Atsuo Inomata

An anonymous on-demand position-based routing in mobile ad hoc networks

Due to the infrastructure-less, dynamic and broadcast nature of radio transmissions, communications in mobile ad hoc networks (MANETs) are susceptible to malicious traffic analysis. After traffic analysis, an attacker determines a target node and conducts an intensive attack against it, called target-oriented attack. The traffic analysis and the target-oriented attacks are known as quite severe problems in MANETs, including position-based routing protocols, with respect to the degradation of both throughput and security of the routing. Also position information of routing nodes is very sensitive data in MANETs where even nodes not knowing either other establish a network temporarily. Therefore we propose a new position-based routing protocol which keeps routing nodes anonymous, thereby preventing possible traffic analysis. To this end, a time variant temporary identifier temp ID is computed from time and position of a node and used for keeping the node anonymous. Only the position of a destination node is required for the route discovery, and temp ID is used for establishing the route for sending data: a receiver hand shake scheme is designed for determining the next hop on-demand with use of the temp ID. We evaluate the level of anonymity and performance of our scheme. The analysis shows that the proposed scheme ensures the anonymity of both route and nodes and the robustness against the target-oriented attack and several others. Also our scheme is applicable to networks with any density of nodes

Anonymous secure communication in wireless mobile ad-hoc networks

The main characteristic of a mobile ad-hoc network is its infrastructure-less, highly dynamic topology, which is subject to malicious traffic analysis. Malicious intermediate nodes in wireless mobile ad-hoc networks are a threat concerning security as well as anonymity of exchanged information. To protect anonymity and achieve security of nodes in mobile ad-hoc networks, an anonymous on-demand routing protocol, termed RIOMO, is proposed. For this purpose, pseudo IDs of the nodes are generated considering Pairing-based Cryptography. Nodes can generate their own pseudo IDs independently. As a result RIOMO reduces pseudo IDs maintenance costs. Only trust-worthy nodes are allowed to take part in routing to discover a route. To ensure trustiness each node has to make authentication to its neighbors through an anonymous authentication process. Thus RIOMO safely communicates between nodes without disclosing node identities; it also provides different desirable anonymous properties such as identity privacy, location privacy, route anonymity, and robustness against several attacks.

A proposal of short proxy signature using pairing

In this paper, we propose a new pairing-based proxy signature. Most remarkable point in our proposal is that our scheme realizes short signature. More concretely, the explicit proxy signature consists of only one parameter. This means that the size of signature is reduced to at least half-size compared to previous schemes. Amount of work for proxy signature generation is also small. Although some previous schemes such as Boneh-Lynn-Shacham (2001) or Hess (2002), need a special hash function, our scheme does not require such a function. This means that our scheme can use general hash function, e.g., SHA-1. To construct our scheme, we propose a new problem named the (extended) k-plus problem. We also propose a short signature scheme which has satisfactory properties from the point of efficiency.

Proposal and Evaluation of a Dynamic Resource Allocation Method Based on the Load of VMs on IaaS

Recently, Cloud computing has emerged as a new computing paradigm on the Internet. Cloud computing facilitates flexible and efficient computer resource management via virtualization technologies at anytime and from anywhere, so that users can add and/or delete IT resources. Users can set up and boot the required resources and they have to pay only for the required resources. However, they have to spend a considerable amount of time and money to design, set up, boot, and monitor their resources. Thus, in the future, providing a mechanism for efficient resource assignment and management will be an important objective of cloud computing. In this paper, we propose a dynamic resource allocation method based on the load of VMs on IaaS, abbreviated as DAIaS. This method enables users to dynamically add and/or delete one or more instances on the basis of the load and the conditions specified by the user. We implement a prototype to evaluate the effectiveness and efficiency of DAIaS. Furthermore, we perform an experiment to extract the prototype on a real cloud service, namely, Amazon EC2.

A novel mail filtering method against phishing

We focus on phishing in the mail filtering research. So we define a sender reliance cost by the DNS inquiry and the contents analysis. In this paper, we propose the method to estimate these costs quantitatively. In this proposed method, the cost which characteristics settle Phishing is obtained from the actual proof experiment and we show the Phishing filter calculated from a result of the experiment. Furthermore, we report about the prototype which implemented that mail filter as an extension of MTA, and show the validity of the proposed method from these actual outputted data.

