This paper proposes a new MAC protocol and physical channel control schemes for TDMA-TDD multi-slot packet channel. The goal of this study is to support both circuit-switched and packet-switched communications on the same resources and to enable high-speed packet transmission using a multi-slot packet channel. In the proposed channel control schemes, three points are taken into account; 1) effective sharing of time slots and frequencies with minimum impact on circuit communications, 2) compatibility with the existing access protocol and equipment, and 3) dynamic allocation of uplink and downlink slots. As for the MAC protocol, we adopt BRS (Block Reservation Scheme) and adaptive access control scheme to the proposed MAC protocol. In addition, to overcome the inherent disadvantage of TDD channels, packet scheduling and access randomizing control are newly proposed in this paper. The results of throughput and delay evaluations confirm that downlink capacity can be drastically enhanced by the dynamic allocation of uplink and downlink slots while corruption under heavy traffic loads is prevented by applying the adaptive traffic load control scheme.

This paper proposes a simulation framework suitable for holonic manufacturing systems, or HMS, based on the concept of distributed self-simulation. HMS is a distributed system that comprises autonomous and cooperative elements called holons, for the flexible and agile manufacturing. The simulation framework proposed here capitalizes on this distributed nature, where each holon functions similar to an independent simulator with self-simulation capabilities to maintain its own clock, handle events, and detect inter-holon state inconsistencies and perform rollback actions. This paper discusses the detailed architecture and design issues of such a simulator and reports on the results of a prototype.

Password-based authenticated key exchange protocols are more convenient and practical, since users employ human-memorable passwords that are simpler to remember than cryptographic secret keys or public/private keys. Abdalla, Fouque, and Pointcheval proposed the password-based authenticated key exchange protocol in a 3-party model (GPAKE) in which clients trying to establish a secret do not share a password between themselves but only with a trusted server. On the other hand, Canetti presented a general framework, which is called universally composable (UC) framework, for representing cryptographic protocols and analyzing their security. In this framework, the security of protocols is maintained under a general protocol composition operation called universal composition. Canetti also proved a UC composition theorem, which states that the definition of UC-security achieves the goal of concurrent general composition. A server must manage all the passwords of clients when the 3-party password-based authenticated key exchange protocols are realized in large-scale networks. In order to resolve this problem, we propose a hierarchical hybrid authenticated key exchange protocol (H2AKE). In H2AKE, forwarding servers are located between each client and a distribution server, and the distribution server sends the client an authentication key via the forwarding servers. In H2AKE, public/private keys are used between servers, while passwords are also used between clients and forwarding servers. Thus, in H2AKE, the load on the distribution server can be distributed to the forwarding servers concerning password management. In this paper, we define hierarchical hybrid authenticated key exchange functionality. H2AKE is the universal form of the hierarchical (hybrid) authenticated key exchange protocol, which includes a 3-party model, and it has the characteristic that the construction of the protocol can flexibly change according to the situation. We also prove that H2AKE is secure in the UC framework with the security-preserving composition property.

Applying ARQ to real time video communication can significantly increase transmission delay due its retransmission operations. We analyze this delay and propose an adaptive error control scheme that uses acknowledgment from the receiver to reduce the delay. We evaluate this scheme using a computer simulation and show that the proposed scheme can reduce the delay by controlling the amount of video data by changing the quantization step size and video frame skipping. It also offers acceptable video quality as confirmed by a subjective evaluation test.

This paper describes the performance of a video communication system over mobile radio channels. Mobile channel quality changes rapidly due to various factors. When compressed video data is transmitted through these channels, it is indispensable to employ an error control scheme because reconstructed video quality is seriously degraded by channel error. To control this error, an automatic repeat request (ARQ) scheme is often employed, however, this incurs a cost. The benefit of a non-degraded reconstructed video sequence is offset by the transmission delay due to ARQ retransmission. We apply to a video communication system a selective-repeat ARQ which is combined with the coding control scheme to reduce the transmission delay. We evaluate the quality of the reconstructed video sequence and transmission delay using computer simulations and make clear its applicability over Rayleigh and Nakagami-Rican fading channels and intersymbol interference.

