ൔ!!Γ!!! ύЎǺֆےԋǵᙁֻӹǵᛥΏᆢ! ѦЎǺTzong-Chen WuǵHung-Yu ChienǵNai-Wei Lo!
୍ܺൂՏϷ!
ᙍᆀ!
୯ҥѠࣽמεᏢၗૻᆅس௲ǵ୯ҥᄤࠄ୯ሞεᏢၗᆅس௲ǵ ୯ҥѠࣽמεᏢၗૻᆅسշ௲!
ൔЬᚒ!
!
The 5th Joint Workshop on Information Security (JWIS 2010) р୯ൔ
ୖೖВය! Ծ 98 ԃ 08 Д 04 В Կ 99 ԃ 08 Д 07 В
ୖೖൂՏ!!!!
)୯ ୯ǵࠤѱ*!!
!
ύ୯(ቶԀǴࠄၭεᏢ)ġ
р୯Ҟ
ว߄ፕЎǴว߄ϐፕЎӜᆀ
1. An Unconditionally Secure Lightweight RFID Authentication Protocol with Untraceability, Hung-Yu Chien, Jia-Zhen Yen, Tzong-Chen Wu
2. Formal Analysis on RFID Authentication Availability, Kuo-Hui Yeh, Nai-Wei. Lo, Tzong-Chen Wu
ǵݮଆ
JWIS (Joint Workshop on Information Security)ଆྍܭ 2006 ԃǴಃۛ JWIS җᗬ୯ KISA(the Korea Institute of Information and Cryptology)ᆶ В ҁ IEICE ޑ ICSS(the Information and Communication System Security of the Institute of Electronics, Information and Communication Engineers)ᖄӝЬᒤǴ٠җᗬ୯లܴζηεᏢ (Sookmyung Womenȷs University)ޑԾฅࣴزᐒᄬ (Research Institute of Natural Science)ॄೢᝢჄᖐᒤǴӦᗺࣁᗬ୯२ᅟޑలܴζηεᏢǶҗᗬ୯ ቼᅚεᏢ(Kyung Hee University) Prof. Man Young Rhee ᆶВҁύѧεᏢ(Chuo University)Prof. Hideki Imai ᏼҺ advisory committeeǴ٠җВҁ KDDI/NICT ޑ Koji Nakao Ӄғᆶᗬ୯ۯቼεᏢ(Yonsei
University)Prof. Joo Seok SongӅӕᏼҺεЬৢǶ߃ЬືۓՏࣁӼӄᔈҔϐמೌᆶჴ୍Бय़Ǵ
ࣁᏢೌࣴزᆶҾว߄ࣴزԋ݀ᆶፕޑࣴǶԜѦǴεᏢҭᗎፎኧՏണрϐၗӼৎՉ
ᚒᄽᖱǶಃΒۛ߾җӕኬࢂҗᗬ୯ KISA ᆶВҁ IEICE ϐ ICSS ᖄӝЬᒤǴॄೢᝢჄᖐᒤϐൂՏࣁ ВҁޑԐዿҖεᏢ(Waseda University*ǴӦᗺࣁВҁܿ٧ޑԐዿҖεᏢǶҗᗬ୯ቼᅚεᏢ (Kyung Hee University) Prof. Man Young RheeᆶВҁύѧεᏢ(Chuo University)Prof. Hideki Imai Ӆ ӕᏼҺεᄪ៉ЬৢǴεЬৢ߾җВҁ KDDI/NICT ޑ Koji Nakao Ӄғᆶᗬ୯ᔝ୯εᏢ(Dankook University)Prof. Min Surp Rhee ӅӕᏼҺǴ٠җᗬ୯ۯቼεᏢ Prof. Ju Seok Song ᆶϺໂεᏢ (Soonchunhyang University)Prof. Heung Youl YoumᏼҺ advisory committefǶֆےԋ௲Ԗ۩ڙᗎᄽ ᖱѠၗૻӼӄޑวᆶᖿ༈ǴЬᚒࣁȸRecent Activities of Security Research in Taiwan: TWISC
2 ЬᒤǶ
ಃΟۛ JWIS җᗬ୯ᅇεᏢ(Hanyang University)ॄೢೕჄᖐᒤǴCCISA २ԛԋࣁЬᒤൂՏϐ
Ǵᆶᗬ୯ KISA ϷВҁ IEICE ޑ ICSS ӅӕЬᒤǴӦᗺࣁᗬ୯२ᅟޑᅇεᏢǴѠၗ೯Ӽ ӄࣴزᆶ௲ᏢύЈ(Taiwan Information Security CenterǴᙁᆀ TWISC)ҭࣁԜۛޑᜅշൂՏϐ
ǶԜۛҗВҁύѧεᏢ (Chuo University)Prof. Hideki Imai ǵᗬ୯ቼᅚεᏢ (Kyung Hee University) Prof. Man Young RheeϷѠύѧࣴز(Academia Sinica)ၗૻ܌܌ߏቺଣγӅӕᏼҺ εᄪ៉ЬৢǴεЬৢ߾җВҁ KDDI/NICT ޑ Koji Nakao Ӄғǵᗬ୯ϺໂεᏢ Prof. Hong Sub LeeϷҁΓӅӕᏼҺǴ٠җᗬ୯ۯቼεᏢ Prof. Joo Seok SongǵϺໂεᏢ Prof. Heung Youl Youm ϷВҁΐԀεᏢ(Kyusyu University)Prof. Kouichi Sakurai ᏼҺ advisory committeeǶಃѤۛ JWIS ӧѠ
ଯύξεᏢᖐᒤǴҗВҁύѧεᏢ(Chuo University)Prof. Hideki Imaiǵᗬ୯ቼᅚεᏢ(Kyung Hee University) Prof. Man Young RheeϷѠύѧࣴز(Academia Sinica)ၗૻ܌܌ߏቺଣγӅӕ ᏼҺεᄪ៉ЬৢǴҗᗬ୯ KAIST ޑ Prof. Kwang Jo KimǵВҁ KDDI / NICT ޑ Prof. Koji Nakao аϷѠѠࣽמεᏢၗૻᆅسֆےԋ௲ӅӕᏼҺεЬৢǶ
ҁۛ(ಃϖۛ)җεഌࠄၭεᏢ(South China Agricultural University)ॄೢೕჄᖐᒤǴᜅշൂՏ хࡴǺ1. Information Security Institute of Guangzhou University, China; 2. IT Security Institute of South China Agricultural University, China; 3. Technical Committee on Information and Communication System Security (ICSS), IEICE, Japan; 4. Korea Institute for Information Security and Cryptology (KIISC), Korea; 5. Chinese Cryptology and Information Security Association (CCISA), Taiwan; 6.
