Akira Kanaoka

Secure and Anonymous Communication Technique: Formal Model and Its Prototype Implementation

Both anonymity and end-to-end encryption are recognized as important properties in privacy-preserving communication. However, secure and anonymous communication protocol that requires both anonymity and end-to-end encryption cannot be realized through a simple combination of current anonymous communication protocols and public key infrastructure (PKI). Indeed, the current PKI contradicts anonymity because the certificate for a users public key identifies the user. Moreover, we believe that anonymous communication channels should have certain authentication mechanisms because such a channel could incubate criminal communication. To cope with this issue, we propose a secure and anonymous communication protocol by employing identity-based encryption for encrypting packets without sacrificing anonymity, and group signature for anonymous user authentication. Communication occurs in the protocol through proxy entities that conceal user IP addresses from service providers (SPs). We also introduce a proof-of-concept implementation to demonstrate the protocols feasibility and analyze its performance. Finally, we conclude that the protocol realizes secure and anonymous communications between users and SPs with practical performance.

Toward Practical Searchable Symmetric Encryption

Searchable symmetric encryption is a good building block toward ensuring privacy preserving keyword searches in a cloud computing environment. This area has recently attracted a great deal of attention and a large quantity of research has been conducted. A security protocol generally faces a trade-off between security/privacy requirements and efficiency. Existing works aim to achieve the highest levels of security requirements, so they also come with high overhead. In this paper, we reconsider the security/privacy requirements for searchable symmetric encryption and relax the requirements for practical use. Then, we propose schemes suitable for the new requirements. We also show experimental results of our schemes and comparison to existing schemes. The results show that the index sizes of our proposals are only a few times of that of a Lucene (without encryption). In document update, our proposal requests additional index which depends only on the size of new document.

Privacy Preserved Rule-Based Risk Analysis through Secure Multi-party Computation

Network systems are becoming the core components of technical information infrastructures. The protection of network systems from malicious attacks is an urgent priority in our society. However, considering that all security threats are very complicated, easily missed, and error-prone, dealing with network vulnerabilities has brought about enormous challenges to network management. Therefore, one reasonable solution for a risk analysis is delegating an analysis of a network system to third parties that have more professional knowledge regarding a risk analysis. Highly confidential data such as the network configuration and vulnerabilities, as well as each hosts, are needed when delegating a risk analysis to a third party. Such confidential data may cause information leakage if no protection is provided. In this paper, we proposed a risk analysis system based on a rule-based risk analysis method. The prototype system was developed using Fairplay MP, a secure multi-party computation system, and was evaluated for a small network environment.

A KEM/DEM-Based Construction for Secure and Anonymous Communication

Public key infrastructure has been widely used, but its certificate must be removed when a corresponding public key is sent via an anonymous communication channel in order to maintain anonymity. It is because the certificate contains information of the key holder, and that contradicts anonymity. A secure and anonymous communication protocol was proposed to address this issue, where end-to-end encryption and anonymous authentication are achieved simultaneously. It applies identity-based encryption (IBE) for packet encryption. However, because IBE requires heavy pairing computations, this protocol is inefficient and approximately 20 times slower than that of SSL communications. In this paper, we propose a more efficient, secure, and anonymous communication protocol, which achieves the same security level as the IBE-based protocol does. The protocol is exempted from pairing computation for establishing a secure channel by applying hybrid encryption instead of IBE. We implement the protocol and show that it is more efficient (overall approximately 1.2 times faster) than the IBE-based protocol. In particular, the decryption algorithm of our protocol is several hundred times faster than that of the IBE-based protocol.

Construction of a Multi-domain Functional Encryption System on Functional Information Infrastructure

Identity-based encryption (IBE) and cryptographic systems based on IBE, timed-release encryption (TRE), attribute-based encryption (ABE), and functional encryption (FE), use information that identify individuals or groups (e.g., identities, attributes) for encryption and decryption. One significant advantage of FE is the fact that identity and attributes management leads to key management. If an infrastructure for managing identity and attributes existed, we could encrypt a message with identity and attributes (Functional Information, FI) for FE on it. With an infrastructure for FE, we can utilize existing FEs issued for FE and reduce the cost of issuing/managing a new FI only for FE. That is, we could regard FE as a service on the infrastructures in order to delegate management of FI to it. For PKG, a conventional IBE player, we propose a framework that divides it into three entities to enable it to correspond with complex FE systems that federate each function among several FE systems. We also examine use cases in which there are more than one instances of each entity in the same domain, and domain-use cases in which each entity coexists under multi-domain, and apply them to multiple FE systems among different domains. Consequently, we discover challenges that are not described in RFC 5408, also referred to as standardization scalability. On the basis of the use cases, to examine the management of these multi-domains, we develop ABE systems on ID management infrastructure with open protocols for authentication/authorization (OAuth and OpenID Connect) and demonstrate the feasibility of the framework in FE.

