IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E99.A 巻, 1 号

Refined Glimpse Correlations of RC4

RC4 stream cipher, designed by Rivest in 1987, is widely used in various standard protocols and commercial applications. After the disclosure of RC4 algorithm in 1994, many cryptanalytic results on RC4 have been reported. In 1996, Jenkins discovered correlations between a keystream byte and an internal state variable. This is known as the Glimpse theorem. In 2013, Maitra and Sen Gupta proved the Glimpse theorem and showed other correlations between two consecutive keystream bytes and an internal state variable. This is called the long-term Glimpse. These correlations provide only cases with positive biases, and hold generally on any round. In this paper, we refine known Glimpse correlations from two aspects. One is to find new positive or negative biases on all values in addition to a known value. The other is to provide precise biases on specific rounds. As a result, we can discover 6 cases with several new biases, and prove these cases theoretically. From the first refinement, combining our new biases with known one, the long-term Glimpse with positive biases is integrated into a whole. From the second refinement, we can successfully find that two correlations on specific rounds become an impossible condition.

A Collision Attack on a Double-Block-Length Compression Function Instantiated with 8-/9-Round AES-256

This paper presents the first non-trivial collision attack on the double-block-length compression function presented at FSE 2006 instantiated with round-reduced AES-256: f₀(h₀||h₁,M)||f₁(h₀||h₁,M) such that   f₀(h₀||h₁, M) = E_h1||M(h₀)⊕h₀ ,   f₁(h₀||h₁,M) = E_h1||M(h₀⊕c)⊕h₀⊕c ,   where || represents concatenation, E is AES-256 and c is a 16-byte non-zero constant. The proposed attack is a free-start collision attack using the rebound attack proposed by Mendel et al. The success of the proposed attack largely depends on the configuration of the constant c: the number of its non-zero bytes and their positions. For the instantiation with AES-256 reduced from 14 rounds to 8 rounds, it is effective if the constant c has at most four non-zero bytes at some specific positions, and the time complexity is 2⁶⁴ or 2⁹⁶. For the instantiation with AES-256 reduced to 9 rounds, it is effective if the constant c has four non-zero bytes at some specific positions, and the time complexity is 2¹²⁰. The space complexity is negligible in both cases.

Generic Internal State Recovery on Strengthened HMAC: n-bit Secure HMAC Requires Key in All Blocks

HMAC is the most widely used hash based MAC scheme. Recently, several generic attacks have been presented against HMAC with a complexity between 2^n/2 and 2ⁿ, where n is the output size of an underlying hash function. In this paper, we investigate the security of strengthened HMAC instantiated with a Merkle-Damgård hash function in which the key is used to process underlying compression functions. With such a modification, the attacker is unable to precompute the property of the compression function offline, and thus previous generic attacks are prevented. In this paper, we show that keying the compression function in all blocks is necessary to prevent a generic internal state recovery attack with a complexity less than 2ⁿ. In other words, only with a single keyless compression function, the internal state is recovered faster than 2ⁿ. To validate the claim, we present a generic attack against the strengthened HMAC instantiated with a Merkle-Damgård hash function in which only one block is keyless, thus pre-computable offline. Our attack uses the previous generic attack by Naito et al. as a base. We improve it so that the attack can be applied only with a single keyless compression function while the attack complexity remains unchanged from the previous work.

Efficient Implementations for Practical Linear Cryptanalysis and Its Application to FEAL-8X

Linear cryptanalysis proposed by Matsui is one of the most effective attacks on block ciphers. Some attempts to improve linear cryptanalysis have been made since Matsui introduced. We focus on how to optimize linear cryptanalysis with such techniques, and we apply the optimized linear cryptanalysis on FEAL-8X. First, we evaluate two existing implementation methods so as to optimize the computation time of linear cryptanalysis. Method 1 removes redundant round function computations and optimizes the other computation of linear cryptanalysis by transforming it into bitwise operations. Method 2 transforms the computation of linear cryptanalysis into a matrix multiplication and reduces the time complexity of the multiplication using the fast Fourier transform (FFT). We implement both methods optimized for modern microprocessors and compare their computation time to clarify the appropriate method for practical cryptanalysis. From the result, we show that the superior implementation depends on the number of given known plaintexts (KPs) and that of guessed key bits. Furthermore, we show that these results enable us to select the superior method to implement linear cryptanalysis without another comparative experiment. By using the superior method, we implement the multiple linear cryptanalysis (MLC) on FEAL-8X. Our implementation can recover the secret key of FEAL-8X with 2¹⁰KPs in practical computation time with non-negligible probability, and it is the best attack on FEAL-8X in data complexity.

Practical Forgeries and Distinguishers against PAES

We present two practical attacks on the CAESAR candidate PAES. The first attack is a universal forgery for any plaintext with at least 240 bytes. It works for the nonce-repeating variant of PAES and in a nutshell it is a state recovery based on solving differential equations for the S-Box leaked through the ciphertext that arise when the plaintext has a certain difference. We show that to produce the forgery based on this method the attacker needs only 2¹¹ time and data. The second attack is a distinguisher for 2⁶⁴ out of 2¹²⁸ keys that requires negligible complexity and only one pair of known plaintext-ciphertext. The attack is based on the lack of constants in the initialization of the PAES which allows to exploit the symmetric properties of the keyless AES round. Both of our attacks contradict the security goals of PAES.

