The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
A lot of ICs are fabricated in external foundries. The design of ICs can be often outsourced. Such outsourcing has a potential risk to have produce malicious hardware. Malicious hardware means the hardware with built-in hidden malicious functions which aim at leaking information or weakening security level of the hardware such as degrading the quality of internal random number generation. In this...
Side-channel attacks that compromise confidentiality of memory contents have become a major concern for device manufacturers and users. Electrically erasable programmable read-only memory (EEPROM) implemented on embedded devices contains several types of sensitive information, and it shall strictly prohibit unauthorized access to such information. This paper introduces a new technique that extracts...
Physical Unclonable Function (PUF), an anti-counterfeit technology for semiconductor chips, has come under focus in recent years. We proposed a method of enhancing the entropy of a latch-based PUF response and confirmed its effectiveness by experimenting with prototype latch-based PUFs for 180 nm CMOS ASICs. In this paper, we fabricated latch-based PUFs implemented on 40 nm CMOS ASICs and assessed...
Advanced cryptographic functionalities such as searchable encryption, aggregate signatures, proxy re-encryption, and attribute-based encryption can be realized by adopting bilinear pairings based on elliptic curves over a prime finite field GF(p). To achieve enough security the size of p should be at least a-few-hundred bit. Thus the "good" GF(p) hardware multiplier is necessary to construct...
Web sites have been great diversity because of their purposes and structures today and many web sites are working on hosting services. A hosting service is one of the network services for outsourcing construction and maintenance of the servers. Thus, the web site operators are free from hardware setting and server maintenance. On the other hand, web sites have been exposed to cyber attacks. To counter...
This study proposes how to investigate the existence of misconfigurations of zone transfer in any level of domain name system hierarchy using search engine based approach without the need to look at the zone file. The analysis has been conducted on 1,284 authoritative name servers of 314 top-level domains and 46,416 authoritative name servers of second level domain of 249 country code top-level domains...
Network-based dynamic shellcode detection, in which network traffic is examined by being executed on an emulator for detecting essential behavior of shellcode, has been studied intensively in recent years. The main issues of dynamic shellcode detection are (1) the computational cost is high and (2) it can detect only shellcodes whose behaviors match predefined detection rules. In this paper, we propose...
Modern malware often changes their runtime behaviors in each execution to tolerate against malware analyses and detections. For example, when a malware copies itself on a file system, it can randomly determine its file name for avoiding the detections. Another example is that when a malware tries to connect its command and control server, it randomly chooses a domain name from a hard-coded domain...
There is a strong demand for the security of Controller Area Network (CAN), a major in-vehicle network. A number of methods to detect unauthorized data transmission, such as anomaly detection and misuse detection, have already been proposed. However, all of them have no capability of preventing unauthorized data transmission itself. In this paper, we propose a novel method that realizes the prevention...
This paper describes a concept and method of effectively applying information-theoretic cryptography to real-time system communications. Information-theoretic security, also known as unconditional security, is independent of the computing power or time an opponent can bring to bear. These properties are suitable for power systems which require both few computational resources and long life time. We...
The use of Public Malware Sandbox Analysis Systems (public MSASs) which receives online submissions of possibly malicious executables from an arbitrary user, analyzes their behavior by executing them in a testing environment (i.e., a sandbox), and sends analysis reports back to the user, have increased in popularity. In such systems, the sandbox for analysis is often connected to the Internet as modern...
The software independent verification and validation (IV&V) is essential, especially in the development of aerospace systems, to improve safety and reliability and to prevent system problems. We have used a hierarchical accident method. This method investigates the latent problems in the development process of a system that have not been thoroughly recognized in past IV&V. The National Transportation...
We address a new class of Information hiding on lossless data compression. In our model, secret information is embedded into a compressed data (e.g. ZIP) in a way that the compressed data can still be decompressed by regular decompression process (e.g. UNZIP). The entity with secret key can extract the secret information from the compressed data. In this paper, we formally define the above model of...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.