MATSUMOTO Tsutomu

Affiliation

Faculty of Environment and Information Sciences, Division of Social Environment and Information

Job Title

Professor

Date of Birth

1958

Research Fields, Keywords

Tamper-Resistant Software, ディジタル証拠性基盤, Biometrics, Mobile Terminal Security, Design and Analysis of Cryptographic Schemes and Protocols, Server-Aided Secure Computation, Key Predistribution System, Information Hiding, Artifact-metrics

Mail Address

E-mail address

Web Site

http://www-mlab.jks.ynu.ac.jp/

Related SDGs




写真a

Education 【 display / non-display

  •  
    -
    1986.3

    The University of Tokyo   Department of Electronic Engineering   Doctor Course   Completed

  •  
    -
    1983.3

    Yokohama National University   Department of Computer Science   Master Course   Completed

  • 1977.4
    -
    1981.3

    Yokohama National University   Department of Electrical Engineering   Graduated

Degree 【 display / non-display

  • Doctor of Engineering - The University of Tokyo

Campus Career 【 display / non-display

  • 2001.4
     
     

    Duty   Yokohama National UniversityFaculty of Environment and Information Sciences   Division of Social Environment and Information   Professor  

  • 2001.3
     
     

    Duty   Yokohama National UniversitySchool of Engineering   Professor  

  • 1996.4
    -
    2001.2

    Duty   Yokohama National UniversityGraduate School of Engineering   Associate Professor  

  • 1989.11
    -
    1996.3

    Duty   Yokohama National UniversitySchool of Engineering   Associate Professor  

  • 1986.4
    -
    1989.10

    Duty   Yokohama National UniversitySchool of Engineering   Lecturer  

display all >>

External Career 【 display / non-display

  • 2016.6
     
     

     

  • 2013.4
    -
    2016.3

    Japan Society for the Promotion of Science   Recearch Center for Science Systems,   Researcher  

  • 2006.9
     
     

     

  • 2005.8
    -
    2012.3

    National Institute of Advanced Industrial Science and Technology   Research Center for Information Security   Advisor  

  • 2004.8
    -
    2005.3

    National Printing Bureau   Researcher  

display all >>

Academic Society Affiliations 【 display / non-display

  •  
     
     
     

    International Association for Cryptologic Research

  •  
     
     
     

    電子情報通信学会

  •  
     
     
     

    Information Processing Society of Japan

  •  
     
     
     

    日本セキュリティマネジメント学会

Research Areas 【 display / non-display

  • Informatics / Theory of informatics

  • Informatics / Software

  • Informatics / Computer system

  • Manufacturing Technology (Mechanical Engineering, Electrical and Electronic Engineering, Chemical Engineering) / Communication and network engineering

  • Others / Others  / Information and Physical Security

display all >>

 

Books 【 display / non-display

  • 電子株主総会の研究

    岩村、神田(編)( Role: Joint author)

    弘文堂 

     More details

    Language:Japanese Book type:Scholarly book

  • Coding Theory and Cryptography

    ( Role: Joint author)

    World Scientific 

     More details

    Language:English Book type:Scholarly book

  • 電子政府・電子自治体

    多賀谷(編)( Role: Joint author)

    第一法規 

     More details

    Language:Japanese Book type:Scholarly book

  • デジタル文書証明

    ( Role: Joint author)

    NTT出版 

     More details

    Language:Japanese Book type:Scholarly book

  • 情報処理学会(編), エンサイクロペディア情報処理2000/2001

    ( Role: Joint author)

    オーム社 

     More details

    Language:Japanese Book type:Scholarly book

Papers 【 display / non-display

  • To Get Lost is to Learn the Way: An Analysis of Multi-Step Social Engineering Attacks on the Web

    Koide Takashi, Chiba Daiki, Akiyama Mitsuaki, Yoshioka Katsunari, Matsumoto Tsutomu

    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES   E104A ( 1 )   162 - 181   2021.1  [Reviewed]

    DOI Web of Science

     More details

    Language:Japanese   Publishing type:Research paper (scientific journal)   Publisher:一般社団法人 電子情報通信学会   Joint Work  