Taiwan Information Security Center (TWISC), Taiwan Ƕ Ԝ ۛ җ В ҁ ύ ѧ ε Ꮲ (Chuo University)Prof. Hideki Imaiǵᗬ୯ቼᅚεᏢ(Kyung Hee University) Prof. Man Young Rhee ϷѠύ ѧࣴز(Academia Sinica)ၗૻ܌܌ߏቺଣγӅӕᏼҺεᄪ៉Ьৢǹadvisory committee ԋ
ࣁ Chin-Chen Chang (Feng Chia University, Taiwan)ǵSakurai Kouichi (Kyusyu University, Japan)ǵ Heung Youl Youm (Soonchunhyang University, Korea)Ƕ
3
Β
Βǵεำ
ҁۛӅԏᒵ 43 ጇፕЎǴځύ 14 ጇፕЎٰԾܭВҁǵ6 ጇፕЎٰԾܭᗬ୯ǵ13 ጇፕЎٰ
ԾܭεഌϷ 10 ጇፕЎٰԾܭѠǶךॺޑፕЎȨAn Unconditionally Secure Lightweight RFID Authentication Protocol with Untraceabilityȩҭᕇளҁۛന٫ፕЎǶεҭᗎፎ 3 ՏৎᏢޣՉ
ᚒᄽᖱǴϩձࣁ Hideki Imai ( University of Tokyo, Japan)ǵѠύѧࣴزଣၗૻ܌܌ߏቺଣ γǵFangguo Zhang (Sun Yat-Sen University, China.)Ǵว߄ޑፕЎӜᆀǵբޣϷᗎፎᄽᖱϐ၁ಒϣ
ӵΠӈำ܌ҢǶ
Thursday, August 5, 2010
09:00~09:15
Opening Ceremony (at Multi-function Conference Hall) Dingyi Pei (Guangzhou University, China)
Mingwu Zhang (South China Agricultural University, China)
09:20~09:35 Group Photo (at Zhuyuan Hotel)
9:40~10:10
Keynote Speech (at Multi-function Conference Hall)
Cryptography in the new era of ICT Hideki Imai (Chuo University / AIST, Japan炸
10:15~10:45 Man Young Rhee (Kyunghee University, Korea)
10:45~10 55 Coffee Break
10:55~12:00
Session 1A Application Security 1 (at Multi-function Conference Hall)
Session 1B Security Analysis 1 (at Bamboo Garden of Hope Hall) Design and Implementation of Forensic
System in Android Smart Phone Xinfang Lee, Chunghuang Yang,
Shihjen Chen, Jainshing Wu
Password Sniff by Forcing Keyboard to Replay Scan Codes Kyungroul Lee, Youngtae Choi, Hyoungjun Yeuk, Kangbin Yim An efficient and Robust scheme for
Secure Communication between a Set-top Box and a Smart Card in IPTV
Services
Hyunwoo Choi, Heungyoul Youm
Security Analysis of Cryptographic Protocols with trust party Based on
Fine-grained Freshness Zhengjie Cheng, Kefei Chen, Xuejia
Lai Examination about the application to the
color image of the digital watermark based on Benford’s Law Kazuomi Noda, Yoshifumi Ueshige,
Kouichi Sakurai
Effective Falsification Attack on WPA-TKIP by Modifying Any
Packet to QoS Packet Yosuke Todo, Toshihiro Ohigashi,
Masakatu Morii Loitering Detection Based on Pedestrian
Models
A Study on Temporal Key Recovery Attack on TKIP Using RC4's Weak
4
Chen, and Kouichi Sakurai Ryoichi Teramura, Toshihiro Ohigashi, Masakatu Morii
12:05~13:05 Lunch (at Zhuyuan Hotel)
14:00~14:30
Keynote Speech (at Multi-function Conference Hall) Dertsai Lee (Academia Sinica, Taiwan)
14:40~15:45
Session 2A Authentication (at Multi-function Conference Hall)
Session 2B Security Management (at Bamboo Garden of Hope Hall)
An Efficient and Privacy Protection Authentication Scheme For Low-cost
RFID Tags
Wenshenq Juang, Huichin Tseng
A Secure Key Management Scheme for Multi-Agent base Sensor Cloud
Computing in Wireless Network Dongbum Lee, Kwangwoo Lee, Seungjoo Kim, Woong Go, Dongho