Message Extension Attack against Authenticated Encryptions: Application to PANDA

We present a new cryptanalysis approach to analyze the security of a class of authenticated encryption schemes, which shares similarity with the previous length extension attack against hash-function-based MACs. Hence we name our approach by message extension attack. For an authenticated encryption from the target class, it consists of three phases; initialization with nonce and key as input, state update function with associated data and message as input and tag generation with updated state as input. We will show how to mount a forgery attack in the nonce-repeating model under the chosen-plaintext scenario, when both state update function and tag generation is built based on the same function. To demonstrate the effectiveness of our message extension attack approach, we apply it to a dedicated authenticated encryption called PANDA, which is a candidate of the ongoing CAESAR cryptographic competition. We successfully found an existential forgery attack on PANDA with 2⁵ chosen plaintexts, 2⁶⁴ computations, and a negligible memory, and it breaks the claimed 128-bit security for the nonce-repeating model. We note that this is the first result that breaks the security claim of PANDA, which makes it withdrawn from the CAESAR competition by its designer.

Cryptanalysis of the Multivariate Signature Scheme Proposed in PQCrypto 2013

In PQCrypto 2013, Yasuda, Takagi and Sakurai proposed a new signature scheme as one of multivariate public key cryptosystems (MPKCs). This scheme (called YTS) is based on the fact that there are two isometry classes of non-degenerate quadratic forms on a vector space with a prescribed dimension. The advantage of YTS is its efficiency. In fact, its signature generation is eight or nine times faster than Rainbow of similar size. For the security, it is known that the direct attack, the IP attack and the min-rank attack are applicable on YTS, and the running times are exponential time for the first and the second attacks and sub-exponential time for the third attack. In the present paper, we give a new attack on YTS whose approach is to use the diagonalization of matrices. Our attack works in polynomial time and it actually recovers equivalent secret keys of YTS having 140-bits security against min-rank attack in around fifteen seconds.

Proposal of the Multivariate Public Key Cryptosystem Relying on the Difficulty of Factoring a Product of Two Large Prime Numbers

Currently there is not any prospect of realizing quantum computers which can compute prime factorization, which RSA relies on, or discrete logarithms, which ElGamal relies on, of practical size. Additionally the rapid growth of Internet of Things (IoT) is requiring practical public key cryptosystems which do not use exponential operation. Therefore we constituted a cryptosystem relying on the difficulty of factoring the product of two large prime numbers, based on the Chinese Remainder Theorem, fully exploiting another strength of MPKC that exponential operation is not necessary. We evaluated its security by performing the Gröbner base attacks with workstations and consequently concluded that it requires computation complexity no less than entirely random quadratic polynomials. Additionally we showed that it is secure against rank attacks since the polynomials of central map are all full rank, assuming the environment of conventional computers.

Packing Messages and Optimizing Bootstrapping in GSW-FHE

We construct the first fully homomorphic encryption (FHE) scheme that encrypts matrices and supports homomorphic matrix addition and multiplication. This is a natural extension of packed FHE and thus supports more complicated homomorphic operations. We optimize the bootstrapping procedure of Alperin-Sheriff and Peikert (CRYPTO 2014) by applying our scheme. Our optimization decreases the lattice approximation factor from Õ(n³) to Õ(n^2.5). By taking a lattice dimension as a larger polynomial in a security parameter, we can also obtain the same approximation factor as the best known one of standard lattice-based public-key encryption without successive dimension-modulus reduction, which was essential for achieving the best factor in prior works on bootstrapping of standard lattice-based FHE.

Semi-Generic Transformation of Revocable Hierarchical Identity-Based Encryption and Its DBDH Instantiation

Boneh and Franklin considered to add the revocation functionality to identity-based encryption (IBE). Though this methodology is applicable to any IBE and hierarchical IBE (HIBE), the resulting scheme is non-scalable. Therefore, a generic transformation of scalable revocable (H)IBE (R(H)IBE) from non-scalable R(H)IBE is really desirable. Towards this final goal, in this paper we introduce prototype RHIBE which does not require to be scalable (but requires some conditions), and propose a generic transformation of scalable RHIBE from prototype RHIBE. Moreover, we construct a prototype RHIBE scheme based on the decisional bilinear Diffie-Hellman (DBDH) assumption. Since our prototype RHIBE provides history-free update, insider security, and decryption key exposure resistance, our construction yields the first RHIBE scheme based on the static assumption with these desirable properties.

Adaptively Attribute-Hiding (Hierarchical) Inner Product Encryption

This paper proposes the first (practical) inner product encryption (IPE) scheme that is adaptively secure and fully attribute-hiding (attribute-hiding in the sense of the definition by Katz, Sahai and Waters), while the existing (practical) IPE schemes are either fully attribute-hiding but selectively secure or adaptively secure but weakly attribute-hiding. The proposed IPE scheme is proven to be adaptively secure and fully attribute-hiding under the decisional linear assumption in the standard model. The IPE scheme is comparably as efficient as the existing (practical) attribute-hiding IPE schemes. We also present a variant of the proposed IPE scheme with the same security that achieves shorter public and secret keys. A hierarchical IPE scheme can be constructed that is also adaptively secure and fully attribute-hiding under the same assumption. In this paper, we extend the dual system encryption technique by Waters into a more general manner, in which new forms of ciphertext and secret keys are employed and new types of information theoretical tricks are introduced along with several forms of computational reduction.