    <p>Web-based social engineering (SE) attacks manipulate users to perform specific actions, such as downloading malware and exposing personal information. Aiming to effectively lure users, some SE attacks, which we call multi-step SE attacks, constitute a sequence of web pages starting from a landing page and require browser interactions at each web page. Also, different browser interactions executed on a web page often branch to multiple sequences to redirect users to different SE attacks. Although common systems analyze only landing pages or conduct browser interactions limited to a specific attack, little effort has been made to follow such sequences of web pages to collect multi-step SE attacks. We propose STRAYSHEEP, a system to automatically crawl a sequence of web pages and detect diverse multi-step SE attacks. We evaluate the effectiveness of STRAYSHEEP's three modules (landing-page-collection, web-crawling, and SE-detection) in terms of the rate of collected landing pages leading to SE attacks, efficiency of web crawling to reach more SE attacks, and accuracy in detecting the attacks. Our experimental results indicate that STRAYSHEEP can lead to 20% more SE attacks than Alexa top sites and search results of trend words, crawl five times more efficiently than a simple crawling module, and detect SE attacks with 95.5% accuracy. We demonstrate that STRAYSHEEP can collect various SE attacks, not limited to a specific attack. We also clarify attackers' techniques for tricking users and browser interactions, redirecting users to attacks.</p>

    Other Link: https://ci.nii.ac.jp/naid/130007964807

  • Secure Cryptographic Unit as Root-of-Trust for IoT Era

    MATSUMOTO Tsutomu, IKEDA Makoto, NAGATA Makoto, UEMURA Yasuyoshi

    IEICE Transactions on Electronics   2021

    DOI

     More details

    Language:Japanese   Publishing type:Research paper (scientific journal)   Publisher:一般社団法人 電子情報通信学会   Joint Work  

    <p>The Internet of Things (IoT) implicates an infrastructure that creates new value by connecting everything with communication networks, and its construction is rapidly progressing in anticipation of its great potential. Enhancing the security of IoT is an essential requirement for supporting IoT. For ensuring IoT security, it is desirable to create a situation that even a terminal component device with many restrictions in computing power and energy capacity can easily verify other devices and data and communicate securely by the use of public key cryptography. To concretely achieve the big goal of penetrating public key cryptographic technology to most IoT end devices, we elaborated the secure cryptographic unit (SCU) built in a low-end microcontroller chip. The SCU comprises a hardware cryptographic engine and a built-in access controlling functionality consisting of a software gate and hardware gate. This paper describes the outline of our SCU construction technology's research and development and prospects.</p>

    Other Link: https://ci.nii.ac.jp/naid/130007975932

  • Understanding the Fake Removal Information Advertisement Sites

    Koide Takashi, Chiba Daiki, Akiyama Mitsuaki, Yoshioka Katsunari, Matsumoto Tsutomu

    Journal of Information Processing   29 ( 0 )   392 - 405   2021

    DOI

     More details

    Language:Japanese   Publishing type:Research paper (scientific journal)   Publisher:一般社団法人 情報処理学会   Joint Work  

    <p>Fake antivirus (AV) software is a type of malware that disguises as legitimate antivirus software and causes harm to users and their devices. Fake removal information advertisement (FRAD) sites, which introduce fake removal information for cyber threats, have emerged as platforms for distributing fake AV software. Although FRAD sites seriously threaten users who have been suffering from cyber threats and need information for removing them, little attention has been given to revealing these sites. In this paper, we propose a system to automatically crawl the web and identify FRAD sites. To shed light on the pervasiveness of this type of attack, we performed a comprehensive analysis of both passively and actively collected data. Our system collected 2, 913 FRAD sites in 31 languages, which have 73.5 million visits per month in total. We show that FRAD sites occupy search results when users search for cyber threats, thus preventing the users from obtaining the correct information.</p>

    Other Link: https://ci.nii.ac.jp/naid/130008038622

  • Detecting and Understanding Online Advertising Fraud in the Wild

    Kanei Fumihiro, Chiba Daiki, Hato Kunio, Yoshioka Katsunari, Matsumoto Tsutomu, Akiyama Mitsuaki

