In recent years, the maritime industry has actively proceeded with research and development on technologies related to maritime autonomous surface ships (MASS) and their remote operation systems. Demonstrations of these technologies have been carried out using actual vessels. At the same time, individual technological elements related to MASS have also been developed. Among these technological advances, those associated with cyber security are of particular importance. This paper investigates the use of 'LTE over IP' which is designed to ensure secure communication by enabling LTE technology for mobile phones to be used in IP networks. The authors examined how the use of 'LTE over IP' affects the communication characteristics of a remote-control system.

抄録全体を表示

Road safety and traffic efficiency are two important applications of a Vehicular Ad-hoc Network (VANET). In VANET, safety and emergency messages are broadcasted to all vehicles in a risk zone before the validity of the message expires. Emergency and safety-related communications have a very strict real-time requirement of 100ms latency from an originating host’s application layer to destination host’s application layer and a Packet Delivery Ratio (PDR) of 90% and above. Due to one-to-many nature of these emergency messages, public-key encryptions may not be employed. Furthermore, vehicles on the road have no constant access to the Roadside infrastructure. Thus, access to a Public-key Infrastructure or a Certificate Authority is not always guaranteed. Exploiting this weakness, any attacker with malicious intention can broadcast falsified emergency messages with spoofed identity to disrupt the normal operation. They may also do in order to launch a terror-like attack. Since the identity of the originating malicious vehicle cannot be established, it is not possible to take any legal action against the owner of these vehicles. In this paper, we propose a smart digital certificate mechanism using a modified threshold cryptography scheme, that we call it as a pseudo-identity based encryption to identify the origin of every emergency message. Since the keys are not forgeable, any such malicious activities are immediately known to the receiving host vehicles and vehicle registration authorities, thus facilitating legal action. The main advantage of our proposed scheme is that it can work without constant access to a Public-key Infrastructure or a Certificate Authority. Our scheme satisfies the identical security requirements as that of the underlying public-key cryptography and incurs the same memory and run-time complexity. The proposed scheme can also be implemented in a Mobile Ad hoc environment or a distributed environment, where source authentication is an important factor, and there is no constant access to the backbone of the network.

抄録全体を表示

TPM-embedded devices can be used as authentication tokens by issuing certificates to signing keys generated by TPM. TPM generates Attestation Identity Key (AIK) and Binding Key (BK) that are RSA keys. AIK is used to identify TPM. BK is used to encrypt data so that specific TPM can decrypt it. TPM can use for device authentication by linking a SSL client certificate to TPM. This paper proposes a method of an AIK certificate issuance with OpenID and a method of the SSL client certificate issuance to specific TPM using AIK and BK. In addition, the paper shows how to implement device authentication system using the SSL client certificate related to TPM.

抄録全体を表示

組込み機器の中で最も厳しい要求があると言われる医療機器のセキュリティに焦点をあてる．小型医療機器・センサからなる組込み機器群とそのデータ集積を行う携帯端末からなるポータブルな集団健診サービスの経験をもとに，医療機器セキュリティの現状を説明する．そして，医療機器を中心とした組込み機器のIoT（Internet of Things）化が進むと言われているが，このIoT 化を前提としたサイバーセキュリティの要求仕様を検討する．

抄録全体を表示

Establishment of a practical software protection method is a major issue in software distribution. There are several approaches to the issue; however, no practical, secure method for mobile phone applications has been proposed. In this paper, we propose a new software protection scheme combined with a tamper-proof device (TPD) in order to achieve computational security against illegal analysis and copying of the target program. Our scheme achieves a reasonable level of security for encoding the data and variables in a program. The program on a mobile phone deals only with encoded data that is difficult to compromise, and the TPD plays a role of decoding execution results. We implemented the proposed scheme on a 3G mobile phone and a user identification module (UIM). An analysis and copying of the protected program impose exponential computation complexities under our attack model.

抄録全体を表示

Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and

(TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.

抄録全体を表示

Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g., trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient when addressing the more general notion of trust needed when reasoning about security in ICT systems. Furthermore, their purpose is not to elaborate on the security mechanisms used to substantiate trust assumptions and thus they do not support reasoning about security in ICT systems. In this paper, a formal notion of trust is presented that expresses trust requirements from the view of different entities involved in the system and that enables to relate, in a step-by-step process, high level security requirements to those trust assumptions that cannot be further substantiated by security mechanisms, thus supporting formal reasoning about system security properties. Integrated in the Security Modeling Framework SeMF this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties with respect to trust.

