細井 琢朗

• 技術職員

研究テーマ

• ネットワークセキュリティ

Publications

• 細井琢朗, 松浦幹太. Proof-of-Verification の実装負荷評価その1: Transaction の署名検証, 電子情報通信学会総合大会2024, 2024
• 大橋盛徳, 張一凡, 細井琢朗, 松浦幹太. DAGベース分散タイムスタンプ手法の検討, 第194回マルチメディア通信と分散処理・第100回コンピュータセキュリティ合同研究発表会, pp.online, 2023
• 細井琢朗, 松浦幹太. POW型ブロックチェーン安全性証明の明示的定式化, 第174回マルチメディア通信と分散処理・第80回コンピュータセキュリティ合同研究発表会, Vol.80, No.8, pp.online, 2018
• Kanta Matsuura, Takurou Hosoi. Mechanism Design of Data Sharing for Cybersecurity Research, IPSI Transactions on Advanced Research, Vol.11, No.1, pp.35-40, 2015

abstract

If we want to realize a scientific approach to cybersecurity, we need objective and reproducible evaluation of security. Although some of cryptographic technologies have rigorous security proofs, a lot of cybersecurity technologies rely on experimental evaluation which needs good datasets. One may expect that sharing such datasets would help at least the reproducibility of the evaluation. At the same time, one may be afraid that effective mechanism design is difficult because there have been a lot of studies on disincentive problems (e.g. free-riding) associated with information sharing in cybersecurity. However, the requirements and typical solutions for data sharing would be different from those for information sharing. In this paper, we comprehensively discuss the features of "data sharing for cybersecurity research" based on a systematic comparison with "information sharing for cybersecurity practice". We also report a Japanese case in the field of malware analysis. One important finding is that considering human resource development is an important factor in the activities associated with data sharing.
• 細井琢朗, 松浦幹太. TCP再送タイマ管理の変更による低量DoS攻撃被害緩和の実験評価, 2014年コンピュータセキュリティシンポジウム(CSS2014)予稿集, CD-ROM, 2014
• Kanta Matsuura, Takurou Hosoi. Data Sharing for Cybersecurity Research and Information Sharing for Cybersecurity Practice, The 8th International Workshop on Security (IWSEC2013), 2013

abstract

When we want to realize a scientific approach to cybersecurity, we need objective and reproducible evaluation of security properties. Although some of cryptographic technologies have rigorous security proofs, a lot of cybersecurity technologies rely on experimental security evaluation which needs good datasets. One may expect that sharing such datasets would help at least the reproducibility of the evaluation. At the same time, one may be afraid that effective mechanism design is not trivial because there have been a lot of studies on disincentive problems (e.g. free-riding) associated with information sharing for cybersecurity practice. However, the requirements and typical solutions for data sharing would be different from those for information sharing. In this poster, we comprehensively discuss the features of data sharing for cybersecurity research based on a systematic comparison with information sharing for cybersecurity practice. We also identify some intrinsic limitations of the data sharing approach.
• Takurou Hosoi, Kanta Matsuura. Effectiveness of a Change in TCP Retransmission Timer Management for Low-rate DoS Attack Mitigation and Attack Variants, The 8th International Workshop on Security (IWSEC2013), 2013

