A new approach is presented that allows a user agent to compute a compact browser cookie-like character string (called Geocookie) for a third party, whereby for any given geographic location the third party can either infer that the location is definitely not covered by the Geocookie, or it can infer that the location is probably covered by the Geocookie, depending on whether the user agent has or has not included the location beforehand. The approach extends the concept of a Bloom filter and combines it with Geohashes, thus making it possible to store information about visited geographic locations in the filter. Geocookies can be used in many different scenarios for location-based queries and location-based services, whenever a user agent wants to inform a third party about a set of visited locations such that the third party can compile a result that either favors or excludes these locations. In contrast to existing approaches such as session cookies that are mapped to server-sided stored location trajectories, Geocookies provide a compact and privacy-preserving structure which does not reveal the actual set of all visited locations, but provides a one-way check function which can be used by the third party to evaluate given locations against the Geocookie. In addition, Geocookies provide plausible deniability in case of location matches. This paper introduces a formal definition for Geocookies together with a discussion on practical applications and embedding into HTTP headers.

View full abstract

While search engines have demonstrated improvements in both speed and accuracy, their response time is prohibitively long for applications that require immediate and accurate responses to search queries. Examples include identification of multimedia resources related to the subject matter of a particular class, as it is in session. This paper begins with a survey of collaborative recommendation and prediction algorithms, each of which applies a different method to predict future search engine usage based on the past history of a search engine user. To address the shortcomings identified in existing techniques, we propose a proactive search approach that identifies resources likely to be of interest to the user without requiring a query. The approach is contingent on accurate determination of similarity, which we achieve with local alignment and output-based refinement of similarity neighborhoods. We demonstrate our proposed approach with trials on real-world search engine data. The results support our hypothesis that a majority of users exhibit search engine usage behavior that is predictable, allowing a proactive search engine to bypass the common query-response model and immediately deliver a list of resources of interest to the user.

View full abstract

A realistic evaluation model that simulates a realistic variation in latency between a large number of Internet nodes is attracting attention for use in simulation studies on large-scale distributed networks (e.g., CDN & on-line gaming). Therefore, we are attempting to build a new evaluation model by applying time series analysis using an ARIMA model and a Euclidean embedding technique to a dataset obtained from a global scale measurement service for this study. The proposed evaluation model not only generates accurate time series data of the latency of each path on the Internet, but also avoids unrealistic behaviors related to the spatial distribution of latency (i.e., triangle inequality violation). Furthermore, the performance of a representative distributed latency management and prediction system is evaluated through computer simulations as a use case of the proposed evaluation model. The evaluation results helped us to clarify whether or not the proposed model can correctly disclose the impact of the dynamic latency variation on large-scale distributed systems. An example program of the proposed evaluation model is found in an Appendix of this manuscript.

View full abstract

The Installation and maintenance costs of dedicated interconnection networks for PC cluster are still expensive, and they tend to increase the specializations and complexities in comparison with Ethernet due to dedicated protocols and libraries to draw their hardware performance. The porting works from Ethernet system to dedicated system need lots of time and manpower. This paper proposes a simple and portable method, PMCME, that improves the PC cluster performance only by loading the proposed module. The existing systems can easily and cheaply introduce PMCME. The basic idea is that the performance of PC clusters increases by improving the total bandwidth of the streams running concurrently on each node even if the bandwidth of each stream does not increase. PMCME performs better than IEEE802.3ad (LACP) without the LACP supported switches. LACP performance is influenced by the network parameters such as IP addresses and MAC addresses because it uses them as hash keys for distribution policy. On the contrary, PMCME shows the stable performance regardless of them.

View full abstract

Due to the prevalence of sensors such as security cameras or environmental monitoring, sensor data stream delivery which means delivering the observed data continuously attracts great attention. For sensor data stream delivery, various methods to distribute communication loads in the case of delivering the same sensor data streams to multiple clients have been studied. Although these methods assume that the sensor data streams have the same data delivery cycles, data delivery cycles sometimes differ. Hence, we propose a P2P-based method to distribute communication loads in the case of delivering the sensor data streams that have different data delivery cycles. The proposed method distributes communication loads by redelivering the sensor data that have the same delivery time but are included in different sensor data streams. We evaluated the effectiveness of the proposal in simulations and confirmed the load distribution in the case of many receivers at the same time.