Won, Jin Kwak
An Improved Anonymous Password Authenticated Key Exchange Schemes
Dexin Yang, Bo Yang
Digital Rights Management Scheme with Privacy Protection Signature without Communication with Home
Server
Yajun Jiang, Mingwu Zhang, Bo Yang
An Unconditionally Secure Lightweight RFID Authentication Protocol with
Untraceability
Hungyu Chien, Jiazhen Yen, Tzongchen Wu
An Anonymous Credential System Based On Short Signature Scheme
Tao Lei, Bo Yang
Construction and Performance of Robust Fingerprint Key Extractor
Ximing Li, Bo Yang
A New Merkle-tree Based Intrusion Prevention Mechanism with Weak Authentication for Wireless Sensor
Networks
Chihhung Wang, Tzuchieh Wei
15:45~15:55 Coffee Break
15:55~17:15
Session 3A Multiparty Protocols (at Multi-function Conference Hall)
Session3B Boolean Functions and Algorithm
(at Bamboo Garden of Hope Hall) Oblivious Transfer and Secure
Computation of Set Intersection and Union with ORPF in The Presence of
Malicious Adversary
Improvement of Inversion Computation based on Binary GCD
Method using Coefficient Tables Tsutomu Ishida, Tomoyuki Nagase,
5
An efficient Compiler from §-Protocol to Deniable Zero Knowledge in CRS Model Guifang Huang, Lei Hu, Dongdai Lin
Design and Analysis of Another Left Shift Binary GCD Algorithm
D. J. Guan, Yanheng Chen An Efficient Electronic Cash Scheme
With Multiple Banks Using Group Signature
Wenshenq Juang, Yichun Yeh
On Resistance of Boolean Functions to Fast Algebraic
Attacks Yusong Du, Dingyi Pei RFC Supported Implementation of Key
Generation Center for Identity-based Encryption
Akira Kanaoka, Takuya Houri, Eiji Okamoto
On Designated-weight Boolean Functions with Highest Algebraic
Immunity
Meicheng Liu, Yusong Du, Dingyi Pei, Dongdai Lin
Efficient 1-Out-n Oblivious Transfer Schemes Based on EDDH Assumption
Huawei Huang, Chunhua Li, Bo Yang
Implementation of Schoof’s Algorithm on the Windows
Platforms
Huiting Hsieh, Chunghuang Yang
Friday, August 6, 2010
09:00~09:30
Keynote Speech (at Multi-function Conference Hall) Fangguo Zhang (Sun Yatsen University, China)
09:35~10:25
Session 4A Application Security 2 (at Multi-function Conference Hall)
Session 4B Security Analysis 2 (at Bamboo Garden of Hope Hall) Layered Protection Scheme using
Postcompression-based Method for Scalable Media Transmission Hyeokchan K on, Jaehoon Nah,
Dongil Seo
Principal Component Analysis of Botnets Takeover
Hiroaki Kikuchi
Hiroaki Kikuchi, Shunji Matsuo, Masato Terada
A Malware Classification Method Based on Threaded Function Call
Traces
Junji Nakazato, Jungsuk Song, Masashi Eto, Daisuke Inoue, Koji
Nakao
Towards Real-time JavaScript Deobfuscation for Analysis Purposes
Gregory Blanc, Youki Kadobayashi
Malware Sandbox Analysis with Formal Analysis on RFID
6
