Motonori Nakamura

User-controlled Privacy Protection with Attribute-filter Mechanism for a Federated SSO Environment Using Shibboleth

Shibboleth is a well-known software package for web single sign-on (SSO) based on several federated identity standards, including the Organization for the Advancement of Structured Information Standards (OASIS) security assertion markup language (SAML) version 1.1 and 2.0. This paper describes uApprove.jp, a user consent acquisition system (UCAS) with an attribute-filter mechanism for a Shibboleth-based SSO system. uApprove.jp requests the users consent for the release of his/her personal information from an identity provider (IdP) to a service provider (SP) and allows him/her to determine which attributes will be sent. uApprove.jp is an extension of approve, a UCAS for Shibboleth. Our development is for universities participating in GakuNin (a Japanese academic federation), but it can be utilized in other Shibboleth-based federations.

Security analysis on public wireless internet service models

A new service model of public wireless Internet access, called autonomous distributed public wireless Internet access, is presented. In the service model any volunteer with broadband Internet access lines can provide his access points for public service without any fear of malicious use. A user of such service is assumed to have his own account on a authentication server at home in the Internet, and all the Internet access through any of those access points can be treated as if it is from the home. In this paper, we present how the autonomous distributed Internet access services can be securely provided with the combinations of two aspects: treatment of authentication transactions at access points and data path of communication transaction.

A protection method against massive error mails caused by sender spoofed spam mails

Wide spread of spam mails is one of the most serious problems on e-mail environment. Particularly, spam mails with a spoofed sender address should not be left alone, since they make the mail server corresponding to the spoofed address be overloaded with massive error mails generated by the spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the mail server against such massive error mails. This method introduces an additional mail server that mainly deals with the error mails in order to reduce the load of the original mail server. This method also provide a function that refuses error mails to these two mail servers to save the network and computer resources.

Priority control in receiving e-mails by giving a separate response to each DNS query

Delivering e-mails without unnecessary delay is one of the very important issues as the spread of e-mail service and its use become very common. But in case that a mail transfer agent (MTA) is heavily loaded by huge amount of mails sent to the MTA, not only the delay on mail delivery is inevitable but also managing the MTA service becomes difficult. Thus, a delivery method that treats legitimate mails with priority is requested. In this paper, we focus on the query to the domain name service (DNS) which is usually processed just before the mail transfer, and propose a new delivery method which separates legitimate mails from others according to the source IP address of the DNS query. That is, employing a crafted DNS server which responds to each DNS query with separate IP address, and wait for incoming mails at each address, we get a correspondence table between a DNS query and the incoming mail. And we also show that we can lead legitimate mails to the separated mail servers by dynamically changing the DNS response based on this table, and deliver them with short delay even in the case that others servers are loaded by many other mails

Analysis for Topological Properties of the Network Feeding Usenet News

Recently, many studies have reported that various kinds of real networks, such as WWW, the Internet, metabolic system, BtoB transactions and so on, have the scale-free properties in common. We focus on the network feeding Usenet news where a node represents a news server and a link between two nodes represents a connection on which the two news servers exchange their articles. First we generate the whole topology map approximately from path information of a number of Usenet news articles. Then we examine topological properties of the network; degree distribution, degree correlation, average distance, clustering coefficient and community structures. We also compare these properties with those of theoretical network models. The analysis shows that there strongly exist a scale-free and a small-world properties in the Usenet network. We also examine the community structure of this network and show that a small number of Usenet news servers that are highly contributive for article feeds forms the largest community and other servers tend to be categorized by their geographical locations