Kanta Matsuura

Selective minimum-norm solution of the biomagnetic inverse problem

A new multidipole estimation method which gives a sparse solution of the biomagnetic inverse problem is proposed. This solution is extracted from the basic feasible solutions of linearly independent data equations. These feasible solutions are obtained by selecting exactly as many dipole-moments as the number of magnetic sensors. By changing the selection, the authors search for the minimum-norm vector of selected moments. As a result, a practically sparse solution is obtained; computer-simulated solutions for L/sub p/-norm (p=2, 1, 0.5, 0.2) have a small number of significant moments around the real source-dipoles. In particular, the solution for L/sub 1/-norm is equivalent to the minimum-L/sub 1/-norm solution of the original inverse problem. This solution can be uniquely computed by using linear programming.<<ETX>>

Proxy signatures secure against proxy key exposure

We provide an enhanced security model for proxy signatures that captures a more realistic set of attacks than previous models of Boldyreva et al. and of Malkin et al.. Our model is motivated by concrete attacks on existing schemes in scenarios in which proxy signatures are likely to be used. We provide a generic construction for proxy signatures secure in our enhanced model using sequential aggregate signatures; our construction provides a benchmark by which future specific constructions may be judged. Finally, we consider the extension of our model and constructions to the identity-based setting.

An algorithm for solving the LPN problem and its application to security evaluation of the HB protocols for RFID authentication

An algorithm for solving the “learning parity with noise” (LPN) problem is proposed and analyzed. The algorithm originates from the recently proposed advanced fast correlation attacks, and it employs the concepts of decimation, linear combining, hypothesizing and minimum distance decoding. However, as opposed to fast correlation attacks, no preprocessing phase is allowed for the LPN problem. The proposed algorithm appears as more powerful than the best one previously reported known as the BKW algorithm proposed by Blum, Kalai and Wasserman. In fact the BKW algorithm is shown to be a special instance of the proposed algorithm, but without optimized parameters. An improved security evaluation, assuming the passive attacks, of Hopper and Blum HB and HB+ protocols for radio-frequency identification (RFID) authentication is then developed. Employing the proposed algorithm, the security of the HB protocols is reevaluated, implying that the previously reported security margins appear as overestimated.

A robust reconstruction of sparse biomagnetic sources

Inequality constraints are introduced to a normalized minimum-L/sub 1/-norm estimator, which gives a sparse solution of the biomagnetic inverse problem. The constraints have a numeric tolerance to take into account the measurement ambiguity caused by noise. Computer simulation and phantom-data analysis show how the solution is improved by the constraints with a moderate tolerance; the improvement is examined in noisy conditions such that signal-to-noise ratios (SNRs) are lower than 10 dB.

Lightweight Asymmetric Privacy-Preserving Authentication Protocols Secure against Active Attack

As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like radio frequency identification devices (RFID), without leaking any privacy information. In particular, the adversary may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose lightweight authentication protocols which are privacy-preserving against active attack. The protocols are based on a fast asymmetric encryption with novel simplification, which consequently can assign an easy work to pervasive devices. Besides, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system

Applying fujisaki-okamoto to identity-based encryption

The Fujisaki-Okamoto (FO) conversion is widely known to be able to generically convert a weak public key encryption scheme, say one-way against chosen plaintext attacks (OW-CPA), to a strong one, namely, indistinguishable against adaptive chosen ciphertext attacks (IND-CCA). It is not known that if the same holds for identity-based encryption (IBE) schemes, though many IBE and variant schemes are in fact specifically using the FO conversion. In this paper, we investigate this issue and confirm that the FO conversion is generically effective also in the IBE case. However, straightforward application of the FO conversion only leads to an IBE scheme with a loose (but polynomial) reduction. We then propose a simple modification to the FO conversion, which results in considerably more efficient security reduction.

Fingerprinting attack on the tor anonymity system

We present a novel way to implement a fingerprinting attack against Onion Routing anonymity systems such as Tor. Our attack is a realistic threat in the sense that it can be mounted by a single controller of entrance routers and furthermore require very few resources. The conventional fingerprinting attack based on incoming traffic does not work straightforwardly against Tor due to its multiplex and quantized nature of traffic. By contrast, our novel attack can degrade Tors anonymity by a metric based on both incoming and outgoing packets. In addition, our method keeps the fingerprinting attacks advantage of being realistic in terms of the few required resources. Regarding evaluation, the effectiveness of our method is discussed in a comprehensive manner: experimentally and theoretically. In order to enhance further studies and show the significance of our idea, we also discuss methods for defending against our attack and other applications of our idea.

Efficient generic constructions of signcryption with insider security in the multi-user setting

Signcryption is a primitive which provides the combined security properties of encryption and digital signatures i.e. confidentiality and unforgeability. A number of signcryption schemes have been presented in the literature, but up until now, no scheme which simultaneously achieves the currently strongest notions of insider confidentiality and strong insider unforgeability in the multi-user setting, has been proposed, without relying on random oracles or key registration. In this paper, we propose two new generic constructions of signcryption schemes from the combination of standard primitives and simple extensions of these. From our constructions, we instantiate a number of concrete and efficient signcryption schemes which satisfy the strongest notions of insider security in the multi-user setting while still being provably secure in the standard model.

An efficient convertible undeniable signature scheme with delegatable verification

Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damgard, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verification token, either for individual signatures or for all signatures universally. In addition, the signer is able to delegate the ability to prove validity and convert signatures to a semi-trusted third party by providing a verification key. While the latter functionality is implemented by the early convertible undeniable signature schemes, most recent schemes do not consider this despite its practical appeal. In this paper we present an updated definition and security model for schemes allowing delegation, and highlight a new essential security property, token soundness, which is not formally treated in the previous security models for convertible undeniable signatures. We then propose a new convertible undeniable signature scheme. The scheme allows delegation of verification and is provably secure in the standard model assuming the computational co-Diffie-Hellman problem, a closely related problem, and the decisional linear problem are hard. Our scheme is, to the best of our knowledge, the currently most efficient convertible undeniable signature scheme which provably fulfills all security requirements in the standard model.

Enhancing the Resistence of a Provably Secure Key Agreement Protocol to a Denial-of-Service Attack

In this manuscript, two key agreement protocols which are resistant to a denial-of-service attack are constructed from a key agreement protocol in [9] provably secure against passive and active attacks. The denial-of-service attack considered is the resource-exhaustion attack on a responder. By the resource-exhaustion attack, a malicious initiator executes a key agreement protocol simultaneously as many times as possible to exhaust the responder’s resources and to disturb executions of it between honest initiators and the responder. The resources are the storage and the CPU. The proposed protocols are the first protocols resistant to both the storage-exhaustion attack and the CPU-exhaustion attack. The techniques used in the construction are stateless connection, weak key confirmation, and enforcement of heavy computation. The stateless connection is effective to enhancing the resistance to the storage-exhaustion attack. The weak key confirmation and the enforcement of heavy computation are effective to enhancing the resistance to the CPU-exhaustion attack.