Responses using Dummy Client Takahiro Kasama, Katsunari Yoshioka, Tsutomu Matsumoto, Masaya Yamagata, Masashi Eto,
Daisuke Inoue, Koji Nakao
Kuohui Yeh, N.W. Lo, Tzongchen Wu
10:25~10:35 Coffee Break
10:35~11:30
An Implementation of a Malware Collection and Data Sharing System
Based on Honeypot Chihhung Lin, Chunghuang Yang,
Shihjen Chen, Jainshing Wu
Detection technique of Denial of Service attack using Incomplete HTTP
GET request
Jintae Oh, Donggue Park, Youri Lee, Donggeun Yun, Jongsoo Jang,
Jaecheol Ryou
Trusted Sanitizable Signature Wenchung Kuo, Jiinchiou Cheng,
Yenhung Lin
An enhancement of trusted domain enforcement for dynamic protection of
virtual cluster using live migration Ruo Ando, Youki Kadobayashi,
Yoichi Shinoda
A Note on Ramp Secret Sharing Schemes from Error-Correcting Codes
Qi Chen, Dingyi Pei
On the Applicability of a DBI-Based Generic Unpacking Implementation Hyung Chan Kim, Daisuke Inoue,
Masashi Eto, Jungsuk Song, Koji Nakao
Ο
Οǵ ǵᗎፎᄽᖱᄔा
εԜԛᗎፎ 3 ՏৎᏢޣՉᚒᄽᖱǴځύѠڙᗎޑᏢޣࣁύࣴଣၗૻ܌ቺଣ γǴଣγҭࣁ TWISC ᕴєΓǶӚঁᗎፎᄽᖱᚒҞᆶϣᄔӵΠǺ
(1) ᄽᖱᚒҞǺCryptography in the new era of ICT ᖱ ޣǺHideki Imai, Chuo University, Japan
ϣᄔाǺThe new era of Information and Communication Technology symbolized by ubiquitous communications and cloud computing, a new direction of cryptography must be explored again to make it fit for the era. To give some suggestions for the direction, I will talk about standardization of cryptography, highly secure cryptography, light-weight cryptography, comprehensive security of cryptographic systems, and expansion of cryptographic functions.
(2) ᄽᖱᚒҞǺOn Granular Access Control of Secure Messaging Scheme ᖱ ޣǺDer-Tsai Lee, Academia Sinica, Taiwan.
7
being processed in practice today. For example, when we shop on-line or conduct electronic transactions, we are asked to fill out detailed personal information to fulfill the requirement of an on-line transaction. This information will be collected by the on-line retailer. Some of this personal information will be propagated to downstream vendors, such as logistics, among others. Worse yet, we need to dispense our personal data to every e-retailer we patron with, so our precious data is scattered and stored in many places where we donȷt have absolute trust or knowledge about the security credentials of these data collectors. If any link fails to safeguard our precious personal data, the damage is almost irrevocable, resulting in problems such as identity theft. We will discuss in this talk a possible remedial mechanism to minimize this data aggregation problem, and propose a new secure messaging scheme for delivering sensitive data.
(3)ᄽᖱᚒҞǺOblivious Transfer with Timed-Release Properties ᖱ ޣǺFangguo Zhang, Sun Yat-Sen University, China
ϣᄔाǺOblivious transfer (OT) is an important primitive used in many cryptographic protocols.