abstract

The mechanism of TCP retransmission timeout is essential to the Internet congestion control. But existing research pointed out that this mechanism allows DoS attack with low-rate mean traffic. We proposed a change in TCP retransmission timeout management, in which length of TCP retransmission timer is increased not to precisely twice of the prior timer length in successive timeout waiting. We investigate its effectiveness in DoS attack mitigation analytically, and some attack variants under this countermeasure.
• 細井琢朗, 松浦幹太. TCP再送信タイマ管理の変更による低量DoS攻撃被害の緩和効果, コンピュータセキュリティシンポジウム2013 (CSS2013), CD-ROM, 2013
• 細井琢朗, 松浦幹太. 低量DoS攻撃を緩和するTCP再送信タイマ管理の一検討, 情報処理学会コンピュータセキュリティ研究会 (研究報告コンピュータセキュリティ(CSEC)), Vol.62, No.51, pp.1-5, 2013
• 細井琢朗, 松浦幹太. 待ち行列推定に基づくパケットロス攻撃検知の輻輳強度依存性, 情報処理学会コンピュータセキュリティ研究会 (情報処理学会研究報告コンピュータセキュリティ(CSEC)), Vol.60, No.28, pp.1-5, 2013
• 松浦幹太, 細井琢朗. セキュリティ評価基盤と周辺制度および活動に関する考察, 第59回情報処理学会コンピュータセキュリティ研究会, Vol.2012-CSEC-59, 2012
• 細井琢朗, 松浦幹太. 待ち行列推定に基づくパケットロス攻撃検知方式のパラメータ依存性について, コンピュータセキュリティシンポジウム2012 (CSS2012), Vol.2012, No.3, pp.1-5 (CD-ROM), 2012
• 細井琢朗, 松浦幹太. 情報セキュリティ研究向けネットワークデータの配布における技術的課題の現状調査, 情報処理学会コンピュータセキュリティ研究会, Vol.2012-CSEC-56, No.04, pp.1-6, 2012
• 細井琢朗, 松浦幹太. 情報セキュリティ研究用ハニーポット通信データの一般頒布に向けた技術的要件の調査, マルウェア対策研究人材育成ワークショップ2011 (MWS2011), CD-ROM, 2011
• Takurou HOSOI, Kanta Matsuura. Evaluation of the Common Dataset Used in Anti-Malware Engineering Workshop 2009, Lecture Notes in Computer Science (Recent Advances in Intrusion Detection, 13th International Symposium on Recent Advances in Intrusion Detection: RAID 2010), Vol.6307, pp.496-497, 2010
• 竹森敬祐, 細井琢朗. マルウェア : 10.コラム:MWS Cup 2009, 情報処理, Vol.51, No.3, pp.296-299, 2010
• 細井琢朗, 畑田充弘. MWS Cup 2009 活動報告 〜競技用通信データ作成について〜, 情報処理学会コンピュータセキュリティ研究会(情報処理学会研究報告), Vol.2009, No.85, pp.online, 2009
• 細井琢朗, 松浦幹太. 公開ネットワークログデータセットの調査とワーム検知数の変遷調査, 情報処理学会コンピュータセキュリティ研究会(情報処理学会研究報告), Vol.2009, No.20, pp.181-186, 2009
• 細井琢朗, 松浦幹太. IPトレースバック技術に於ける誤探知率の扱いについて, 2008年暗号と情報セキュリティ・シンポジウム(SCIS2008)予稿集, CD-ROM, 2008
• Takuro Hosoi, Kanta Matsuura, Hideki Imai. IP Trace Back by Packet Marking Method with Bloom Filters, Proceedings of the 2007 IEEE International Carnahan Conference on Security Technology (2007 ICCST) 41st Annual Conference, pp.255-263, 2007
• 細井琢朗, 松浦幹太. ランダムグラフを用いたIPトレースバックの誤探知率の評価について, 2007年暗号と情報セキュリティシンポジウム(SCIS2007)予稿集, 2007
• 細井琢朗, 松浦幹太, 今井秀樹. 暗号要素技術を用いない決定論的パケットマーキング法による単一パケットIPトレースバックについて, 2006年暗号と情報セキュリティ・シンポジウム(SCIS2006)予稿集(CD-ROM), 2006
• 細井琢朗, 松浦幹太, 今井秀樹. Bloomフィルタを用いたパケットマーキング法によるIPトレースバックでの複数パケット利用追跡について, コンピュータセキュリティシンポジウム(CSS)2005論文集, 情報処理学会シンポジウムシリーズ, Vol.2005-I, No.13, pp.91-96, 2005
• 細井琢朗, 松浦幹太, 今井秀樹. Bloomフィルタを用いたパケットマーキング法によるIPトレースバックの擬陽性確率について, 2005年暗号と情報セキュリティ・シンポジウム(SCIS2005)予稿集, Vol.III, pp.1555-1560, 2005
• 細井琢朗, 松浦幹太, 今井秀樹. Bloomフィルタを用いたパケットマーキング法によるIPトレースバック, コンピュータセキュリティシンポジウム(CSS)2004論文集, 情報処理学会シンポジウムシリーズ, Vol.2004-I, No.11, pp.181-186, 2004
• 細井琢朗, 松浦幹太, 今井秀樹. IPデータグラムが正規に変換される場合のIPトレースバック技術について, 2004年暗号と情報セキュリティ・シンポジウム(SCIS2004)予稿集, Vol.2, pp.1369-1373, 2004

