Jun Kurihara

The traditional Domain Name System (DNS) lacks fundamental features of security and privacy in its design. As concerns of privacy increased on the Internet, security and privacy enhancements of DNS have been actively investigated and deployed. Specially for user's privacy in DNS queries, several relay-based anonymization schemes have been recently introduced, however, they are vulnerable to the collusion of a relay with a full-service resolver, i.e., identities of users cannot be hidden to the resolver. This paper introduces a new concept of a multiple-relay-based DNS for user anonymity in DNS queries, called the mutualized oblivious DNS ($\mu$ODNS), by extending the concept of existing relay-based schemes. The $\mu$ODNS introduces a small and reasonable assumption that each user has at least one trusted/dedicated relay in a network and mutually shares the dedicated one with others. The user just sets the dedicated one as his next-hop, first relay, conveying his queries to the resolver, and randomly chooses its $0$ or more subsequent relays shared by other entities. Under this small assumption, the user's identity is concealed to a target resolver in the $\mu$ODNS even if a certain (unknown) subset of relays collude with the resolver. That is, in $\mu$ODNS, users can preserve their privacy and anonymity just by paying a small cost of sharing its resource. Moreover, we present a PoC implementation of $\mu$ODNS that is publicly available on the Internet. We also show that by measurement of round-trip-time for queries, and our PoC implementation of $\mu$ODNS achieves the performance comparable to existing relay-based schemes.

In Named Data Networking (NDN), security is imposed on contents instead of end-to-end connections; therefore, every content contains a signature to prove its authenticity and integrity. While this property has many significant advantages, it causes big message overhead in some cases, especially if the content size is small. This overhead further increases if the content is generated by multiple authorities, e.g., in a moderator-controlled information sharing service, and needs to contain multiple signatures. We propose the use of Identity-Based Aggregate Signatures (IBAS) to decrease this overhead. Also, we provide a proof-of-concept IBAS implementation in NDN and compare its performance with existing Public Key Infrastructure RSA signatures.

In this paper, we first introduce Shamir's construction of the (k, n)-threshold scheme as a typical linear secret sharing scheme, and explain the construction of the (k, l, n)-threshold ramp scheme proposed by Yamamoto and Blakley-Meadows as its extension. Then, by generalizing the threshold ramp schemes with a general linear code C_1 and its subcode C_2, we introduce an expression of linear secret sharing scheme in terms of C_1 and C_2. As examples, we express Shamir's (k, n)-threshold scheme and the (k, l, n)-threshold ramp scheme of Yamamoto and Blakley-Meadows by linear codes. Furthermore, we show that in linear secret sharing schemes, the maximum amount of the information leakage of the secret message and their strong security are expressed in terms of the relative generalized Hamming weights (RGHW's) of C_1 and C_2 when every share is an element of a finite field. We also present detailed examples of this security analysis to help readers to gain understanding of the analytic technique.

Content-Centric Networking (CCN) has been recently attracting increasing attention as a future Internet architecture. In the CCN, a client has to follow the one-to-one matching principle between the request and the content chunk, and issue a network message called an Interest as a request to its corresponding content chunk called a Content Object. This implies that in the retrieval of a large content, a large number of interests are issued and CCN routers may suffer from the heavy workload and network traffic. To solve this problem, methods to aggregate multiple Interest messages to one Interest has been proposed. However, existing congestion control methods for CCN are not compatible with the aggregated interests, and as far as we know, no congestion control method for the aggregated Interests have been proposed yet. We propose TCP-like congestion control method designed for the interest aggregation. By the evaluation through computer simulations, it is clarified that our proposed method can control congestion in CCN similar to the TCP in the current Internet.

In the current Internet, many applications are based on DNS, the centralized name resolution system, assuming hosts are interconnected at all times. Such applications are not available in the network in a disaster, which is divided into several fragmented pieces. ICN (Information Centric Network) has itself a routing function toward each content, and there were several proposals to apply ICN to the disaster environment. These existing methods can only use the content caches on the way to the original content, and cannot use effectively all the available content caches within the limited network resources in the disaster. For effective caching, this paper investigates the optimization of potential based routing, resistant to topology changes in a disaster. consider the optimization of the strong potential routing to changes in the topology.