Experimental Evaluation on the Resistance of Latch PUFs Implemented on ASIC against FIB-Based Invasive Attacks

PUF (Physically Unclonable Function) technologies attract attention as a candidate to prevent counterfeit chips. A latch PUF is known as a high performance PUF among various types of proposed PUFs. In this paper we describe an experiment on a invasive attack to a latch PUF consisting of RS latches, such as measuring the latch output by a probe contact after a FIB (Focused Ion Beam) processing. As a result, we confirmed that the latch PUF has a tolerance for the dynamic analysis, because the RS latch output was influenced and changed after the FIB processing in our experiments.

Cryptanalysis and Improvement of a Provably Secure RFID Ownership Transfer Protocol

Radio Frequency Identifications (RFID) are useful low-cost devices for identification or authentication systems through wireless communication. The ownership of the RFID tag is frequently changed in the life cycle of the tag, it may fall in to the hands of a malicious adversary. The privacy problem in this situation is studied in the RFID ownership transfer protocol. However, almost all previous works provide only heuristic analysis and many protocols are broken. Elkhiyaoui et al. defined the security model for RFID ownership transfer protocols and proposed the detailed security proof to their protocol, but we show that their protocol does not provide enough privacy and cover the realistic attack. We investigate a suitable security model for RFID ownership transfer protocols and provide a new provably secure RFID ownership transfer protocol.

Analysis of the Dimitrov-Jullien-Miller Recoding Algorithm

In 2000, Dimitrov, Jullien, and Miller proposed an efficient and simple double-exponentiation algorithm based on a signed-digit recoding algorithm. The average joint Hamming ratio (AJHR) was reduced from 0.556 to 0.534 by using the recoding algorithm. In this paper, the DJM recoding algorithm was extended to three types: the 3-digit sliding window, the 1-digit right-to-left sliding window, and the 1-digit left-to-right sliding window. The average joint Hamming ratios of the three cases were 0.521, 0.515, and 0.511, respectively.

A RAT Detection Method Based on Network Behavior of the Communication's Early Stage

Remote Access Trojans (RAT) is a spyware which can steal the confidential information from a target organization. The detection of RATs becomes more and more difficult because of targeted attacks, since the victim usually cannot realize that he/she is being attacked. After RAT's intrusion, the attacker can monitor and control the victim's PC remotely, to wait for an opportunity to steal the confidential information. As this situation, the main issue we face now is how to prevent confidential information being leaked back to the attacker. Although there are many existing approaches about RAT detection, there still remain two challenges: to detect RAT sessions as early as possible, and to distinguish them from the normal applications with a high accuracy. In this paper, we propose a novel approach to detect RAT sessions by their network behavior during the early stage of communication. The early stage is defined as a short period of time at communication's beginning; it also can be seen as the preparation period of the communication. We extract network behavior features from this period, to differentiate RAT sessions and normal sessions. For the implementation and evaluation, we use machine learning techniques with 5 algorithms and K-Fold cross-validation. As the results, our approach could detect RAT sessions in the communication's early stage with the accuracy over 96% together with the FNR of 10% by Random Forest algorithm.

Impossible Differential Attack against 14-Round Piccolo-80 without Relying on Full Code Book

Piccolo is a lightweight block cipher proposed by Sony Corporation in 2011. The designers showed two key modes, Piccolo-80 and Piccolo-128, which use an 80-bit secret key and a 128-bit one, respectively. Isobe and Shibutani estimated the security of Piccolo-80, and they showed that 14-round (reduced) Piccolo-80 w/o whitening keys is vulnerable against the Meet-in-the-Middle attack. The time complexity of their attack is about 2⁷³, but unfortunately it requires 2⁶⁴ texts, namely, the full code book. In this paper, we propose a new impossible differential attack against 14-round Piccolo-80 w/o whitening keys, and it can recover the secret key without relying on the full code book. The time complexity is 2⁶⁸ and it uses 2^62.2 distinct know plaintexts.

Approximately-Zero Correlation Zone Sequence Set

An algorithm that finds a set of real-valued approximately-zero correlation zone (AZCZ) sequences is proposed on the basis of the concept of feedback-controlled direct-sequence code-division multiple access (FC/DS-CDMA). It is known that ordinary algorithms can construct low correlation zone (LCZ) and zero correlation zone (ZCZ) sequence sets in which the choices of the number of sequences, sequence length, and LCZ or ZCZ length are limited. It is shown that the proposed algorithm finds AZCZ sequence sets by a numerical method under arbitrary conditions. The properties of AZCZ sequence sets are evaluated in terms of the autocorrelation and cross-correlation functions. It is shown that the periodic autocorrelation and cross-correlation functions take small values within a designated AZCZ. It is also shown that we can construct approximately-perfect sequences that have approximately ideal autocorrelation functions and new sequence sets that have multiple AZCZs using the proposed algorithm.