田村 研輔

• 講師

研究テーマ

• デジタルフォレンジック、制御システムセキュリティ

Publications

• Kensuke Tamura, Kanta Matsuura. Improvement of Anomaly Detection Performance using Packet Flow Regularity in Industrial Control Networks, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol.E102-A, No.1, pp.65-73, 2019

abstract

Since cyber attacks such as cyberterrorism against Industrial Control Systems (ICSs) and cyber espionage against companies managing them have increased, the techniques to detect anomalies in early stages are required. To achieve the purpose, several studies have developed anomaly detection methods for ICSs. In particular, some techniques using packet flow regularity in industrial control networks have achieved high-accuracy detection of attacks disrupting the regularity, i.e. normal behavior, of ICSs. However, these methods cannot identify scanning attacks employed in cyber espionage because the probing packets assimilate into a number of normal ones. For example, the malware called Havex is customized to clandestinely acquire information from targeting ICSs using general request packets. The techniques to detect such scanning attacks using widespread packets await further investigation. Therefore, the goal of this study was to examine high performance methods to identify anomalies even if elaborate packets to avoid alert systems were employed for attacks against industrial control networks. In this paper, a novel detection model for anomalous packets concealing behind normal traffic in industrial control networks was proposed. For the proposal of the sophisticated detection method, we took particular note of packet flow regularity and employed the Markov-chain model to detect anomalies. Moreover, we regarded not only original packets but similar ones to them as normal packets to reduce false alerts because it was indicated that an anomaly detection model using the Markov-chain suffers from the ample false positives affected by a number of normal, irregular packets, namely noise. To calculate the similarity between packets based on the packet flow regularity, a vector representation tool called word2vec was employed. Whilst word2vec is utilized for the calculation of word similarity in natural language processing tasks, we applied the technique to packets in ICSs to calculate packet similarity. As a result, the Markov-chain with word2vec model identified scanning packets assimilating into normal packets in higher performance than the conventional Markov-chain model. In conclusion, employing both packet flow regularity and packet similarity in industrial control networks contributes to improving the performance of anomaly detection in ICSs.
• 田村研輔, 松浦幹太. 制御システムにおける通信の規則性を利用した異常検知, 2018年暗号と情報セキュリティシンポジウム(SCIS2018)予稿集, USB, 2018

島田 要

• 協力研究員

研究テーマ

• 匿名通信システム

Publications

• 島田要, 松浦幹太. Tor Hidden Serviceに対するTraffic Confirmation攻撃のためのオーバーレイ通信システム, An Overlay Communication System for Traffic Confirmation Attack Against Tor Hidden Services, 2023年暗号と情報セキュリティシンポジウム (SCIS2023) 予稿集, 2023

張 一凡

• 博士課程3年*

研究テーマ

• ブロックチェーン技術

Publications

• 大橋盛徳, 張一凡, 細井琢朗, 松浦幹太. DAGベース分散タイムスタンプ手法の検討, 第194回マルチメディア通信と分散処理・第100回コンピュータセキュリティ合同研究発表会, pp.online, 2023

谷下 友一

• 博士課程2年

研究テーマ

• 暗号技術

Publications

• Yuichi Tanishita, Ryuya Hayashi, Ryu Ishii, Takahiro Matsuda, Kanta Matsuura. Updatable Encryption Secure Against Randomness Compromise, Lecture Notes in Computer Science (Cryptology and Network Security, 23rd International Conference, CANS 2024), Vol.14906, No.1, pp.47-69, 2024

abstract

Updatable encryption (UE) allows a third-party server to update outsourced encrypted data without exposing keys and plaintexts. The server can update ciphertexts to ones under a new key using an update token provided by the client. UE can realize efficient key rotation and is effective against key compromise. The standard security notions of UE capture the property that even if keys or update tokens are compromised, the confidentiality of messages is maintained by the key update and ciphertext update. In general, the randomnesses used in the encryption and ciphertext update algorithms must be kept secret in the same way as the keys. On the other hand, while key compromise is considered in existing security notions, randomness compromise is not. In this paper, we define a new security notion for UE, IND-UE-R security, that is resilient to the compromise of randomnesses used to generate or update ciphertexts. Furthermore, we prove that the UE construction RISE (EUROCRYPT'18) satisfies our proposed security notion.
• Yuichi Tanishita, Ryuya Hayashi, Ryu Ishii, Takahiro Matsuda, Kanta Matsuura. On the Implications from Updatable Encryption to Public-Key Cryptographic Primitives, Lecture Notes in Computer Science (Information Security and Privacy, The 29th Australasian Conference on Information Security and Privacy: ACISP2024), Vol.14895, No.1, pp.303-323, 2024