View full abstract

In the current network environment, access federations are proving very effective for building trustworthy and efficient service environment. However, operating federations causes some delicate problems regarding trust and security. Among the problems, privacy occupies an essential role in trust building for individual users. Conventionally, privacy aware technologies are concerned with providing anonymity. However, as privacy is understood as the right to control one's own information, and as better services are provided if some privacy information is provided, appropriate hiding and disclosing one's own information is considered more significant. Today, there are considered a wide variety of privacy usages for business, and because such scenarios have their own problems which must be separately solved, uniform “privacy aware technologies” are hard to conceive. They tend to be a collection of ad hoc technologies. In this paper, we consider a scenario of newspaper subscription with student discount. The proof that a subscriber is a student is sent to a newspaper provider from a university identity provider. We consider this scenario in order to extend the menu of services available in a university. Specifically, we explore technologies of proxies that include provision of anonymity and building of trust in a federation. We propose two solutions: SII-like agents, and cascading proxies to envision the privacy protection in this scenario. Their Web profiles are defined and implemented. Moreover, it is proved that both approaches effectively work to protect privacy.

View full abstract

Identity federation is rapidly spreading, especially in the academic world. In identity federation users' credentials are stored only at their own organization, while the identity system provides authentication results and attributes to various online services, including cloud services that are hosted outside the user's organization. Attribute aggregation is a generalization of basic identity federation that allows a user to collect attributes from multiple authoritative sources. Group membership information is one of use cases, which is necessary to collaborate e.g., in an inter-organizational group. Despite the importance of privacy in identity federation, conventional methods of attribute aggregation require some identifier for a user to be shared among unrelated services, which makes correlation of user activity possible across the services. This privacy issue makes large-scale deployment of collaboration environments built on identity federation difficult. This paper proposes a new attribute aggregation method which does not require any shared identifier for services. The method has been implemented and validated as an extension of an open source federated identity software, Shibboleth. We also provide consideration about practical use of this new attribute aggregation method and comparison with existing technologies.

View full abstract

Recently, many spam mails associated with “One-click fraud, ” “Phishing, ” and so on have been sent to unspecified large number of e-mail users. According to some previous works, most spam mails contained some URLs whose domains were registered relatively recently, such that the age of the domain used in the URL in the messages would be a good criterion for spam mail discrimination. However, it is difficult to obtain the age or the registration date of a specific domain for each message by WHOIS service since most WHOIS services would block frequent queries. In this paper, we propose a domain registration date retrieval system, which updates zone files of some Top Level Domains (TLDs) every day, keeps track of the registration date for new domains, and works as a DNS server that replys with the registration date of the queried domain. According to the performance evaluation, the prototype system could update the registration date for all the domains of “com” TLD in two hours.

View full abstract

In this paper, we propose a web synchronization method (WSM) to share operation data on a browser and synchronize output time of data among browsers in browser-based communications such as video conferencing and remote control services. WSM continually provides users with an environment for smooth browser-based communications even if users are in a heterogeneous environment where network delay and rendering time among browsers fluctuate. This fluctuation causes the difference of output time among browsers and a lack of synchronization (out-of-synchronization). This is perceived as being somewhat strange, or even annoying. Several methods have been studied to prevent out-of-synchronization for streaming content such as video and voice data. WSM synchronizes the output time of streaming content and/or non-streaming content after sharing browser operations (e.g., page movement) among conversational partners. WSM also maintains synchronization of the output time even if a device is connected to different access networks during a conversation. Synchronized output is realized by controlling the time to notify each browser of browser operations, and by controlling the time to send and output web content according to the network delay and rendering performance. For considering feasibility, WSM works on a web browser and does not need additional software. We implemented a prototype system and measured the difference in the output time among browsers. The results show that WSM achieves web synchronization within 300ms while the target time was 320ms.