Wideband Power Spectrum Sensing and Reconstruction Based on Single Channel Sub-Nyquist Sampling

A major challenge in wideband spectrum sensing, in cognitive radio system for example, is the requirement of a high sampling rate which may exceed today's best analog-to-digital converters (ADCs) front-end bandwidths. Compressive sampling is an attractive way to reduce the sampling rate. The modulated wideband converter (MWC) proposed recently is one of the most successful compressive sampling hardware architectures, but it has high hardware complexity owing to its parallel channels structure. In this paper, we design a single channel sub-Nyquist sampling scheme to bring substantial savings in terms of not only sampling rate but also hardware complexity, and we also present a wideband power spectrum sensing and reconstruction method for bandlimited wide-sense stationary (WSS) signals. The total sampling rate is only one channel rate of the MWC's. We evaluate the performance of the sensing model by computing the probability of detecting signal occupancy in terms of the signal-to-noise ratio (SNR) and other practical parameters. Simulation results underline the promising performance of proposed approach.

Theoretical Bit Error Rate in a Circular Polarized Optical OFDM System

Circular Polarized Optical OFDM (CPO-OFDM) is a system that applies OFDM to optical wireless communications. This system separates OFDM signals into positive and negative signals and converts these signals into left-handed and right-handed polarization and then multiplexes the resulting polarized signals. In CPO-OFDM, the separated signals must be combined at the receiver. Then, as a noise-reduction method, the comparison method compares the signal amplitudes of the positive and negative signals and uses the signal having the larger amplitude as the received signal. However, if we use the comparison method when the received signals have background light, the combined signals are distorted. In the present paper, we herein report a method by which the receiver estimates the amplitude of the background light and then removes the background light, which is easily accomplished. Furthermore, we also report a theoretical method for analyzing the bit error rate (BER). We develop a closed form of the theoretical formula for the BER in an additive white Gaussian noise (AWGN) channel. By using this formula and through numerical integration, we investigate the theoretical BER for a scintillation channel. We compare the results of the theoretical analysis with those of the simulations. As a result, the theoretical BER is generally coincident with the BER obtained through simulation. Even if we use the closed-form formula, we can derive the BER with sufficient accuracy.

Throughput Analyses Based on Practical Upper Bound for Adaptive Modulation and Coding in OFDM MIMO Multiplexing

This paper proposes a practical throughput upper bound that considers physical layer techniques using adaptive modulation and coding (AMC) for orthogonal frequency division multiplexing (OFDM) multiple-input multiple-output (MIMO) multiplexing. The proposed upper bound is computed from the modulation and coding scheme (MCS) that provides the maximum throughput considering the required block error rate (BLER) at the respective received signal-to-noise power ratios as a constraint. Then, based on the practical throughput upper bound, we present the causes of impairment for selecting the best MCS based on the computed mutual information for OFDM MIMO multiplexing. More specifically, through the evaluations, we investigate the effect of MCS selection error on an increasing maximum Doppler frequency due to the round trip delay time and the effect of channel estimation error of maximum likelihood detection associated with reference signal based channel estimation.

Joint Blind Compensation of Inter-Block Interference and Frequency-Dependent IQ Imbalance

In this letter, we propose a blind adaptive algorithm for joint compensation of inter-block interference (IBI) and frequency-dependent IQ imbalance using a single time-domain equalizer. We combine the MERRY algorithm for IBI suppression with the differential constant modulus algorithm to compensate for IQ imbalance. The effectiveness of the proposed algorithm is shown through computer simulations.

Distance Estimation Based on Statistical Models of Received Signal Strength

In this letter, we propose a new distance estimation method based on statistical models of a Received Signal Strength (RSS) at the receiver. The conventional distance estimator estimates the distance between the transmitter and the receiver based on the statistical average of the RSS when the receiver obtains instantaneous RSS and an estimate of the hyperparameters which consists of the path loss exponent and so on. However, it is well-known that instantaneous RSS does not always correspond to the average RSS because the RSS varies in accordance with a statistical model. Although the statistical model has been introduced for the hyperparameters estimation and the localization system, the conventional distance estimator has not yet utilized it. We introduce the statistical model to the distance estimator whose expected value of the estimate corresponds to true distance. Our theoretical analysis establishes that the proposed distance estimator is preferable to the conventional one in order to improve accuracy in the expected value of the distance estimate. Moreover, we evaluate the Mean Square Error (MSE) between true distance and the estimate. We provide evidence that the MSE is always proportional to the square of the distance if the estimate of the hyperparameters is ideally obtained.

RCS Measurements for Vehicles and Pedestrian at 26 and 79GHz

The RCS of a radar target is an important factor related with the radar performance such as detection, tracking and classification. When dealing with the design of 26/79GHz automotive surveillance radar system, it is essential to know individual RCS of typical vehicles and pedestrian. However, there are few papers related to the RCS measurement at 26 and 79GHz. In this letter, the RCS measurements of typical vehicles and pedestrian were performed in a large-scale anechoic chamber room and the characteristics are discussed.