abstract

Updatable encryption (UE) is a special type of symmetric-key encryption (SKE) that allows a third party to update ciphertexts while protecting plaintexts. Alamati et al. (CRYPTO 2019) showed a curious connection between UE and public-key encryption (PKE) that PKE can be constructed from UE. This implication result is somewhat surprising since it is well-known that PKE cannot be constructed from (ordinary) SKE in a black-box manner. In this paper, we continue to study the relationships between UE and other cryptographic primitives to obtain further insights into the existence and power of UE, and assumptions required for it. More specifically, we introduce some security properties that are natural to consider for UE (and are indeed satisfied by some existing UE schemes), and then investigate what types of public-key cryptographic primitives can be constructed from UE with the additional properties. Specifically, we show the following results: - 2-round oblivious transfer (OT) can be constructed from UE that satisfies the \emph{oblivious samplability (OS)} of original ciphertexts (i.e. those generated by the ordinary encryption algorithm, as opposed to those generated by the ciphertext-update algorithm) and the OS of update tokens (that are used for updating ciphertexts). - 3-round OT can be constructed from UE with OS of updated ciphertexts (i.e. those generated by the ciphertext-update algorithm). - Lossy encryption and PKE secure against selective-opening attacks can be constructed from UE if it satisfies what we call \emph{statistical confidentiality of original ciphertexts}.
• 谷下友一, 林リウヤ, 石井龍, 松田隆宏, 松浦幹太. 暗号文の生成・更新に用いる乱数の漏洩に耐性を持つ更新可能暗号, Updatable Encryption Resilient to Encryption/Update Randomness Leakage, 2024年 暗号と情報セキュリティシンポジウム (SCIS2024) 予稿集, 2024
• 谷下友一, 林リウヤ, 松田隆宏, 松浦幹太. 更新可能暗号と公開鍵系の暗号要素技術の関係について, On the Implication from Updatable Encryption to Public-Key Cryptographic Primitives, 2023年コンピュータセキュリティシンポジウム(CSS2023)予稿集, pp.447-454, 2023

浅野 泰輝

• 博士課程1年

研究テーマ

• 暗号技術

Publications

• 浅野泰輝, 林リウヤ, 林田淳一郎, 松田隆宏, 山田翔太, 勝又秀一, 坂井祐介, 照屋唯紀, シュルツヤコブ, アッタラパドゥンナッタポン, 花岡悟一郎, 松浦幹太, 松本勉. 「モノの電子署名」の複数物体への拡張, Extension of "Signature for Objects" to Multiple Objects, 2022年暗号と情報セキュリティシンポジウム (SCIS2022) 予稿集, 2022
• 林リウヤ, 浅野泰輝, 林田淳一郎, 松田隆宏, 山田翔太, 勝又秀一, 坂井祐介, 照屋唯紀, シュルツヤコブ, アッタラパドゥンナッタポン, 花岡悟一郎, 松浦幹太, 松本勉. モノの秘匿性を考慮した「モノの電子署名」. "Signature ofr Objects" with Object Privacy, 2022年暗号と情報セキュリティシンポジウム (SCIS2022) 予稿集, 2022
• 林リウヤ, 浅野泰輝, 林田淳一郎, 松田隆宏, 山田翔太, 勝又秀一, 坂井祐介, 照屋唯紀, シュルツヤコブ, アッタラパドゥンナッタポン, 花岡悟一郎, 松浦幹太, 松本勉. モノの電子署名:物体に署名するための一検討, Signature for Objects: Formalization, Security Definition, and Provably Secure Constructions, 2021年コンピュータセキュリティシンポジウム(CSS2021)予稿集, pp.740-747, 2021

姜 皓程

• 修士課程2年

研究テーマ

• ブロックチェーン技術

西井 遥紀

• 修士課程2年

研究テーマ

• 形式的検証

金井 瞭真

• 修士課程1年

研究テーマ

• セキュリティ経済学

ニャン ウィン ティケ

• 研究員

研究テーマ

• ブロックチェーン技術