|
Cryptography
|
|
A theoretical framework for the realization of digital signatures for objects
|
|
A digital signature scheme is a method of assigning a signature to binary strings. By combining the conventional digital signature scheme with predicate functions, there exsits the theory of "digital signatures for objects", which enables us to sign arbitrary objects through sensing (e.g., taking a picture). In this work, we formulate a part of the theory and prove its security in the specific settings.
|
|
Aggregate Signature with Traceability of Devices Dynamically Generating Invalid Signatures
|
|
Aggregate signatures can aggregate multiple signatures into a single signature, and are expected to be used in sensor networks and other systems where many devices transmit signatures. In this paper, we introduce a model of aggregate signatures with interactive tracing functionality that captures the situation where a large number of devices regularly transmit data and signatures, and the devices that generate fraudulent signatures (e.g., due to failures) change from time to time, and define its functional and security requirements. Furthermore, we propose a general construction using ordinary aggregate signatures and Dynamic Traitor Tracing.
|
|
Secret sharing
|
On Private Information Retrieval Supporting Range Queries
|
|
Abstract: Private information retrieval (PIR) allows a client to retrieve data from a database without the database server learning what data is being retrieved. Although many PIR schemes have been proposed in the literature, almost all of these focus on retrieval of a single database element, and do not consider more flexible retrieval queries such as basic range queries. In this paper, we define rigorous security models for PIR schemes supporting range queries, and then propose a secure construction based on function secret sharing.
|
Constructive t-secure Homomorphic Secret Sharing for Low Degree Polynomials
(Poster : in English)
|
|
Homomorphic secret sharing is a cryptographic technique to outsource the computation to a set of servers while restricting some subsets of servers from learning the secret inputs. We provide a constructive solution for threshold-t structures by combining homomorphic encryption with the secret sharing scheme for general access structure. Our scheme also quantitatively improves the number of required servers, compared to the previous work.
|
|
Cryptocurrency/Blockchain
|
|
Privacy Analysis and Evaluation Policy of Blockchain-based Anonymous Cryptocurrencies
|
|
We propose a specific architecture model with three software layers for anonymous cryptocurrencies, analyze its privacy, summarize a privacy evaluation policy, and compare the privacy of current leading anonymous cryptocurrencies (e.g., Zerocash, CryptoNote, and Mimblewimble) using the privacy evaluation policy.
|
Load evaluation of Proof-of-Verification
(Poster : in English)
|
|
Bitcoin, a cryptocurrency on blockchain,maintains its soundness by successive block generation. Block generation consumes a huge computational cost, and offers a reward for success on a first-come-first-served basis. Therefore block generation triers have an incentive to skip other computations. A block contains many transaction data of coins, whose validity check, especially signature verification needs cryptographic calculations and can be the first skip target. To address this issue, a method called "Proof-of-Verification" (PoV) was proposed, which can indicate the signature verification is completed. We introduce the load evaluation of PoV.
|
|
Anti-malware
|
|
Automatically Building Taint Analysis Frameworks for Scripts with Vanilla Script Engines
|
|
Malicious scripts are prevalent in recent attacks. To protect endpoints against these attacks, it is essential to reveal the behavior of malicious scripts by analyzing them. Although taint analysis, which tracks data flow in programs, applies to achieve this, existing taint analysis techniques have a problem that requires different designs and implementations for each script language and interpreter. Considering that real-world script languages and engines are diverse, it is unrealistic for the required human effort. To address this problem, our study proposes an approach that automatically builds taint analysis frameworks independent of script languages and interpreters.
|
|
More efficient penetration testing using reinforcement learning
|
|
Penetration testing, which conducts pseudo-cyber attacks to diagnose network security, is useful, but requires a great deal of cost and trained personnel. We will seek a method to reduce the burden by improving the efficiency using reinforcement learning and deep reinforcement learning.
|
|
Digital forensics
|
|
Identifying Crypto API Usages in Android Apps using a Static Analysis Framework
|
|
Forensic analysis of mobile devices is essential work for digital forensic investigators. While there are various data stored in smartphones, some of the data is encrypted by applications. Data encryption is one of the major issues of digital forensics, preventing investigators from analyzing the data quickly. In this work, we develop a tool to automatically analyze crypto API usages in Android apps. There are many Android apps which encrypt their data in smartphones using standard crypto APIs. In such cases, we can identify the cryptographic algorithms and parameters via application analysis, which helps us to analyze encrypted data. Most existing studies focus on single app, and rely on manual analysis, which requires a certain amount of skill and knowledge about reverse engineering. For this reason, we develop our tool which can analyze apps automatically, therefore we can easily identify crypto API usages in new apps.
|
|