In-Vehicle Network Security Using Secure Element

As there are no security mechanisms in the vehicle controller area network (CAN) protocol, it is easy to inject fake packets, codes and electric control units (ECUs) in the CAN to hijack vehicle control. Security countermeasures for both the CAN and the ECU are urgently required to improve driving safety. In this paper, we propose in-vehicle network securities using the hardware secure elements as follows: (i) secure boot of ECU, (ii) authentication of an ECU, (iii) authentication of a CAN packet, and (iv) cipher key exchange procedures from a master ECU to slave ECUs. The security algorithms are implemented in a subscriber identity module card (SIM) embedded in the master ECU's board and in a hardware security module (HSM) embedded in a slave ECU. The SIM generates and distributes cipher keys to the authenticated HSM. Then, the HSM generates a media authentication code (MAC) for the CAN packet by using the cipher keys.

Performance Improvement of RTK-GNSS with IMU and Vehicle Speed Sensors in an Urban Environment

The increasing demand for navigation and automation has led to the development of a number of accurate and precise navigation applications that make use of the Global Navigation Satellite System (GNSS) and additional sensors. One of the precise navigation techniques in GNSS, the real-time kinematic (RTK) technique, is well known. In this method, once the correct integer ambiguities are found in the carrier phase observation data, position can be determined to within 10cm. In particular, the advent of QZSS and BeiDou satellites can increase the availability of RTK-GNSS (relative to RTK using only GPS). It is understood that the increasing availability of RTK-GNSS will improve the performance of the integration of GNSS with additional sensors because the errors due to the inertial measurement unit (IMU) accumulate as time goes on. On the other hand, GNSS tends to suffer from multipath errors, especially in urban environments. To overcome this problem, a method was developed for improving RTK-GNSS using a low-cost IMU and conventional vehicle speed sensors. In this study, the quality of the complete observation data was assessed based on the carrier-to-noise ratio and satellite elevation angle, and the least-squares ambiguity decorrelation adjustment method and the ratio test were used to obtain fixed positions. We used speed information obtained from Doppler measurements as an alternative source of information; information from the IMU and vehicle speed sensor (integrated with the RTK-GNSS via a Kalman Filter) was used when there were no visible satellites. We also used the IMU and vehicle speed sensors to detect wrong fixes in the RTK-GNSS. A position and orientation system for land vehicles (Applanix) was used to estimate the reference positions. During GNSS outages, it is important to accurately determine the last heading of the car for precise navigation. In this study, it was found that GNSS Doppler-based direction data are required to obtain better direction information. The results of the experiment demonstrate that our proposed method is, to some extent, beneficial as an alternative to the conventional RTK-GPS in an urban environment.

Improving Performance of DS/SS-IVC Scheme Based on Location Oriented PN Code Allocation

Currently, IEEE802.11p and ARIB STD T-109 are available as the typical inter-vehicle communication (IVC) standards. Carrier sense multiple access/collision avoidance (CSMA/CA) and orthogonal frequency division multiplexing (OFDM) are used in these standards. However, the performance degrades when there are hidden terminals. In this paper, IVC system that using a direct sequence spread spectrum (DS/SS) modulation scheme is discussed because it has code division multiple access (CDMA) capability. In DS/SS-IVC scheme, it is possible to avoid hidden terminal problem. On the other hand, near-far problem (NFP), multiple access interference (MAI) and interference by equivalent pseudo noise (PN) codes occurs in DS/SS communication. These problems cause performance degradation. In this paper, interference cancellation scheme and slotted ALOHA scheme with code sensing are applied so as to mitigate the impact of MAI, NFP and interference by equivalent PN code. By applying interference cancellation scheme and slotted ALOHA scheme with code sensing, the performance of DS/SS-IVC is improved. In this paper, location oriented PN code allocation is focused on as a method of PN code assignment. However, DS/SS-IVC scheme based on location oriented PN code allocation has a problem. Since each vehicle obtain PN code based on the position that is estimated by GPS, performance degrades when GPS positioning error occurs. Therefore, the positioning system of DS/SS-IVC scheme is also discussed in this paper. Elimination of ranging data that has large ranging error is proposed in addition to interference cancellation scheme and slotted ALOHA scheme with code sensing in order to improve the performance of positioning. From the simulation results, the positioning error can be mitigated by applying these proposed techniques.

A Novel Method of Vehicle Trajectory Estimation with Portable Navigation Device for Dense Urban Environments

In recent years, various Portable Navigation Devices (PND) such as smart-phones are becoming popular as a vehicle navigation device. To compare with a conventional built-in navigation system, PND has advantages that it is low cost and easily mounted to the vehicle. On the other hand, PND has also disadvantage that in the most case it cannot obtain the reliable vehicle speed information such as wheel pulse information and that induces degradation of vehicle trajectory estimation (dead-reckoning). The vehicle trajectory estimation is the positioning method using inertial sensors, and generally used when GPS is not available. So in urban area where GPS signals are blocked or reflected by tall buildings, the degradation of vehicle trajectory estimation may cause the severe increase of position error. Accordingly, in this study two approaches are proposed to improve vehicle trajectory estimation with PND. The first one is the accurate speed estimation using time-series tightly coupled integration of accelerometer, gyro, and Doppler shift of GPS. And the second one is the correction of trajectory error using backward refinement that can work even in real-time processing. The experimental result in Shinjuku which is dense urban city shows that the error of vehicle trajectory estimation was reduced to 1/4 compared with the previous method.