    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS   E103D ( 7 )   1512 - 1523   2020.7  [Reviewed]

    DOI Web of Science

     More details

    Language:Japanese   Publishing type:Research paper (scientific journal)   Publisher:一般社団法人 電子情報通信学会   Joint Work  

    <p>While the online advertisement is widely used on the web and on mobile applications, the monetary damages by advertising frauds (ad frauds) have become a severe problem. Countermeasures against ad frauds are evaded since they rely on noticeable features (e.g., burstiness of ad requests) that attackers can easily change. We propose an ad-fraud-detection method that leverages robust features against attacker evasion. We designed novel features on the basis of the statistics observed in an ad network calculated from a large amount of ad requests from legitimate users, such as the popularity of publisher websites and the tendencies of client environments. We assume that attackers cannot know of or manipulate these statistics and that features extracted from fraudulent ad requests tend to be outliers. These features are used to construct a machine-learning model for detecting fraudulent ad requests. We evaluated our proposed method by using ad-request logs observed within an actual ad network. The results revealed that our designed features improved the recall rate by 10% and had about 100,000-160,000 fewer false negatives per day than conventional features based on the burstiness of ad requests. In addition, by evaluating detection performance with long-term dataset, we confirmed that the proposed method is robust against performance degradation over time. Finally, we applied our proposed method to a large dataset constructed on an ad network and found several characteristics of the latest ad frauds in the wild, for example, a large amount of fraudulent ad requests is sent from cloud servers.</p>

    Other Link: https://ci.nii.ac.jp/naid/130007867697

  • Pay the Piper: DDoS Mitigation Technique to Deter Financially-Motivated Attackers

    Sasaki Takayuki, Ganan Carlos Hernandez, Yoshioka Katsunari, Van Eeten Michel, Matsumoto Tsutomu

    IEICE TRANSACTIONS ON COMMUNICATIONS   E103B ( 4 )   389 - 404   2020.4  [Reviewed]

    DOI Web of Science

     More details

    Language:Japanese   Publishing type:Research paper (scientific journal)   Publisher:一般社団法人 電子情報通信学会   Joint Work  

    <p>Distributed Denial of Service attacks against the application layer (L7 DDoS) are among the most difficult attacks to defend against because they mimic normal user behavior. Some mitigation techniques against L7 DDoS, e.g., IP blacklisting and load balancing using a content delivery network, have been proposed; unfortunately, these are symptomatic treatments rather than fundamental solutions. In this paper, we propose a novel technique to disincentivize attackers from launching a DDoS attack by increasing attack costs. Assuming financially motivated attackers seeking to gain profit via DDoS attacks, their primary goal is to maximize revenue. On the basis of this assumption, we also propose a mitigation solution that requires mining cryptocurrencies to access servers. To perform a DDoS attack, attackers must mine cryptocurrency as a proof-of-work (PoW), and the victims then obtain a solution to the PoW. Thus, relative to attackers, the attack cost increases, and, in terms of victims, the economic damage is compensated by the value of the mined coins. On the basis of this model, we evaluate attacker strategies in a game theory manner and demonstrate that the proposed solution provides only negative economic benefits to attackers. Moreover, we implement a prototype to evaluate performance, and we show that this prototype demonstrates practical performance.</p>

    Other Link: https://ci.nii.ac.jp/naid/130007825038

display all >>

Review Papers 【 display / non-display

  • 「情報学を創る」情報セキュリティに関する総合的な研究 ― 科研「情報学」プロジェクトのセキュリティ研究を振り返って ―

    情報処理   48 ( 4 )   368 - 375   2007.4

     More details

    Language:Japanese   Publishing type:Article, review, commentary, editorial, etc. (scientific journal)   Single Work  

  • 生体認証システムの脆弱性について―身体的特徴の偽造に関する脆弱性を中心に―

    宇根正志

    金融研究,日本銀行   24 ( 2 )   35 - 83   2005.7

     More details

    Language:Japanese   Publishing type:Article, review, commentary, editorial, etc. (scientific journal)   Joint Work  