In this paper, we first introduce Shamir's construction of the (k, n)-threshold scheme as a typical linear secret sharing scheme, and explain the construction of the (k, l, n)-threshold ramp scheme proposed by Yamamoto and Blakley-Meadows as its extension. Then, by generalizing the threshold ramp schemes with a general linear code C_1 and its subcode C_2, we introduce an expression of linear secret sharing scheme in terms of C_1 and C_2. As examples, we express Shamir's (k, n)-threshold scheme and the (k, l, n)-threshold ramp scheme of Yamamoto and Blakley-Meadows by linear codes. Furthermore, we show that in linear secret sharing schemes, the maximum amount of the information leakage of the secret message and their strong security are expressed in terms of the relative generalized Hamming weights (RGHW's) of C_1 and C_2 when every share is an element of a finite field. We also present detailed examples of this security analysis to help readers to gain understanding of the analytic technique.

In this paper, we first introduce Shamir's construction of the (k, n)-threshold scheme as a typical linear secret sharing scheme, and explain the construction of the (k, l, n)-threshold ramp scheme proposed by Yamamoto and Blakley-Meadows as its extension. Then, by generalizing the threshold ramp schemes with a general linear code C_1 and its subcode C_2, we introduce an expression of linear secret sharing scheme in terms of C_1 and C_2. As examples, we express Shamir's (k, n)-threshold scheme and the (k, l, n)-threshold ramp scheme of Yamamoto and Blakley-Meadows by linear codes. Furthermore, we show that in linear secret sharing schemes, the maximum amount of the information leakage of the secret message and their strong security are expressed in terms of the relative generalized Hamming weights (RGHW's) of C_1 and C_2 when every share is an element of a finite field. We also present detailed examples of this security analysis to help readers to gain understanding of the analytic technique.

In this paper, we first introduce Shamir’s construction of the (k; n)-threshold scheme as a typical linear secret-sharing scheme and explain the construction of the (k; l; n)-threshold ramp scheme proposed by Yamamoto and Blakley-Meadows as its extension. Then, by generalizing threshold ramp schemes with a linear code C1 and its subcode C2, we represent a linear secret-sharing scheme in terms of C1 and C2. As examples, we represent Shamir’s (k; n)-threshold scheme and the (k; l; n)-threshold ramp scheme of Yamamoto and Blakley-Meadows using linear codes. Furthermore, we show that in linear secret-sharing schemes, the maximum amount of information leakage of a secret message and their strong security are characterized by the relative generalized Hamming weights (RGHW’s) of C1 and C2 when every share is an element of a finite field.

Secret sharing scheme is an important tool for the management of secret information. For secret sharing scheme based on linear block codes, the amount of information leaked to adversaries has not been investigated. Hence, in existing constructions of secret sharing scheme based on arbitrary linear codes, some elements of a secret vector might leak out deterministically from a non-qualified set, like weakly-secure ramp threshold schemes. In this paper, we first define anti-access set as a set from which no element is deterministically leaked. We also introduce the conditions of a linear code and its dual code such that a specified set becomes an anti-access set in secret sharing scheme using the code. Then, we propose a secret sharing scheme based on a linear code C^⊥ whose dual code C is defined by a systematic parity check matrix. This realizes a similar access structure to threshold access structures, and every non-qualified set whose cardinality is less than or equal to α are anti-access sets (called α-strongly-secure). Further, we show that this construction is completely characterized by the generalized Hamming weight and the MDS-rank of C.

Hash functions using stream ciphers as components perform fast on a variety of platforms. However, stream-cipher-based hash functions (SCHs) have not been studied sufficiently yet. In this paper, we present a model of SCHs consisting of two parts: a pre-computation phase and a stream cipher phase. We apply this model to existing broken SCHs, Abacus and Boole, and analyze the vulnerabilities corresponding to existing attacks for each part of our model. By applying our model to these algorithms, weak parts in the algorithms are revealed, and we show that these vulnerabilities can be removed by minor modifications to each part. Furthermore, we clarify the requirements for the pre-computation phase and the stream cipher phase to realize secure SCHs.

Hash functions using stream ciphers as components perform fast on a variety of platforms. However, stream-cipher-based hash functions (SCHs) have not been studied sufficiently yet. In this paper, we present a model of SCHs consisting of two parts: a pre-computation phase and a stream cipher phase. We apply this model to existing broken SCHs, Abacus and Boole, and analyze the vulnerabilities corresponding to existing attacks for each part of our model. By applying our model to these algorithms, weak parts in the algorithms are revealed, and we show that these vulnerabilities can be removed by minor modifications to each part. Furthermore, we clarify the requirements for the pre-computation phase and the stream cipher phase to realize secure SCHs.

