCP-NC and the other TCP variants in time-varying lossy networks.

Blind Residual CFO Estimation under Single Data Block for Uplink Interleaved OFDMA

In this letter, an iterative carrier frequency offset (CFO) estimation approach is presented which finds a new CFO vector based on first order Taylor series expansion of the one initially given for interleaved orthogonal frequency division multiple access uplink systems. The problem of finding the new CFO vector is formulated as the closed form of a generalized eigenvalue problem, which allows one to readily solve it. The proposed estimator combined center-symmetric trimmed correlation matrix and orthogonal projection technique, which doesn't require eigenvalue decomposition and it only needs single data block.

On-Line Monaural Ambience Extraction Algorithm for Multichannel Audio Upmixing System Based on Nonnegative Matrix Factorization

The development of multichannel audio systems has increased the need for multichannel contents. However, the supply of multichannel audio contents is not sufficient for advanced multichannel systems. Therefore, home entertainment manufacturers need upmixing systems, including systems that utilize monaural time-frequency domain information. Therefore, a monaural ambience extraction algorithm based on nonnegative matrix factorization (NMF) has been developed recently. Ambience signals refer to sound components that do not have obvious spatial images, e.g., wind, rain, and diffuse sound. The developed algorithm provides good upmixing performance; however, the algorithm is a batch process and therefore, it cannot be used by home audio manufacturers. In this paper, we propose an on-line monaural ambience extraction algorithm. The proposed algorithm analyzes the dominant components with an on-line NMF algorithm, and extracts the remaining sound as ambience components. Experiments were performed with artificial mixed signals and real music signals, and the performance of the proposed algorithm was compared with the performance of the conventional batch algorithm as a reference. The experimental results show that the proposed algorithm extracts the ambience components as well as the batch algorithm, despite the on-line constraints.

Analysis of a Certificateless Aggregate Signature Scheme

An aggregate signature scheme,which is an extension of ordinary signature, allows anyone to compress n signatures of n messages from n signers into a single short signature for reducing the size multiple individual signatures. Recently, Liu et al. proposed an efficient certificateless aggregate signature scheme with shorter public key size, constant AS size and with constant pairing computations. Although they proved that the scheme has existential unforgeability against adaptive chosen messages attacks. However, in this paper, two concrete attacks are proposed to show that Liu et al.'s scheme actually does not reach the security as they claimed.

An Offline Dictionary Attack against Abdalla and Pointcheval's Key Exchange in the Password-Only Three-Party Setting

Although password-only authenticated key exchange (PAKE) in the three-party setting has been widely studied in recent years, it remains a challenging area of research. A key challenge in designing three-party PAKE protocols is to prevent insider dictionary attacks, as evidenced by the flaws discovered in many published protocols. In this letter, we revisit Abdalla and Pointcheval's three-party PAKE protocol from FC 2005 and demonstrate that this protocol, named 3PAKE, is vulnerable to a previously unpublished insider offline dictionary attack. Our attack is dependant on the composition of 3PAKE and the higher-level protocol that uses the established session key.

Hidden Credential Retrieval, Revisited

Hidden Credential Retrieval (HCR) protocols are designed for access credentials management where users who remember short passwords can retrieve his/her various credentials (access keys and tokens) with the help of a remote storage server over insecure networks (e.g., the Internet). In this paper, we revisit two HCR protocols, both of which are based on blind signature schemes: one (we call it B-HCR) was proposed in ASIACCS 2009 and the other (we call it MRS-HCR) was in WISA 2010. In particular, we show that the B-HCR protocol is insecure against an outside attacker who impersonates server S. Specifically, the attacker can find out the user's password pw with off-line dictionary attacks by eavesdropping the communications between the user and a third-party online service provider. Also, we show that the MRS-HCR protocol does not work correctly itself. In other words, user U can not retrieve the plaintext Msg (i.e., credentials) even if he/she has a knowledge of the password.

On the LFSRization of a Class of FCSR Automata

Feedback with carry shift registers (FCSRs) implemented using Galois representation have been found to have a weakness called LFSRization. It leads to powerful attacks against the stream ciphers based on them. A new representation called ring representation has been proposed to avoid the attacks. It was considered to circumvent the weaknesses of Galois FCSRs. This correspondence presents a class of ring FCSRs, which meet the implementation criteria, but are still possible to maintain linear behavior for several clock cycles. Their LFSRization probability and how to improve their security are also mentioned.

Robust Time Synchronization Algorithm for IEEE 802.11ac WLAN Systems

In this letter, a robust time synchronization algorithm is proposed for MIMO-OFDM based WLAN systems. IEEE 802.11ac MIMO-OFDM WLAN standard specifies that the preamble with cyclic shift diversity (CSD) scheme is used for time and frequency synchronization. However, since the CSD scheme introduces multiple cross-correlation peaks at the receiver, serious performance degradation appears if the conventional cross-correlation based algorithm is applied. In the proposed algorithm, the time synchronization error due to multiple peaks is compensated by adding the cross-correlation value to its reverse cyclic-shifted version. Simulation results show that the proposed algorithm achieves an SNR gain of 1.5 to 4.5dB for the synchronization failure rate of 10^-2 compared with the existing algorithms.

Collaborative Spectrum Sensing via L_1/2 Regularization

This letter studies the problem of cooperative spectrum sensing in wideband cognitive radio networks. Based on the basis expansion model (BEM), the problem of estimation of power spectral density (PSD) is transformed to estimation of BEM coefficients. The sparsity both in frequency domain and space domain is used to construct a sparse estimation structure. The theory of L_1/2 regularization is used to solve the compressed sensing problem. Simulation results demonstrate the effectiveness of the proposed method.