Taiwan-Japan Joint Workshop on Information Security

î•ñƒZƒLƒ…ƒŠƒeƒBŒ¤‹†Žº > Œ¤‹†Œð—¬Šˆ“® > Taiwan-Japan Joint Workshop on Information Security
DateF26th, May, 2008
PlaceFTaiwan Information Security Center at NTUST
ParticipantFAbout 30`40
  (TWISC) Prof.Chen-Mou Cheng, Prof.Shi-Cho Cha, Prof.Yuh-Jye Lee, Prof.Chao-Chi Chan, 
  (ISIT) Prof.Sakurai, Dr.Takahashi, Dr.Hashimoto, Mr.Fujii
  (Kyushu Univ.) Miss B.H. Chou
  (Cubic Corporation) Dr. Michael W.David
  


We held on Taiwan-Japan Joint Workshop on Information Security.

Program: 9:00`17F00
--------------------------------------------------------------------------------------------
Analysis of possible attacks on tame transformation signatures
Prof. Chen-Mou Cheng
-TTS (tame transformation signatrues): proposed in 2002; published
at ICISC 2003, CHES 2004, ACISP 2005, SPC 2006.
-The last updated version is v. 6, 2006; fast specialization of rainbow
-There exist previously known attacks on TTS, such as side channel
attacks, MQ-multivariate quadratics direct attacks..
-Authors analyze another attack named reconciliation attack on TTS.
-The result shows TTS(16, 22): 2^47 mults, can break in 4 days;
TTS(20, 28): 2^56 mults, maybe can break in 10 years.

--------------------------------------------------------------------------------------------
On construction of signature schemes based on birational permutations
over noncommutative rings
Dr. Y. Hashimoto
-Ong-Schnorr-Shamir's (OSS) signature scheme proposed in 1984,
was broken by Pollard Schnorr (1987).
-There are improvents of OSS: multivariate version [Shamir, 1993] and
quaternion (noncommutative) version [Satoh-Araki, 1997].
-But Coppersmith broke quaternion OSS signature by using several
special properties of the quaternion algerbra.
-Thus, the aim of the presentation is to give further extensions of them.

--------------------------------------------------------------------------------------------
Intrusion detection and event analysis (IDEA)
Prof. Yi-leh Wu
-IDEA is an intrusion detection and event correlation system.
-It can recognize unknown patterns by using machine learning and
data mining approaches.
-I also has adaptive and incremental learning to reduce the cost of
cold start phase
-Security news collection for dealing with zero-day attacks
-There are on-line demo links
http://discover.ece.cmu.edu:8000/base/base_main.php
http://ideas.icast.org.tw

--------------------------------------------------------------------------------------------
A Proposal of Third-parties support for intrusion detection
Mr. M. Fujii
-A model relying on nofications from third-parties is proposed.
-By defining the policies which describe legitimate accesses to
judge access are legitimate or not.

--------------------------------------------------------------------------------------------
An efficient and flexible way to protect privacy in RFID environment
with licenses
Prof. Shi-Cho Cha
-Current RFID privacy enhancing techonologies do not focus on the
processes for customors to achieve agreements with organizations
about RFID activities.
-Authors proposed to protect privacy in RFID environment with licenses,
-The method provides an efficient and flexible way to obtain licenses
before collecting a person's data via RFID technologies.
-The licenses can further be checked automatically to ensure that the
collection and use of a person's data is strictly under the person's
consent.

--------------------------------------------------------------------------------------------
A self-protection approach for user-responsible privacy
Dr. K. Takahashi
-Service providers decide anything of user's information use in the
existing systems, which means that users cannot be concerned with
it.
-Authors propsoed a framework that users can protect thier information
in their manner.
-Users can make a decision of their information processing manner,
and can protect their information with their responsibility.

--------------------------------------------------------------------------------------------
Developing e-Business defense strategies on virtualized networking
environment
Prof. Chao-Chi Chan
-Authors use the art of war by Sun Tzu to design its defense strategies,
-They show there are different strategies in attacker's and defender's view.
All these are learned from the art of war.
-Attakers strike at weak points, and attack unexpected spots. (they use
STRIDE and DREAD as their threat model.
-Defender should know enemy and yourself to develop the defense
strategies.
-They implemented their model in the virtualized environment.

--------------------------------------------------------------------------------------------
Study of volatile data acquisition for live forensics
Bin-Hui Chou
-The definition of live forensics and the difference between live and
traditional forensics are introduced.
-There are hardware based and software based methods in live forensics.
It is expensive in hardware methods while the reliability of evidence is
questionable in software methods.
-Authors attempt to use virtualization to find a way for live forenscis,
which may improve the shortcomings both in hardware and software
methods.

--------------------------------------------------------------------------------------------
Integrated security for the nuclear power infrastructure
Dr. Michael David
-Authors introduce the SCADA system (supervisory control and data
acquistion system).
-SCADA stands for a central system that monitors and controls a complete
site.
-SCADA computers monitor and control the flow of electricity across the
nation's power grids. They turn pump switches on and off to make oil and
gas and water pipelines flow.
-But there are threats on SCADA, e.g., terrorists were researching SCADA
systems.
-Elements of integrated security for ciritcal infrastructure access control and
network security are required.
-Cyber intelligence analysis center to counter cyber terror.
-Biometrics physical and logical access control and secure ID system
-Imrpoved statistically based intrustion detection system to detect
and mitigate
against SCADA DDOS attacks.

------------------------------------------------------------------------------------------------
This is a joint workshop between ISIT and TWISC.
TWISC is a security organization in Taiwan, which is mainly
organized by NTUST (national taiwan university of science
and technology). The members of TWISC are from  professors
or specialists in security area from many university and research
centers.
The aim of the seminar is for the collaboration of Japan and
Taiwan to work together on some topics which both have interest
in, and they may contain intrusion detection, public key cryptosystem,
privacy information protection, energy infrastructure security, etc.
The participants in 5/26 include not only TWISC and ISIT members,
but also some students or people who are interested in this area.
TWISC posted the seminar information on the web site so that
people who are interested can register for the seminar for attendance.



ISITƒƒ“ƒo[’®u•—Œi
‹´–{Œ¤‹†ˆõ ‚‹´Œ¤‹†ˆõ “¡ˆäŒ¤‹†ˆõ


Copyright © 2008 Institute of Systems, Information Technologies and Nanotechnologies. All Rights Reserved.