|
Researchers
|
|
このページはJavascriptを使用しています。すべての機能を使用するためにはJavascript を有効にする必要があります。
MATSUMOTO Tsutomu
|
|
The University of Tokyo Department of Electronic Engineering Doctor Course Completed
Yokohama National University Department of Computer Science Master Course Completed
Yokohama National University Department of Electrical Engineering Graduated
Doctor of Engineering - The University of Tokyo
Duty Yokohama National UniversityFaculty of Environment and Information Sciences Division of Social Environment and Information Professor
Duty Yokohama National UniversitySchool of Engineering Professor
Duty Yokohama National UniversityGraduate School of Engineering Associate Professor
Duty Yokohama National UniversitySchool of Engineering Associate Professor
Duty Yokohama National UniversitySchool of Engineering Lecturer
Japan Society for the Promotion of Science Recearch Center for Science Systems, Researcher
National Institute of Advanced Industrial Science and Technology Research Center for Information Security Advisor
National Printing Bureau Researcher
International Association for Cryptologic Research
電子情報通信学会
Information Processing Society of Japan
日本セキュリティマネジメント学会
Informatics / Theory of informatics
Informatics / Software
Informatics / Computer system
Manufacturing Technology (Mechanical Engineering, Electrical and Electronic Engineering, Chemical Engineering) / Communication and network engineering
Others / Others / Information and Physical Security
電子株主総会の研究
岩村、神田(編)( Role: Joint author)
弘文堂
Language:Japanese Book type:Scholarly book
Coding Theory and Cryptography
( Role: Joint author)
World Scientific
Language:English Book type:Scholarly book
電子政府・電子自治体
多賀谷(編)( Role: Joint author)
第一法規
Language:Japanese Book type:Scholarly book
デジタル文書証明
( Role: Joint author)
NTT出版
Language:Japanese Book type:Scholarly book
情報処理学会(編), エンサイクロペディア情報処理2000/2001
( Role: Joint author)
オーム社
Language:Japanese Book type:Scholarly book
To Get Lost is to Learn the Way: An Analysis of Multi-Step Social Engineering Attacks on the Web
Koide Takashi, Chiba Daiki, Akiyama Mitsuaki, Yoshioka Katsunari, Matsumoto Tsutomu
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES E104A ( 1 ) 162 - 181 2021.1 [Reviewed]
Language:Japanese Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>Web-based social engineering (SE) attacks manipulate users to perform specific actions, such as downloading malware and exposing personal information. Aiming to effectively lure users, some SE attacks, which we call multi-step SE attacks, constitute a sequence of web pages starting from a landing page and require browser interactions at each web page. Also, different browser interactions executed on a web page often branch to multiple sequences to redirect users to different SE attacks. Although common systems analyze only landing pages or conduct browser interactions limited to a specific attack, little effort has been made to follow such sequences of web pages to collect multi-step SE attacks. We propose STRAYSHEEP, a system to automatically crawl a sequence of web pages and detect diverse multi-step SE attacks. We evaluate the effectiveness of STRAYSHEEP's three modules (landing-page-collection, web-crawling, and SE-detection) in terms of the rate of collected landing pages leading to SE attacks, efficiency of web crawling to reach more SE attacks, and accuracy in detecting the attacks. Our experimental results indicate that STRAYSHEEP can lead to 20% more SE attacks than Alexa top sites and search results of trend words, crawl five times more efficiently than a simple crawling module, and detect SE attacks with 95.5% accuracy. We demonstrate that STRAYSHEEP can collect various SE attacks, not limited to a specific attack. We also clarify attackers' techniques for tricking users and browser interactions, redirecting users to attacks.</p>
Other Link: https://ci.nii.ac.jp/naid/130007964807