抄録全体を表示

Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g., trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient when addressing the more general notion of trust needed when reasoning about security in ICT systems. Furthermore, their purpose is not to elaborate on the security mechanisms used to substantiate trust assumptions and thus they do not support reasoning about security in ICT systems. In this paper, a formal notion of trust is presented that expresses trust requirements from the view of different entities involved in the system and that enables to relate, in a step-by-step process, high level security requirements to those trust assumptions that cannot be further substantiated by security mechanisms, thus supporting formal reasoning about system security properties. Integrated in the Security Modeling Framework SeMF this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties with respect to trust.

抄録全体を表示

We propose and implement a cloud architecture of virtual Trusted Platform Modules (TPMs) to improve the usability of TPMs. In this architecture, virtual TPMs can be obtained from the TPM cloud on demand. Hence, the TPM functionality is available for applications that do not have physical TPMs in their local platforms. Moreover, the TPM cloud allows users to access their keys and data in the same virtual TPM even if they move to untrusted platforms. The TPM cloud is easy to access for applications in different languages since cloud computing delivers services in standard protocols. The functionality of the TPM cloud is demonstrated by applying it to implement the Needham-Schroeder public-key protocol for web authentications, such that the strong security provided by TPMs is integrated into high level applications. The chain of trust based on the TPM cloud is discussed and the security properties of the virtual TPMs in the cloud is analyzed.

抄録全体を表示

Previous inter-domain fast authentication schemes only realize the authentication of user identity. We propose a trusted inter-domain fast authentication scheme based on the split mechanism network. The proposed scheme can realize proof of identity and integrity verification of the platform as well as proof of the user identity. In our scheme, when the mobile terminal moves to a new domain, the visited domain directly authenticates the mobile terminal using the ticket issued by the home domain rather than authenticating it through its home domain. We demonstrate that the proposed scheme is highly effective and more secure than contemporary inter-domain fast authentication schemes.

抄録全体を表示

Trusted network access protocols are proposed for the security and authorization of network-access requests. Because they differ greatly from traditional security protocols on security demands, they can not be analyzed with previous strand space works directly. To solve this problem, we first give some extensions necessary to verify them in this letter. Moreover, we point out Zhuo Ma et al.'s MN-TAP protocol is unsecure based on the Strand Space Model (SSM), and then improve the MN-TAP protocol and show that the improved MN-TAP protocol is secure in the SSM.

抄録全体を表示

This article describes the idea of utilizing Attested Execution Secure Processors (AESPs) that fit into building a secure Self-Sovereign Identity (SSI) system satisfying Sybil-resistance under permissionless blockchains. Today's circumstances requiring people to be more online have encouraged us to address digital identity preserving privacy. There is a momentum of research addressing SSI, and many researchers approach blockchain technology as a foundation. SSI brings natural persons various benefits such as owning controls; on the other side, digital identity systems in the real world require Sybil-resistance to comply with Anti-Money-Laundering (AML) and other needs. The main idea in our proposal is to utilize AESPs for three reasons: first is the use of attested execution capability along with tamper-resistance, which is a strong assumption; second is powerfulness and flexibility, allowing various open-source programs to be executed within a secure enclave, and the third is that equipping hardware-assisted security in mobile devices has become a norm. Rafael Pass et al.'s formal abstraction of AESPs and the ideal functionality Gatt enable us to formulate how hardware-assisted security works for secure digital identity systems preserving privacy under permissionless blockchains mathematically. Our proposal of the AESP-based SSI architecture and system protocols, Π^Gatt, demonstrates the advantages of building a proper SSI system that satisfies the Sybil-resistant requirement. The protocols may eliminate the online distributed committee assumed in other research, such as CanDID, because of assuming AESPs; thus, Π^Gatt allows not to rely on multi-party computation (MPC), bringing drastic flexibility and efficiency compared with the existing SSI systems.

