K. Nakao

Bio: K. Nakao is an academic researcher. The author has contributed to research in topics: Generic Security Service Algorithm for Secret Key Transaction & SSLIOP. The author has an hindex of 1, co-authored 1 publications receiving 8 citations.

Proposal on a secure communications service element (SCSE) in the OSI application layer

Abstract: Under the increasing demand for secure communications, the existing security techniques cannot fulfil the requirements for security satisfactorily. A number of study items are identified in this area; however, one of the major targets is to realize security services in the open systems interconnection (OSI) communication environment. In response to this need, the secure communication service element (SCSE) is proposed in the OSI application layer as a new type of common application service element to provide the security services of peer-entity authentication, data confidentiality, and data integrity. As for the peer-entity authentication service, the overall authentication protocol between the peer SCSEs is proposed by using the underlying association control service element authentication procedure. Regarding the data integrity and confidentiality, the SCSE transfer service is introduced to cover all the requirements for these services to the extent of the selective field services and the recovery for integrity errors. >

Deterministic user authentication service for communication network

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station.

Process for verifying the preservation of the integrity of an unprotected request sent by a client to a server by verifying the integrity of the response

Abstract: The present invention relates to a process for verifying the preservation of the integrity of an unprotected request sent by an anonymous client to a server, in which only one public key, that of the server, is used. This process is remarkable in that the anonymous client sends, along with his request, a flag which specifies whether or not the server must offer an absolute guarantee of non-repetition of the requests received as well as a unique number, that is, a number which never repeats or has a low probability of repetition, consisting either of a random number with a low probability of repetition or the concatenation of a time indicator and a random number with a certainty of non-repetition, the verification of said integrity being performed during the reception of the response to the request, for which reason the global response includes the response to the request plus the result of a one-way compression function applied to the request, flag and unique number combination, the integrity of the global response moreover being protected either by means of the public key of the server used as a signature key, or by means of a private key established using the public key of the server as an encryption key.

Security considerations in a network management environment

Abstract: Considers the security aspects of communication between two management processes operating in different management domains; identifies two major risks: the security of information exchanged during the management association, and control of access to the management information base (MIB); and enumerates the various threats that must be guarded against and possible methods of attack. Security techniques, including symmetric and public key cryptosystems, are employed in the design of a method of achieving a secure management association. A scheme of authorization control for MIB access is developed. The management of an open system's network resources takes place in the context of a management association. The resources themselves are controlled by an agent process which presents a view of these resources to the outside world as a number of managed objects, each of which contains a number of attributes. The collection of objects presented to the outside world by the agent is known as the MIB. A manager process regulates the operation of the managed resources by engaging in a management association with the agent and instructing it to carry out simple operations on elements of the MIB. Within a single management domain where all processing nodes and network links are under the control of the same administration, security is not such a critical issue. However, when the management association takes place across the boundary between two separate management domains, and make use of public data networks, security issues must be considered in greater detail. >

Client server verification and conservation of integrity of request

Abstract: The integrity verification and conservation method involves using a flag emitted by the client with its request, and also a unique number sent by the client. The flag indicates whether the server should or should not offer a guarantee of non-repetition of received requests. The unique number indicating probability or time delay before repetition of the request. The request integrity is obtained when the server's response to the request is received. The information sent with the client request is processed with an algorithm and the result returned to the client. The preferred processing is to apply the server's private encryption key, which allows verification using the server's public encryption key.

Implementation and Evaluation of SCSE for OSI Secure Communications

Abstract: The authors have proposed a secure communications service element (SCSE) which can provide such security functions as authentification, information confidentiality, and data integrity (prevention of data modification), as application service elements (ASE) in the open-type system interconnection(OSI) application layer. The proposal is evaluated highly from the viewpoint of OSI protocol design technique to realize the security function. This paper attempts to verify the realizability of the proposed SCSE and the applicability to OSI communication. Further, it reports on the design of the SCSE software package and the implementation/evaluation. In the implementation/evaluation of the proposed package, especially, it is intended to demonstrate the applicability to OSI communication applications. As typical examples of SCSE applications, file transfer access and management (FTAM) assuming the totally duplicate communication function in the session layer, as well as document transfer and manipulation (DTAM) assuming the use of the semiduplicate communication function are adopted. Through the verification experiment such as the measurement of the processing load, the practical usefulness and the applicability of SCSE are evaluated. As a result, it is shown that the efficient OSI security communication system can be realized by SCSE. Since the proposed approach can be applied to the totally duplicate and the semiduplicate communications, it is shown that the method is applicable to all OSI communication applications.