Secure Cryptographic Unit as Root-of-Trust for IoT Era
MATSUMOTO Tsutomu, IKEDA Makoto, NAGATA Makoto, UEMURA Yasuyoshi
IEICE Transactions on Electronics 2021
Language:Japanese Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>The Internet of Things (IoT) implicates an infrastructure that creates new value by connecting everything with communication networks, and its construction is rapidly progressing in anticipation of its great potential. Enhancing the security of IoT is an essential requirement for supporting IoT. For ensuring IoT security, it is desirable to create a situation that even a terminal component device with many restrictions in computing power and energy capacity can easily verify other devices and data and communicate securely by the use of public key cryptography. To concretely achieve the big goal of penetrating public key cryptographic technology to most IoT end devices, we elaborated the secure cryptographic unit (SCU) built in a low-end microcontroller chip. The SCU comprises a hardware cryptographic engine and a built-in access controlling functionality consisting of a software gate and hardware gate. This paper describes the outline of our SCU construction technology's research and development and prospects.</p>
Other Link: https://ci.nii.ac.jp/naid/130007975932
Understanding the Fake Removal Information Advertisement Sites
Koide Takashi, Chiba Daiki, Akiyama Mitsuaki, Yoshioka Katsunari, Matsumoto Tsutomu
Journal of Information Processing 29 ( 0 ) 392 - 405 2021
Language:Japanese Publishing type:Research paper (scientific journal) Publisher:一般社団法人 情報処理学会 Joint Work
<p>Fake antivirus (AV) software is a type of malware that disguises as legitimate antivirus software and causes harm to users and their devices. Fake removal information advertisement (FRAD) sites, which introduce fake removal information for cyber threats, have emerged as platforms for distributing fake AV software. Although FRAD sites seriously threaten users who have been suffering from cyber threats and need information for removing them, little attention has been given to revealing these sites. In this paper, we propose a system to automatically crawl the web and identify FRAD sites. To shed light on the pervasiveness of this type of attack, we performed a comprehensive analysis of both passively and actively collected data. Our system collected 2, 913 FRAD sites in 31 languages, which have 73.5 million visits per month in total. We show that FRAD sites occupy search results when users search for cyber threats, thus preventing the users from obtaining the correct information.</p>
Other Link: https://ci.nii.ac.jp/naid/130008038622
Detecting and Understanding Online Advertising Fraud in the Wild
Kanei Fumihiro, Chiba Daiki, Hato Kunio, Yoshioka Katsunari, Matsumoto Tsutomu, Akiyama Mitsuaki
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS E103D ( 7 ) 1512 - 1523 2020.7 [Reviewed]
Language:Japanese Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>While the online advertisement is widely used on the web and on mobile applications, the monetary damages by advertising frauds (ad frauds) have become a severe problem. Countermeasures against ad frauds are evaded since they rely on noticeable features (e.g., burstiness of ad requests) that attackers can easily change. We propose an ad-fraud-detection method that leverages robust features against attacker evasion. We designed novel features on the basis of the statistics observed in an ad network calculated from a large amount of ad requests from legitimate users, such as the popularity of publisher websites and the tendencies of client environments. We assume that attackers cannot know of or manipulate these statistics and that features extracted from fraudulent ad requests tend to be outliers. These features are used to construct a machine-learning model for