Location-aware service discovery on IPv6 GeoNetworking for VANET

Service discovery is an essential component for applications in vehicular communication systems. While there have been numerous service discovery protocols dedicated to a local network, mobile ad-hoc networks and the Internet, in vehicular communication systems, applications pose additional requirements; They need to discover services according to geographical position. In this paper, we propose a location-aware service discovery mechanism for Vehicular Ad-hoc NETwork (VANET). The proposed mechanism exploits IPv6 multicast on top of IPv6 GeoNetworking specified by the GeoNet project. Thanks to the GeoBroadcast mechanism, it efficiently propagates service discovery messages to a subset of nodes inside a relevant geographical area with encapsulating IPv6 multicast packets. We implemented the mechanism using CarGeo6, an open source implementation of IPv6 GeoNetworking. Our real field evaluation shows the system can discover services with low latency and low bandwidth usage in VANETs.

Anonymous authentication and secure communication protocol for wireless mobile ad hoc networks

The main characteristic of a mobile ad hoc network (MANET) is its infrastructure-less, highly dynamic topology, which is subject to malicious traffic analysis. Malicious intermediate nodes in MANETs are a threat concerning security as well as anonymity of exchanged information. In this paper, we propose an anonymous on-demand routing protocol, called RINOMO, to protect anonymity and achieve security of nodes in MANETs. After successful authentication of the legitimate nodes in the network they can use their pseudo IDs for secure communication. Pseudo IDs of the nodes are generated considering pairing-based cryptography. Nodes can generate their pseudo IDs independently and dynamically without consulting with system administrator. As a result, RINOMO reduces pseudo IDs maintenance costs. Only trust-worthy nodes are allowed to take part in routing to discover a route. To ensure trustiness each node has to make authentication to its neighbors through the designed anonymous authentication process. Thus, RINOMO safely communicates between nodes without disclosing node identities. It also provides different desirable anonymous properties such as identity privacy, location privacy, route anonymity, and robustness against several attacks. Mathematical analysis of privacy loss is also evaluated and it shows there is no loss of privacy with respect to time. Thus, RINOMO is an anonymous robust protocol in MANETs. Copyright

Experimental Research on Personal Awareness and Behavior for Information Security Protection

A virus infection situation can be considered a kind of emergency or disaster. Although such a situation is an area applicable to psychology, there has not yet been any report of specific studies in this field. Furthermore, in the field of information security, even though an individual might intend to take protective action, it is an observable fact that many people do not actually do so. Research on individual behavior and decision making in a virus infection situation is important in developing information security protection. We implemented a virtual game based on collective intelligence to investigate experimentally the awareness that users with infected PCs have of information security. By analyzing the experiment data in combination with questionnaire results, we have investigated why many people do not take appropriate recovery action against virus infection, and also the personal profiles which indicate that people are likely to take such recovery action.

Session-wise private data exchange in eHealth peer-to-peer database management systems

In a peer-to-peer database management system(P2PDBMS) system, peers exchange data in a pair-wise fashion on-the-fly in response to a query without any centralized control. Generally, peers create a temporary session during data exchange. The data might be trapped and disclosed by the intruders while exchanged over an insecure communication network. As there is no centralized control for data exchange among peers, we cannot assume any central third party security infrastructure (e.g. PKI) to protect confidential data of an eHealth P2PDBMS. So far, there is currently no available/existing security protocol for secured data exchange in eHealth P2PDBMS. In this paper we propose a security protocol for data exchange in eHealth P2PDBMSs based on pairing-based cryptography and data exchange policy. The proposed protocol allows the peers to compute their secret session keys dynamically by computing pairing on elliptic curve based on the policies between them during data exchange. Our proposed protocol is robust against the man-in-the middle attack, the masquerade attack and the replay attack.

Implementation of ID-based signature in RFID system

Security in RFID systems is one of the active research topics due to the pervasive use of RFID in many areas. Security solution in RFID systems is said to be hard because of the limited computational and storage abilities of RFID tag. In our work, we attempt to protect the forgery of data stored in the tags by implementing the digital signature using pairing. We adopt the identity-based signature scheme based on pairing and make use of the tags UID as identity. We show the possibility of implementation of short signature in RFID tag, and the advantage of pairing based signature in RFID as well as the effectiveness of our application in protecting the tags against forgery.