View full abstract

This paper provides a new device specification method, for file sharing among multiple partner devices on that spot (e.g., a meeting picture of a social gathering) and so forth. This is because the past representative solution of inputting or selecting the partner device address (e.g., e-mail address) sometimes irritates users and causes an operation error. The problem to be solved is the development of the method that satisfies the four requirements for the above use case: no need of awareness of the device address by users, simultaneous specification of multiple partner devices, differentiation of a device of a stranger, and no need for pre-planned infrastructure. To solve the problem, our method uses an operation of holding the user device in a hand and describing a circle in the air to surround the partner devices. During this operation, the devices exchange acoustic waves and generate the Doppler Effect. By analysis based on the Doppler Effect, the user can specify only the multiple devices that have been circled. Acoustic waves contribute to the relatively accurate detection of the Doppler Effect, due to their slower propagation velocity than that of electronic waves, e.g., Bluetooth and Wi-Fi. We explain the proposed method in detail, and measure its performance via an implemented application. The experimental results show that it enables the simultaneous specification of multiple devices located in the range within 10 degrees from the direction of the user operation, while distinguishing a device of a stranger located in the range larger than 45 degrees. In the above use case, after putting partner devices on a table, the proposed method of this performance satisfies the four requirements, even if a device of a stranger is located at the next table. Thus, this paper concludes that the proposed method is practical for the above use case.

View full abstract

With the adoption of Standardized Electronic Health Records (EHRs) databases, recent research studies consider - standardization and interoperability. At the same time the need for querying (the archival data) is becoming important. The complex and dynamic nature of these databases give rise to several usability challenges. This study aims to reduce the gap between the designed application flow and user work-flows (anticipated by them) within the system. Moreover, in the case of standardized EHRs databases, there is a need to reduce the dependency on post-release user-feedbacks and surveys. This will facilitate the task of system redesign (and re-engineering). We assume that socio-technical features of the users and their usage-patterns over the standardized EHRs databases are correlated. Therefore, we propose the application of user-centric design and automated usability support for the standardized EHRs databases. It provides an insight for improving the system on a continuous basis.

View full abstract

To improve reliability of IP networks against link/node failure, several IP fast reroute schemes have been proposed so far. They proactively compute backup paths and activate them when failure occurs to prevent packets from losing at the failure link/node. However, it is known that network performance considerably degrades in the failure state of IP fast reroute schemes, because congestion hot spots often appear near the failure link/node. In this paper, we propose a reactive load balancing method that can be applied to the major IP fast reroute schemes that covers single failure. Our scheme works when an IP fast reroute scheme is activating its backup paths, and reduces the degradation of network performance due to failure. In our load balancing scheme, with the overhead of a few bit field on packet header, we can largely reduce the performance degradation in the failure state and mostly keep the throughput as it was in the normal state where no failure exists.

View full abstract

Misuse case model and its development process are useful and practical for security requirements analysis, but they require expertise especially about security assets and goals. To enable inexperienced requirements analysts to elicit and to analyse security requirements, we present an extension of misuse case model and its development process by incorporating new model elements, assets and security goals. We show its effectiveness from the quantitative and qualitative results of a case study. According to the results, we conclude the extension and its process enable inexperienced analysts to elicit security requirements as well as experienced analysts do.

View full abstract

The study presents an interaction system named SensorTank, which can detect the position and volume of objects such as human feet inserted into water. SensorTank is designed to be used as an interactive water vessel interface in which three-dimensional interactions occur. Feedback is provided by visual, auditory, and thermal sensations. For detection of inserted objects, combinations of phototransistors and red lasers that form sensing units are arranged on four sides of the vessel. Signals given from the phototransistors are interfaced via an Arduino Uno microcontroller and a multiplexer circuit. An elementary application has been implemented to illustrate the use of the tank for foot gestures, and early experimental results suggest that the proposed mechanism is both feasible and practical even under murky water conditions.

View full abstract