Analysis of Elderly Drivers' Performance Using Large-Scale Test Data

This study explored the question of how to minimize older drivers' accidents and to identify at-risk drivers by analyzing their driving performance. Previous traffic research reported that there were two factors involved in risky driving, namely driving risk perception and risky driving attitude. We investigated these two factors as indicators of an at-risk driver by using large-scale test data from license renewal tests that are obligatory for Japanese drivers who are 70 years of age or older. The tests include a driving simulator test, an on-road test, and a cognitive screening test. By using these assessments and predictions made with renewal driving tests, we were able to indicate the possibility of identifying at-risk drivers.

Cooperative Distributed STBC Transmission Scheme for Multi-Hop V2V Communications

This paper proposes a novel cooperative scheme combining distributed space-time block code (STBC) at physical layer, multiple access protocol at medium access control (MAC) layer and opportunistic routing without complicated routing algorithm for achieving high reliability for vehicle-to-vehicle (V2V) communications. The proposed scheme can reduce interference and collision, and achieve reducing redundant broadcast of safety-related messages for multi-hop vehicular communications on highway. In particular, we propose a novel algorithm of relay selection based-on position, speed and direction of movement to select intermediate vehicle stations (VS) with high contribution according to the transmission direction. Furthermore, in order to reduce interference and collision, we install a new timer to select a master relay vehicle station (MVS) which manages a packet transmission of whole network to trigger and synchronize transmitting timing of relay VSs (RVSs) in each hop. From the results of simulations, we can confirm that the proposed method can achieve reducing the redundant broadcast safety-related messages with keeping the packet loss probability by limiting the retransmission at each VS.

High-Speed Visible Light Communication Using Combination of Low-Speed Image Sensor and Polygon Mirror

Visible light communication is one of the key technologies for intelligent transport systems (ITS). However, current visible light communication systems require high-cost devices, such as high-speed image sensors, to support their high transmission rates. In this paper, we designed a communication system with combination of a low-speed commercial image sensor and a polygon mirror — namely, a fast-blinking light signal is scanned by the polygon mirror and captured as a residual image on the low-speed image sensor — to achieve visible light communication on existing mobile devices with high transmission rates. We also analyzed some required conditions, such as the relationship between the exposure time of the image sensor and the optimal resolution, and conducted experiments for performance evaluation. As a result, we found that the proposed system could achieve a data rate of 120bps, 10 times faster than that of the existing scheme when we compare them using the same image sensor. We also found that the proposed system can achieve a practical bit error rate in a low-noise environment.

Accurate Estimation of Pedestrian Orientation from On-Board Camera and Inertial Sensors

Autonomous driving is not only required to detect pedestrians around vehicles, but also expected to understand the behaviors of pedestrians. Pedestrian body orientation and head orientation are the relevant indicators of the pedestrian intention. This paper proposes an accurate estimation system to recognize the pedestrian body orientation and the pedestrian head orientation from on-board camera and inertial sensors. The proposed system discretizes the body orientation and the head orientation into 16 directions. In order to achieve the accurate orientation estimation, a novel training database is established, which includes strongly labeled data and weakly labeled data. Semi-Supervised Learning method is employed to annotate the weakly labeled data, and to generate the accurate classifier based on the proposed training database. In addition, the temporal constraint and the human physical model constraint are considered in orientation estimation, which are beneficial to the reasonable and stable result of orientation estimation for the pedestrian in image sequences. This estimated result is the orientation in camera space. The comprehension of the pedestrian behavior needs to be conducted in the real world space. Therefore, this paper proposes to model the motion of the host vehicle using inertial sensor, then transforms the estimated orientation from camera space to the real world space by considering the vehicle and pedestrian motion. The represented orientation indicates the behavior of the pedestrian more directly. Finally, a series of experiments demonstrate the effectiveness of the proposed pedestrian orientation system.

New Types of Markers and the Integration of M-CubITS Pedestrian WYSIWYAS Navigation Systems for Advanced WYSIWYAS Navigation Environments

This paper presents two new types of markers of M-CubITS (M-sequence Multimodal Markers for ITS; M-Cubed for ITS) that is a ground-based positioning system, in order to advance the WYSIWYAS (What You See Is What You Are Suggested) navigation environments providing intuitive guidance. One of the new markers uses warning blocks of textured paving blocks that are often at important points as for pedestrian navigation, for example, the top and bottom of stairs, branch points, and so on. The other uses interlocking blocks that are often at wide spaces, e.g., pavements of plazas, parks, sidewalks and so on. Furthermore, we construct the integrated pedestrian navigation system equipped with the automatic marker-type identification function of the three types of markers (the warning blocks, the interlocking blocks, and the conventional marker using guidance blocks of textured paving blocks) in order to enhance the spatial availability of the whole M-CubITS and the navigation system. Consequently, we show the possibility to advance the WYSIWYAS navigation environments through the performance evaluation and the operation confirmation of the integrated system.

A Design Methodology for Positioning Sub-Platform on Smartphone Based LBS

This paper presents a design methodology for positioning sub-platform from the viewpoint of positioning for smartphone-based location-based services (LBS). To achieve this, we analyze a mechanism of positioning error generation including principles of positioning sub-systems and structure of smartphones. Specifically, we carry out the experiments of smartphone positioning performance evaluation by the smartphone basic API (Application Programming Interface) and by the wireless LAN in various environments. Then, we describe the importance of considering three layers as follows: 1) the lower layer that caused by positioning sub-systems, e.g., GPS, wireless LAN, mobile base stations, and so on; 2) the middle layer that caused by functions provided from the platform such as Android and iOS; 3) the upper layer that caused by operation algorithm of applications on the platform.

