Privacy violations via spy cameras are becoming increasingly serious. With the recent advent of various smart home IoT devices, such as smart TVs and robot vacuum cleaners, spycam attacks that steal users' information are being carried out in more unpredictable ways. In this paper, we introduce a new spycam attack on a mobile WebVR environment. It is performed by a web attacker who maliciously accesses the back-facing cameras of victims' mobile devices while they are browsing the attacker's WebVR site. This has the power to allow the attacker to capture victims' surroundings even at the desired field of view through sophisticated content placement in VR scenes, resulting in serious privacy breaches for mobile VR users. In this letter, we introduce a new threat facing mobile VR and show that it practically works with major browsers in a stealthy manner.

ICT development progresses, and many cryptographic algorithms are used. The most of cryptographic algorithms require assumptions to guarantee their security, but it is sometimes not clearly written. This causes many problems. This paper shows previous cases, and suggests to concede cryptographers and system developer each other from an industrial cryptographers viewpoint.

This research focuses on the U.S. Department of Justice’s investigation and

prosecution of unauthorized disclosures of government information to the

media. Based on a review of 21 cases, the research shows trends in the frequency

of prosecutions.

　　The investigations and prosecutions by the U.S. Department of Justice

（DOJ） and the Federal Bureau of Investigation （FBI） with regard to leaks

have gone through some transition. In the 20th century, only four cases were

prosecuted. However, the situation has completely changed in this century.

Under the Obama administration, there were eight charges against alleged

leakers between 2009 and 2013. On the other hand, no such charges were filed

from October 2013 to September 2016. Despite President Trump’s pledge for

more prosecutions, there have only been five cases since his inauguration. This

has occurred notwithstanding the frequency of leaks being about to “explode.”

　　Several factors contribute to this volatility. Among these factors are the

DOJ and FBI’s internal codes or norms with which the investigators and prosecutors

must comply.

　　For example, between 2005 and 2006, the normal constraints were relaxed,

both in terms of investigative procedures with regard to the news media and

the scope of the interpretation of the substantive law, such as the Espionage

Act. As a result, the frequency of prosecutions increased between 2009 and

2013.

　　However, between 2013 and 2015, the constraints of investigations against

the press strengthened significantly under the direction of President Obama.

Therefore there was “downtime” between 2013 and 2016.

　　The DOJ serving under the Trump administration announced in 2017 that

it was reviewing policies affecting media subpoenas. The announcement can be

regarded as evidence of the fact that the change of the norms or internal codes

has played an important role in trends in the frequency of prosecutions.

2014年6月のイスラーム国（以下ISIS）のメディアへの華々しい登場以降、米国政治を規定する主要な要因の1つとして「恐怖心」がかつてない程の重要性を帯びてきている。本稿では政治心理学的な分析手法を援用しつつ、ISISが何よりも「テロ攻撃集団」としていかに「恐怖心」を醸成するための洗練された戦略を実践しているか、またそれが統計的には圧倒的に中東現地のムスリム一般住民を標的にしており、本来的にS.ハンティントン的な「西欧文明に敵対するイスラーム」という問題を内包していないにもかかわらず、米国エスタブリッシュメントによる他者への「恐怖心」によって如何に本質が曲解されて「ムスリム排斥」のような情緒的な政治主張に向かわせているかの契機を分析する。

筆者は論稿中でマキャベリから以降最近に至るまでの政治学関係の議論を渉猟しつつ、「恐怖心」をめぐる問題が「テロル」との関係においていかに扱われてきたかを再検討し、西欧のメディアにおける「テロ集団」としてのISISの登場が政治学的な観点から提起している問題の新しさと古さを跡付けようとする。同時に現在の米国社会を覆っているイスラモフォビアの情緒的反応についてもその淵源が古くかつ政治的に根深い問題から発していることを指摘している。

本論稿の分析は直接的にはISISによって政治的な雰囲気が大きく変容するなかで大統領選挙の年を迎えている米国の国内政治を扱うものであるが、ここでの議論は「アラブの春」以降のシリア危機に発する難民問題に直面している欧州（EU）や、2015年11月のパリのテロ多発事件以降緊迫した雰囲気に覆われているフランスの政治状況にも通底しており、その意味では偶々2014年にISISによって惹起されたとはいえそれ自体が自律的な展開の契機を内包する現代社会の政治的な抑圧的システムのグローバルな拡大と拡散に警鐘を鳴らそうとするものである。

（文責・鈴木均）

The growing threat of Hardware Trojans (HT) in the System-on-Chips (SoC) industry has given way to the embedded systems researchers to propose a series of detection methodologies to identify and detect the presence of Trojan circuits or logics inside a host design in the various stages of the chip design and manufacturing process. Many state of the art works propose different techniques for HT detection among which the popular choice remains the Side-Channel Analysis (SCA) based methods that perform differential analysis targeting the difference in consumption of power, change in electromagnetic emanation or the delay in propagation of logic in various paths of the circuit. Even though the effectiveness of these methods are well established, the evaluation is carried out on simplistic models such as AES coprocessors and the analytical approaches used for these methods are limited by some statistical metrics such as direct comparison of EM traces or the T-test coefficients. In this paper, we propose two new detection methodologies based on Machine Learning algorithms. The first method consists in applying the supervised Machine Learning (ML) algorithms on raw EM traces for the classification and detection of HT. It offers a detection rate close to 90% and false negative smaller than 5%. In the second method, we propose an outlier/novelty algorithms based approach. This method combined with the T-test based signal processing technique, when compared with state-of-the-art, offers a better performance with a detection rate close to 100% and a false positive smaller than 1%. In different experiments, the false negative is nearly the same level than the false positive and for that reason the authors only show the false positive value on the results. We have evaluated the performance of our method on a complex target design: RISC-V generic processor. Three HTs with their corresponding sizes: 0.53%, 0.27% and 0.09% of the RISC-V processors are inserted for the experimentation. In this paper we provide elaborative details of our tests and experimental process for reproducibility. The experimental results show that the inserted HTs, though minimalistic, can be successfully detected using our new methodology.

In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services.