  • 人工物メトリクスの評価における現状と課題

    松本弘之, 宇根正志, 松本 勉, 菅原嗣高

    金融研究,日本銀行   23 ( 別冊2 )   61 - 140   2004

     More details

    Language:Japanese   Publishing type:Article, review, commentary, editorial, etc. (scientific journal)   Joint Work  

  • インフォメーションハイディングの概要

    情報処理(情報処理学会誌)   44 ( 3 )   227 - 235   2003.3

     More details

    Language:Japanese   Publishing type:Article, review, commentary, editorial, etc. (scientific journal)   Single Work  

  • 通信におけるインフォメーションハイディング

    井上大介, 鈴木雅貴

    情報処理(情報処理学会誌)   44 ( 3 )   254 - 259   2003.3

     More details

    Language:Japanese   Publishing type:Article, review, commentary, editorial, etc. (scientific journal)   Joint Work  

display all >>

Awards 【 display / non-display

  • 平成22年度文部科学大臣表彰 科学技術賞(研究部門)

    2010.4    

  • 第4回情報セキュリティ文化賞

    2008.3    

  • NPO法人モバイル・コミュニケーション・ファンド 第5回ドコモ・モバイル・サイエンス賞 先端技術部門【優秀賞】 業績:「ディペンダブルな生体認証技術を築くためのセキュリティ評価技術の研究」

    2006.10    

  • 平成18年度情報化促進貢献個人表彰 経済産業省商務情報政策局長表彰「情報セキュリティ促進部門」

    2006.10    

  • 情報処理学会第6回コンピュータセキュリティシンポジウム (CSS2003) 優秀論文賞

    2003.10    

display all >>

Past of Collaboration and Commissioned Research 【 display / non-display

  • バイオメトリクスセキュリティ評価基準の研究開発

    Cooperative Research within Japan  

    Project Year: 2003  -  2004 

  • 高セキュリティソフトウェアの開発(プログラム修正ツール実証実験)

    Cooperative Research within Japan  

    Project Year: 2003  -  2004 

  • 高セキュリティソフトウェアの開発(プログラム修正ツール作成)

    Cooperative Research within Japan  

    Project Year: 2003  -  2004 

  • 耐タンパーモバイル環境とその応用に関する研究

    Cooperative Research within Japan  

    Project Year: 2002  -  2004 

  • 高セキュリティソフトウェアに関する研究

    Cooperative Research within Japan  

    Project Year: 2002  -  2003 

 

Charge of on-campus class subject 【 display / non-display

  • 2022   Ethics in Information Society

    College of Engineering Science

  • 2022   Exercise in Information Security Design

    Graduate School of Environment and Information Sciences

  • 2022   Information and Physical Security

    College of Engineering Science

  • 2022   Theory of Computation Ⅰ

    College of Engineering Science

  • 2022   Computer Architecture

    College of Engineering Science

display all >>

 

Committee Memberships 【 display / non-display

  • CRYPTREC暗号技術検討会

    2016.4  座長

     More details

    Committee type:Government 

  • 電子情報通信学会ハードウェアセキュリティ研究専門委員会

    2018.4  委員長

     More details

    Committee type:Academic society 

  • 「バイオメトリクス標準化調査研究委員会」WG6(日本規格協会INSTAC)

    2003.5 - 2004.3  委員

     More details

    Committee type:Other 

  • 情報セキュリティ戦略研究会(経済産業省)

    2003  委員

     More details

    Committee type:Other 

  • 地方公共団体による公的個人認証技術基準検討会(総務省)

    2003  構成員

     More details

    Committee type:Other 

display all >>

Social Contribution(Extension lecture) 【 display / non-display

  • クローズアップ現代,NHK総合テレビ,2004-02-26, “生体認証”

    2004.2

  • サイエンスZERO,NHK教育テレビ,2004-01-21, “バイオメトリクス”

    2004.1

  • ニュースモーニングサテライト,テレビ東京,2003-11-04, “生体認証”

    2003.11

  • Let’s, 朝日新聞(夕刊),2003-11-17, “バイオメトリクス”

    2003.11

  • NHK総合テレビ,首都圏ネットワーク, 2003-09-10, “危機管理・本人確認最新システム「生体認証」最前線”

    2003.9

display all >>