A Device for Transparent Probabilistic Packet Marking

Probabilistic Packet Marking (PPM) is known to be one of the better defence methods against Denial of Service (DoS) attacks. However, most of the routers in the Internet are not yet ready for PPM. Before a new router that has the PPM function can be deployed, several challenges such as cost, operation, and availability must first be resolved. In this paper, we propose a device for transparent PPM that makes the target router PPM-capable. The device does not change the existing configuration of the router nor do existing routers have to be replaced. We implemented and evaluated our proposed device on Linux with excellent results.

Key-Updatable Public-Key Encryption with Keyword Search: Models and Generic Constructions

Public-key encryption with keyword search (PEKS) enables us to search over encrypted data, and is expected to be used between a cloud server and users’ devices such as laptops or smartphones. However, those devices might be lost accidentally or be stolen. In this paper, we deal with such a key-exposure problem on PEKS, and introduce a concept of PEKS with key-updating functionality, which we call key-updatable PEKS (KU-PEKS). Specifically, we propose two models of KU-PEKS: The key-evolution model and the key-insulation model. In the key-evolution model, a pair of public and secret keys can be updated if needed (e.g., the secret key is exposed). In the key-insulation model, a public key remains fixed while a secret key can be updated if needed. The former model makes a construction simple and more efficient than the latter model. On the other hand, the latter model is preferable for practical use since a user never updates his/her public key. We show constructions of a KU-PEKS scheme in each model in a black-box manner. We also give an experimental result for the most efficient instantiation, and show our proposal is practical.

Establishing secure and anonymous communication channel: KEM/DEM-based construction and its implementation

Abstract Several cryptographic tools provide anonymity in a cryptographic sense, but solely using such a tool does not guarantee anonymity; for example, even if the underlying cryptographic primitives enable anonymity in some sense, a communication system using these tools may reveal the senders’ IP address. Moreover, since a certificate of public key infrastructure contains information of a key holder, and that contradicts anonymity of the key holder, the certificate must be removed. Therefore, it seems difficult to check the validity of the public key in an anonymous environment. That is, constructing a secure and anonymous communication protocol, where end-to-end encryption and anonymous authentication are achieved simultaneously, is an important issue to be solved. In ACM SAC 2014 (and IEEE Trans. Emerging Topics Comput. 2016), such a protocol was proposed, where it applies identity-based encryption (IBE) for packet encryption without contradicting anonymity. However, this protocol is inefficient and approximately 20 times slower than that of SSL communications because IBE requires heavy cryptographic pairing computations. In this paper, we propose a more efficient, secure, and anonymous communication protocol, which achieves the same security level as the IBE-based protocol does. The protocol is exempted from pairing computation for establishing a secure channel by applying hybrid encryption instead of IBE. We implement the protocol and show that it is more efficient (overall approximately 1.2 times faster) than the IBE-based protocol. In particular, the decryption algorithm of our protocol is several hundred times faster than that of the IBE-based protocol. In our protocol, we employ the ElGamal KEM scheme and 128-bit AES as the underlying KEM and DEM schemes, respectively, and we have used the TEPLA library for the prototype implementation.

Efficient Secure Arithmetic on Floating Point Numbers

Technology called cloud computing entrusts a huge amount of information processing that can not be done sufficiently with only its own computing resources by connecting internal and external computing resources. By using a method called secure computation, it is also possible to perform calculation processing while keeping the data concealed. In order to practically use secure computation, it is desirable that there is no load equal to or greater than the usual calculation processing time, independent of the data type to be handled. The data types dealt with in the existing secure computation studies are mainly integers, especially arithmetics on finite fields. But when using actual data such as statistics and geographic information, it is difficult to calculate them with integer arithmetic. Recently secure computation studies dealing with real numbers has increased. In this paper, based on Aliasgari’s method that achieve secure computation on floating point which can obtain sufficient precision, performance improvement of the methods is proposed and evaluated. As a result, improvement of performance is shown.

A Secure Genetic Algorithm for the Subset Cover Problem and Its Application to Privacy Protection

We propose a method for applying genetic algorithms to confidential data. Genetic algorithms are a well-known tool for finding approximate solutions to various optimization and searching problems. More specifically, we present a secure solution for solving the subset cover problem which is formulated by a binary integer linear programming (BIP) problem (i.e. a linear programming problem, where the solution is expected to be a 0-1 vector). Our solution is based on secure multi-party computation. We give a privacy definition inspired from semantic security definitions and show how a secure computation system based on secret sharing satisfies this definition. Our solution also achieves security against timing attacks, as the execution of the secure algorithm on two different inputs is indistinguishable to the observer. We implement and benchmark our solution on the SHAREMIND secure computation system. Performance tests show that our privacy-preserving implementation achieves a 99.32% precision within 6.5 seconds on a BIP problem of moderate size. As an application of our algorithm, we consider the problem of securely outsourcing risk assessment of an end user computer environment.