抄録全体を表示

In this study, the properties of physical unclonable functions (PUFs) for 28-nm process field-programmable gate arrays (FPGAs) are examined. A PUF is a circuit that generates device-specific IDs by extracting device variations. Owing to device variation, no two PUFs will generate the same ID even if they have identical structures and are manufactured on the same silicon wafer. However, because the influence of device variation increases as the size of the process node shrinks, it is uncertain whether PUFs can be built using recently developed small-scale process nodes, even though the technology of variation control is constantly advancing. While many PUFs using 40-nm or larger process nodes have been reported, smaller devices have not yet been studied to the authors' knowledge, and this is the first published journal article on PUFs for 28-nm process FPGAs. In this paper, within-die reproducibility, die-to-die uniqueness, and other properties are evaluated, and the feasibility of PUFs on 28-nm FPGAs is discussed.

抄録全体を表示

As there are no security mechanisms in the vehicle controller area network (CAN) protocol, it is easy to inject fake packets, codes and electric control units (ECUs) in the CAN to hijack vehicle control. Security countermeasures for both the CAN and the ECU are urgently required to improve driving safety. In this paper, we propose in-vehicle network securities using the hardware secure elements as follows: (i) secure boot of ECU, (ii) authentication of an ECU, (iii) authentication of a CAN packet, and (iv) cipher key exchange procedures from a master ECU to slave ECUs. The security algorithms are implemented in a subscriber identity module card (SIM) embedded in the master ECU's board and in a hardware security module (HSM) embedded in a slave ECU. The SIM generates and distributes cipher keys to the authenticated HSM. Then, the HSM generates a media authentication code (MAC) for the CAN packet by using the cipher keys.

抄録全体を表示

Electromagnetic (EM) radiation from information hardware under normal operating conditions can compromise secret information (EM information leakage), for example, operations or processed data contained in the hardware. Methods for analyzing EM radiation with the intention of extracting secret information have been proposed, and EM side-channel attacks on cryptographic hardware are a major concern. This paper investigates how EM information leakage changes with the configuration of information hardware, focusing on the frequency characteristics of the hardware. We assume that frequency characteristics of the EM radiation correspond to physical aspects of the hardware configuration. To address the issue of information leakage, this paper presents a novel analysis of EM radiation from information hardware by using a model circuit board. Through this model we show that the intensity of EM emission can be related to the layout of the hardware.

抄録全体を表示

Trusted Network Connect provides the functionality of the platform authentication and integrity verification which is crucial for enhancing the security of authentication protocols. However, applying this functionality directly to concrete authentications is susceptible to unknown attacks and efficiency degradation. In this paper, we propose TWMAP, a novel authentication protocol for WLAN Mesh networks in a trusted environment which completed the platform authentication and integrity verification during the user authentication. And, the Schnorr asymmetric signature scheme is utilized to reduce the overhead of the client. The security properties of the new protocol are examined using the Universally Composable Security model. The analytic comparisons and simulation results show that the new protocol is very efficient in both computing and communication costs.

抄録全体を表示

Cloud computing is broadly recognized as as the prevalent trend in IT. However, in cloud computing mode, customers lose the direct control of their data and applications hosted by the cloud providers, which leads to the trustworthiness issue of the cloud providers, hindering the widespread use of cloud computing. This paper proposes a trustworthiness verification and audit mechanism on cloud providers called T-YUN. It introduces a trusted third party to cyclically attest the remote clouds, which are instrumented with the trusted chain covering the whole architecture stack. According to the main operations of the clouds, remote verification protocols are also proposed in T-YUN, with a dedicated key management scheme. This paper also implements a proof-of-concept emulator to validate the effectiveness and performance overhead of T-YUN. The experimental results show that T-YUN is effective and the extra overhead incurred by it is acceptable.

抄録全体を表示

The Internet of Things (IoT) implicates an infrastructure that creates new value by connecting everything with communication networks, and its construction is rapidly progressing in anticipation of its great potential. Enhancing the security of IoT is an essential requirement for supporting IoT. For ensuring IoT security, it is desirable to create a situation that even a terminal component device with many restrictions in computing power and energy capacity can easily verify other devices and data and communicate securely by the use of public key cryptography. To concretely achieve the big goal of penetrating public key cryptographic technology to most IoT end devices, we elaborated the secure cryptographic unit (SCU) built in a low-end microcontroller chip. The SCU comprises a hardware cryptographic engine and a built-in access controlling functionality consisting of a software gate and hardware gate. This paper describes the outline of our SCU construction technology's research and development and prospects.

抄録全体を表示