Some variants of OT or OT with some properties also have many applications, such as conditional oblivious transfer (COT), restricted adaptive OT, etc. The goal of timed-release cryptography is to encrypt a message so that it can not be decrypted by anyone before the release time. It means ȸsending information to the futureȹ. We will consider two new types OT with timed-release properties: One is an OT with timed-release receiver's privacy. This new type of OT achieves this functionality: after the protocol the receiver can only obtain the messages of his choices from the sender, and the sender can get to know the receiver's choice after a designated future time. So the receiver's privacy is just protected within a period of time. We also present a concrete scheme combining Tzeng's OT scheme with Casassa Mont et al.'s timed-release encryption scheme. Another is timed-release oblivious transfer. In the protocol, after the receiver makes queries for some messages of his choices to the sender and successfully receives the corresponding responses, if and only if a release time T passes, the receiver can open the messages.
Meanwhile, the sender will not get to know which messages the receiver requests.
Timed-release OT can be applied into some special circumstances that the traditional OT cannot. We import a time server into the protocol to achieve the functionality of timed-release OT. To give a generic construction for the protocol, a primitive called verifiably ID-based encrypted blind signature is presented as a basic building block.
Finally we also propose a concrete scheme to realize the protocol.
Ѥ
Ѥǵ ǵፕЎว߄ᄔा
ҁۛӅԏᒵ 43 ጇፕЎǴӅϩࣁ 8 ঁԛ(session)Ƕךॺޑว߄ፕЎᄔाӵΠǺ
(1)ፕЎᚒҞǺAn Unconditionally Secure Lightweight RFID Authentication Protocol with Untraceability բ ޣǺHung-Yu Chien, Jia-Zhen Yen, and Tzong-Chen Wu
8
nature of these tiny RFID tags, security threats and privacy issues become the major concerns for those users carrying these tags. Recently, Alomair et al. proposed an unconditionally secure mutual authentication protocol, called the UCS-RFID protocol, for RFID systems. In their proposed protocol, the tag performs only simple modular multiplication operation without any support of random number generation. These merits make it very attractive to practical applications especially for low-cost tags. However, Almomair et al.’s protocol does not achieve backward untraceability. This paper shows the weakness inherent in the USC-RFID protocol, and extends it to provide untraceability in the presence of key compromise.
(2)ፕЎᚒҞǺFormal Analysis on RFID Authentication Availability բ ޣǺKuo-Hui Yeh, Nai-Wei, Lo, and Tzong-Chen Wu
ϣᄔाǺRegarding to the nature of low-cost RFID tags on security vulnerability, RFID research community has made significant progress on authentication design in recent years by introducing various lightweight RFID authentication protocols to provide robust system security and strong privacy protection. However, a dedicated formal security-provable model for RFID authentication design with resource-restricted tag is required to explore the security insight of lightweight authentication design in detail. In this paper we construct a security analysis model based on service availability evaluation for lightweight RFID authentication. The contribution of our study is summarized in three aspects. First of all, we introduce a formal definition of service availability for RFID authentication.
Secondly, we demonstrate how to apply our proposed formal definition to evaluate service availability of an RFID authentication protocol through adversarial experiments. The third, we show that the proposed service availability experiment can identify security vulnerabilities of existing RFID authentication schemes. In other words, these proposed protocols cannot guarantee authentication availability from an RFID system point of view.
ϖ
ϖǵ ǵ่ፕ
ҁۛ JWIS ࣬༝ᅈǴନΑѠǵВǵᗬǵεഌޑ௲ᆶᏢғว߄ፕЎϷҬࢬѦǴεৎၸ
٤ϕᇡВǵᗬǵεഌӦޑၗ೯ӼӄᏢޣᆶࣴزғǴࡌҥᏢೌҬࢬᆅၰǶӆޣǴҗύࣴଣ
ଣγޑᄽᖱǴаϷѠ 10 ጇၗӼ࣬ᜢࣴزፕЎޑว߄ǴᡣВǵᗬǵεഌᏢޣΑှѠӧஏዸፕ ᆶၗӼמೌޑวݩǴԋфӦՉၗӼᏢೌѦҬǶΠۛ JWIS2011 ஒӧВҁᖐᒤǶ ߕᒵ 1. “An Unconditionally Secure Lightweight RFID Authentication Protocol with Untraceability”
Hung-Yu Chien, Jia-Zhen Yen, Tzong-Chen Wu [Best paper award]
ߕᒵ 2. “Formal Analysis on RFID Authentication Availability,” Kuo-Hui Yeh, Nai-Wei Lo, Tzong-Chen Wu