Evaluation of a Hierarchical Cooperative Transport System Using Demand Responsive Bus on a Dynamic Simulation

This paper describes a hierarchical and cooperative transport system with demand responsive buses to improve service quality of public transport system in city area and its suburbs. To provide the demand responsive buses generally requires planning route and schedule called dial-a-ride problem. However, the problem complexity increases with the increasing of the number of requests. Therefore, we propose the hierarchical and cooperative transport system. Framework of the system can reduce scale of the problem by grouping customers. We have evaluated the proposed system on a static simulation and a dynamic microscopic simulation. The simulation result has shown the system could improve service quality by reducing customer's load. Moreover, the result of the dynamic simulation have provided the detailed features of the system.

Indoor Positioning Based on Fingerprinting Method by Incoming GPS Signals

Incoming GPS signals through windows can be often observed indoors. However, conventional indoor positioning systems do not use Global Positioning System (GPS) generally because the signals may come in NLOS (Non Line of Sight). In this paper, we propose a positioning method by fingerprinting based on the incoming GPS signals.

Stochastic Resonance of Signal Detection in Mono-Threshold System Using Additive and Multiplicative Noises

The phenomenon of stochastic resonance (SR) in a mono-threshold-system-based detector (MTD) with additive background noise and multiplicative external noise is investigated. On the basis of maximum a posteriori probability (MAP) criterion, we deal with the binary signal transmission in four scenarios. The performance of the MTD is characterized by the probability of error detection, and the effects of system threshold and noise intensity on detectability are discussed in this paper. Similar to prior studies that focus on additive noises, along with increases in noise intensity, we also observe a non-monotone phenomenon in the multiplicative ways. However, unlike the case with the additive noise, optimal multiplicative noises all tend toward infinity for fixed additive noise intensities. The results of our model are potentially useful for the design of a sensor network and can help one to understand the biological mechanism of synaptic transmission.

Power Reduction of Variable Wordlength OFDM Receiver in Time-Varying Fading Channels by Monitoring Subcarrier SNRs

Determination of wordlength is essential for designing digital circuits because the wordlength affects system performance, hardware size, and power consumption. Variable wordlength methods that a system dynamically and effectively changes the wordlength depending on surrounding environments have been studied for power reduction in wireless systems. The conventional variable wordlength methods induce communication performance degradation when compared with a floating-point representation in time-varying fading channels. This paper discusses rapid wordlength control on packet basis and proposes a new method based on monitoring subcarrier SNRs in an OFDM receiver. The proposed method can estimate signal quality accurately and can decrease the wordlength decision errors. The simulation results have indicated that the proposed method shows better PER performance compared with the conventional methods.

Generalized Sliding Discrete Fourier Transform

The sliding discrete Fourier transform (DFT) is a well-known algorithm for obtaining a few frequency components of the DFT spectrum with a low computational cost. However, the conventional sliding DFT cannot be applied to practical conditions, e.g., using the sine window and the zero-padding DFT, with preserving the computational efficiency. This paper discusses the extension of the sliding DFT to such cases. Expressing the window function by complex sinusoids, a recursive algorithm for computing a frequency component of the DFT spectrum using an arbitrary sinusoidal window function is derived. The algorithm can be easily extended to the zero-padding DFT. Computer simulations using very long signals show the validity of our algorithm.

Consensus for Heterogeneous Uncertain Multi-Agent Systems with Jointly Connected Topology

This paper investigates the consensus problem of heterogeneous uncertain multi-agent systems with jointly connected topology, where the considered systems are composed of linear first-order, second-order dynamics and nonlinear Euler-Lagrange (EL) dynamics. The consensus protocol is designed to converge the position and velocity states of the linear and nonlinear heterogeneous multi-agent systems under joint connected topology, and then the adaptive consensus protocol is also proposed for heterogeneous multi-agent systems with unknown parameters in the EL dynamics under jointly connected topology. Stability analysis for piecewise continuous functions induced by the jointly connection is presented based on Lyapunov function and Cauchy's convergence criteria. Finally, some simulation results are provided to verify the effectiveness of the proposed methods.

Independent Spanning Trees of 2-Chordal Rings

Two spanning trees T₁,T₂ of a graph G = (V,E) are independent if they are rooted at the same vertex, say r, and for each vertex v ∈ V, the path from r to v in T₁ and the path from r to v in T₂ have no common vertices and no common edges except for r and v. In general, spanning trees T₁,T₂,…,T_k of a graph G = (V,E) are independent if they are pairwise independent. A graph G = (V,E) is called a 2-chordal ring and denoted by CR(N,d₁,d₂), if V = {0,1,…,N-1} and E = {(u,v)|[v-u]_N = 1 or [v-u]_N = d₁ or [v-u]_N = d₂, 2 ≤ d₁ < d₂ ≤ N/2}. CR(N,d₁,N/2) is 5-connected if N ≥ 8 is even and d₁ ≠ N/2-1. We give an algorithm to construct 5 independent spanning trees of CR(N,d₁,N/2),N ≥ 8 is even and 2 ≤ d₁ ≤ ⌈N/4⌉.