detecting fraudulent ad requests. We evaluated our proposed method by using ad-request logs observed within an actual ad network. The results revealed that our designed features improved the recall rate by 10% and had about 100,000-160,000 fewer false negatives per day than conventional features based on the burstiness of ad requests. In addition, by evaluating detection performance with long-term dataset, we confirmed that the proposed method is robust against performance degradation over time. Finally, we applied our proposed method to a large dataset constructed on an ad network and found several characteristics of the latest ad frauds in the wild, for example, a large amount of fraudulent ad requests is sent from cloud servers.</p>
Other Link: https://ci.nii.ac.jp/naid/130007867697
Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers
Sasaki Takayuki, Ganan Carlos Hernandez, Yoshioka Katsunari, Van Eeten Michel, Matsumoto Tsutomu
IEICE TRANSACTIONS ON COMMUNICATIONS E103B ( 4 ) 389 - 404 2020.4 [Reviewed]
Language:Japanese Publishing type:Research paper (scientific journal) Publisher:一般社団法人 電子情報通信学会 Joint Work
<p>Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.</p>
Other Link: https://ci.nii.ac.jp/naid/130007825038
「情報学を創る」情報セキュリティに関する総合的な研究 ― 科研「情報学」プロジェクトのセキュリティ研究を振り返って ―
情報処理 48 ( 4 ) 368 - 375 2007.4
Language:Japanese Publishing type:Article, review, commentary, editorial, etc. (scientific journal) Single Work
生体認証システムの脆弱性について―身体的特徴の偽造に関する脆弱性を中心に―
宇根正志
金融研究,日本銀行 24 ( 2 ) 35 - 83 2005.7
Language:Japanese Publishing type:Article, review, commentary, editorial, etc. (scientific journal) Joint Work
人工物メトリクスの評価における現状と課題
松本弘之, 宇根正志, 松本 勉, 菅原嗣高
金融研究,日本銀行 23 ( 別冊2 ) 61 - 140 2004
Language:Japanese Publishing type:Article, review, commentary, editorial, etc. (scientific journal) Joint Work
インフォメーションハイディングの概要
情報処理(情報処理学会誌) 44 ( 3 ) 227 - 235 2003.3
Language:Japanese Publishing type:Article, review, commentary, editorial, etc. (scientific journal) Single Work
通信におけるインフォメーションハイディング
井上大介, 鈴木雅貴
情報処理(情報処理学会誌) 44 ( 3 ) 254 - 259 2003.3
Language:Japanese Publishing type:Article, review, commentary, editorial, etc. (scientific journal) Joint Work
平成22年度文部科学大臣表彰 科学技術賞(研究部門)
2010.4
第4回情報セキュリティ文化賞
2008.3
NPO法人モバイル・コミュニケーション・ファンド 第5回ドコモ・モバイル・サイエンス賞 先端技術部門【優秀賞】 業績:「ディペンダブルな生体認証技術を築くためのセキュリティ評価技術の研究」
2006.10
平成18年度情報化促進貢献個人表彰 経済産業省商務情報政策局長表彰「情報セキュリティ促進部門」
2006.10
情報処理学会第6回コンピュータセキュリティシンポジウム (CSS2003) 優秀論文賞
2003.10
バイオメトリクスセキュリティ評価基準の研究開発
Cooperative Research within Japan
Project Year: 2003 - 2004
高セキュリティソフトウェアの開発(プログラム修正ツール実証実験)
Cooperative Research within Japan
Project Year: 2003 - 2004
高セキュリティソフトウェアの開発(プログラム修正ツール作成)
Cooperative Research within Japan
Project Year: 2003 - 2004
耐タンパーモバイル環境とその応用に関する研究
Cooperative Research within Japan
Project Year: 2002 - 2004
高セキュリティソフトウェアに関する研究
Cooperative Research within Japan
Project Year: 2002 - 2003
2023 Theory of Computation Ⅰ
College of Engineering Science
2023 Applied Security Informatics
Interfaculty Graduate School of Innovative and Practical Studies
2023 Security Informatics Ⅱ
Interfaculty Graduate School of Innovative and Practical Studies
2023 Security Informatics Ⅰ
Interfaculty Graduate School of Innovative and Practical Studies
2023 Basics of Information Technology Ⅰ
Interfaculty Graduate School of Innovative and Practical Studies
CRYPTREC暗号技術検討会
2016.4 座長
Committee type:Government
電子情報通信学会ハードウェアセキュリティ研究専門委員会
2018.4 委員長
Committee type:Academic society
「バイオメトリクス標準化調査研究委員会」WG6(日本規格協会INSTAC)
2003.5 - 2004.3 委員
Committee type:Other
情報セキュリティ戦略研究会(経済産業省)
2003 委員
Committee type:Other
耐タンパー性標準化調査研究委員会(日本規格協会)
2003 委員長
Committee type:Other
クローズアップ現代,NHK総合テレビ,2004-02-26, “生体認証”
2004.2
サイエンスZERO,NHK教育テレビ,2004-01-21, “バイオメトリクス”
2004.1
ニュースモーニングサテライト,テレビ東京,2003-11-04, “生体認証”
2003.11
Let’s, 朝日新聞(夕刊),2003-11-17, “バイオメトリクス”
2003.11
NHK総合テレビ,首都圏ネットワーク, 2003-09-10, “危機管理・本人確認最新システム「生体認証」最前線”
2003.9