This paper proposes several extensions of fast (k,n)-threshold schemes which use EXCLUSIVE-OR(XOR) operations. Existing fast threshold schemes need to calculate inverse matrices in recovery phase and hence these operations on software/hardware are delayed due to conditional branching in calculation of invese matrices. We introduce a new method to calculate a particular matrix in a recovery algorithm. Our method does not need to make a generator matrix for shares or to calculate inverse matrices of block matrices. The particular matrix which denotes the combination of divided pieces of shares to recover the secret is calculated by rote only from the share indexes. Futhermore, our method can be implemented without "IF" statement (conditional branching) by using word-wise XOR operations, cyclic shift operations and bit shift operations. Thus, our method can be operated more rapidly than existing schemes on software and hardware.

This paper proposes several extensions of fast (k,n)-threshold schemes which use EXCLUSIVE-OR(XOR) operations. We introduced the new concept of singular point of divided pieces of shares in part one. Several methods using singular point based on fast (k,n)-threshold schemes are proposed in this paper. These comprise a fast threshold ramp scheme and a method to embed additional information into shares. Similar to a ramp scheme based on Shamir's threshold scheme, our fast ramp scheme realizes to reduce each bit-size of shares instead of degradation of security. On the other hand, a method to embed additional information allows only participants who pre-shared the authorities with the dealer to recover not only the secret but also the additional information corresponding to the authority from k shares. Thus, this embedding method can realize a distributed subliminal channel (storage) between the dealer and the trusted participant, simple access control method and so on, which use the property of secret sharing schemes.

In Shamir's (k,n)-threshold secret sharing scheme, a heavy computational cost is required to recover the secret from k shares. As a solution to this problem, several fast threshold schemes are proposed. However, there is no fast ideal (k,n)-threshold scheme, where k >_ 4 and n is arbitrary. This paper proposes a new fast (4,n)-threshold scheme using just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret, which is an ideal secret sharing scheme similar to Shamir's scheme. Furthermore, we extend and generalize the (4,n)-threshold scheme to a new fast (k,n)-threshold scheme using XOR operations with arbitrary k and n, which is also an ideal secret sharing scheme.

PA(Product Accumulate) codes achieve perfomance near the Shannon limit for BPSK, have low encoding and decoding complexity, and have flexible rate adaptivity for all rates above 1/2. In this paper, we propose a new method of application of PA codes to multilevel modulation with multilevel coding and BICM-ID(Bit Interleaved Coded Modulation with Iterative Decoding). First, to adjust code rate flexibly, we investigate perfomances of PA codes and GPA (Generalized Product Accumulate) codes that have two different single parity check codes as component codes, and we show a procedure to design PA codes or GPA codes with different component codes for wide range of code rate. Next, we identify labeling methods that give the lowest decoding error probability for BICM-ID and multilevel coding. Computer simulation demonstrates that multilevel coding systems and BICM-ID systems with PA codes or GPA codes designed with our procedure give performances near the Shannon limit.

PA (Product Accumulate) codes achieve perfomance near the Shannon limit for BPSK, have low encoding and decoding complexity, and have flexible rate adaptivity for all rates above 1/2. In this paper, we propose a new method of application of PA codes to multilevel modulation with multilevel coding and BICM-ID (Bit Interleaved Coded Modulation with Iterative Decoding). First, to adjust code rate flexibly, we investigate perfomances of PA codes and GPA (Generalized Product Accumulate) codes that have two different single parity check codes as component codes, and we show a procedure to design PA codes or GPA codes with different component codes for wide range of code rate. Next, we identify labeling methods that give the lowest decoding error probability for BICM-ID and multilevel coding. Computer simulation demonstrates that multilevel coding systems and BICM-ID systems with PA codes or GPA codes designed with our procedure give performances near the Shannon limit.

This paper proposes a software radio receiver which utilizes an RF filter bank in the front end and optimally combines the signals whose bandwidth is divided by the filter bank. This method assumes the future solid state advanced integrated circuit technologies in RF filters, RF receiving circuit and A/D converters (ADC). The optimal combining utilizing the multiple input linear equalizer regenerates the wide band signal in baseband from the discrete complex envelopes that are sampled from the outputs of filters constructing the RF filter bank. The equalizer uses chirp signal as the training signal. Time alignment of the complex impulse response to the chirp signal yields the complex impulse response of the combining circuit. The combiner circuit minimizes the difference between the complex impulse response and the desired impulse response, and it becomes the matched filter. Computer simulation is conducted in order to evaluate the reception performance by utilizing Gaussian bandpass filter for the filter bank. Both single carrier roll-off and OFDM multicarrier signals are examined. The simulation shows the dependences of eye pattern and that of bit error rate (BER) upon the number of bits of ADC, and dependence of BER upon an out-of-band interference signal. The results show the superiority of the filter bank receiver to the digital filter receiver.