On the Security of Chaos Based “True” Random Number Generators

This paper deals with the security of chaos-based “true” random number generators (RNG)s. An attack method is proposed to analyze the security weaknesses of chaos-based RNGs and its convergence is proved using a master slave synchronization scheme. Attack on a RNG based on a double-scroll attractor is also presented as an example. All secret parameters of the RNG are revealed where the only information available is the structure of the RNG and a scalar time series observed from the double-scroll attractor. Simulation and numerical results of the proposed attack method are given such that the RNG doesn't fulfill NIST-800-22 statistical test suite, not only the next bit but also the same output bit stream of the RNG can be reproduced.

Rate-Distortion Bounds for ε-Insensitive Distortion Measures

Explicit evaluation of the rate-distortion function has rarely been achieved when it is strictly greater than its Shannon lower bound since it requires to identify the support of the optimal reconstruction distribution. In this paper, we consider the rate-distortion function for the distortion measure defined by an ε-insensitive loss function. We first present the Shannon lower bound applicable to any source distribution with finite differential entropy. Then, focusing on the Laplacian and Gaussian sources, we prove that the rate-distortion functions of these sources are strictly greater than their Shannon lower bounds and obtain upper bounds for the rate-distortion functions. Small distortion limit and numerical evaluation of the bounds suggest that the Shannon lower bound provides a good approximation to the rate-distortion function for the ε-insensitive distortion measure. By using the derived bounds, we examine the performance of a scalar quantizer. Furthermore, we discuss variants and extensions of the ε-insensitive distortion measure and obtain lower and upper bounds for the rate-distortion function.

Channel Estimation and Performance Evaluation over Ricean Fading for Multiple-Antenna RF Beamforming

In this paper we propose the RF domain beamforming (BF) scheme with a single analog-to-digital/digital-to-analog converters (ADC/DAC) to reduce the power consumption of the chipset for the application to mm-wave WPAN systems and THz communication systems. We also propose the codebook search algorithm for the estimation of the channel state information (CSI) which is a bottleneck to implement the RF BF. Our simulation results show that the deterioration of bit error rate (BER) performance of our proposed design compared to the optimal baseband BF techniques [1], [2] is not significant, while the power consumption and the process time is much reduced.

Secure and Efficient Time Synchronization for Border Surveillance Wireless Sensor Networks

Time synchronization is of paramount importance in wireless sensor networks (WSNs) due to the inherent distributed characteristics of WSNs. Border surveillance WSNs, especially, require a highly secure and accurate time synchronization scheme to detect and track intruders. In this paper, we propose a Secure and Efficient Time synchronization scheme for Border surveillance WSNs (SETB) which meets the requirements of border surveillance WSNs while minimizing the resource usage. To accomplish this goal, we first define the performance and security requirements for time synchronization in border surveillance WSNs in detail. Then, we build our time synchronization scheme optimized for these requirements. By utilizing both heterogeneous WSNs and one-way key chains, SETB satisfies the requirements with much less overhead than existing schemes. Additionally, we introduce on-demand time synchronization, which implies that time synchronization is conducted only when an intruder enters the WSN, in order to reduce energy consumption. Finally, we propose a method of deploying time-source nodes to keep the synchronization error within the requirement. Our analysis shows that SETB not only satisfies the performance and security requirements, but also is highly efficient in terms of communication and computation overhead, thus minimizing energy consumption.

Improved Semi-Supervised NMF Based Real-Time Capable Speech Enhancement

Nonnegative matrix factorization (NMF) is one of the most popular tools for speech enhancement. In this letter, we present an improved semi-supervised NMF (ISNMF)-based speech enhancement algorithm combining techniques of noise estimation and Incremental NMF (INMF). In this approach, fixed speech bases are obtained from training samples offline in advance while noise bases are trained on-the-fly whenever new noisy frame arrives. The INMF algorithm is adopted for noise bases learning because it can overcome the difficulties that conventional NMF confronts in online processing. The proposed algorithm is real-time capable in the sense that it processes the time frames of the noisy speech one by one and the computational complexity is feasible. Four different objective evaluation measures at various signal-to-noise ratio (SNR) levels demonstrate the superiority of the proposed method over traditional semi-supervised NMF (SNMF) and well-known robust principal component analysis (RPCA) algorithm.

A Speech Enhancement Algorithm Based on Blind Signal Cancelation in Diffuse Noise Environments

This letter describes a speech enhancement algorithm for stereo signals corrupted by diffuse noise. It estimates the noise signal and also a beamformed target signal based on blind target signal cancelation derived from sparsity minimization. Enhanced target speech is obtained by Wiener filtering using both the signals. Experimental results demonstrate the effectiveness of the proposed method.

On Recursive Representation of Optimum Projection Matrix

In this letter, we show the recursive representation of the optimum projection matrix. The recursive representation of the orthogonal projection and oblique projection have been done in past references. These projections are optimum when the noise is only characterized by the white noise or the structured noise. However, in some practical applications, a desired signal is deteriorated by both the white noise and structured noise. In this situation, the optimum projection matrix has been given by Behrens. For this projection matrix, the recursive representation has not been done. Therefore, in this letter, we propose the recursive representation of this projection matrix.