Privacy remains an issue for IT services. Users are concerned that their history of service use may be traceable since each user is assigned a single identifier as a means of authentication. In this paper, we propose a perfectly anonymous attribute authentication scheme that is both unidentifiable and untraceable. Then, we present the evaluation results of a prototype system using a PC and mobile phone with the scheme. The proposed scheme employs a self-blindable certificate that a user can change randomly; thus the certificate is modified for each authentication, and the authentication scheme is unidentifiable and untraceable. Furthermore, our scheme can revoke self-blindable certificates without leaks of confidential private information and check the revocation status without online access.

This paper proposes a ternary subset difference method (SD method) that is resistant to coalition attacks. In order to realize a secure ternary SD method, we design a new cover-finding algorithm, label assignment algorithm and encryption algorithm. These algorithms are required to revoke one or two subtrees simultaneously while maintaining resistance against coalition attacks. We realize this two-way revocation mechanism by creatively using labels and hashed labels. Then, we evaluate the efficiency and security of the ternary SD method. We show that the number of labels on each client device can be reduced by about 20.4 percent. The simulation results show that the proposed scheme reduces the average header length by up to 15.0 percent in case where the total number of devices is 65,536. On the other hand, the computational cost imposed on a client device stays within O(log n). Finally, we prove that the ternary SD method is secure against coalition attacks.

In elevator-group control, the average number of running cars should be finely adjusted by the dynamically controlling the number of running cars (DCNRC). Traffic demand in an office building varies throughout the day. In this paper, we propose a new energy-saving method for elevator-group control that adjusts the number of running cars according to the traffic demand, simulate the proposed energy-saving method under nearly real traffic demand conditions of an office building, and reduce the daily energy consumption to the target level after several days.

Pairing based cryptosystems can accomplish novel security applications such as ID-based cryptosystems, which have not been constructed efficiently without the pairing. The processing speed of the pairing based cryptosystems is relatively slow compared with the other conventional public key cryptosystems. However, several efficient algorithms for computing the pairing have been proposed, namely Duursma-Lee algorithm and its variant ηT pairing. In this paper, we present an efficient implementation of the pairing over some mobilephones. Moreover, we compare the processing speed of the pairing with that of the other standard public key cryptosystems, i.e. RSA cryptosystem and elliptic curve cryptosystem. Indeed the processing speed of our implementation in ARM9 processors on BREW achieves under 100 milliseconds using the supersingular curve over F397. In addition, the pairing is more efficient than the other public key cryptosystems, and the pairing can be achieved enough also on BREW mobilephones. It has become efficient enough to implement security applications, such as short signature, ID-based cryptosystems or broadcast encryption, using the pairing on BREW mobilephones.

This paper proposes a short delay, error-resilient video transmission scheme for mobile radio channels. Compressed video data are sensitive to channel error. Video coding schemes such as H. 263 use variable length coding so channel error can cause synchronization failure in the decoder and fatally degrade the reconstructed video sequence by triggering intra- and inter-frame error propagation. ARQ prevents all forms of error propagation but significantly increases the transmission delay of the video frame. We propose a new error control scheme to reduces the delay incurred by ARQ; the receiving buffer can transmits the video frame data to the video decoder even if not all ARQ frames containing the video frame are received. The encoder transmits additional information, the Macro Block (MB) size, in the video frame header. Upon receiving this information, the receiving buffer can determine MB length which allows MB de-synchronization to be prevented. For example, if an ARQ frame is lost, the decoder determines the position of the missing MB and replace this MB with the equivalent block in the previous video frame; this prevents intra-frame error propagation. When all ARQ frames are received and decoded correctly, the video frame in the reference video memory is replaced with the correctly decoded one. Simulation results show that the proposed scheme can minimize the delay and the reduction in frame rate caused by retransmission control without intra- and inter-error propagation.

The notion of correlation intractable function ensembles (CIFEs) was introduced in an attempt to capture the "unpredictability" property of random oracles [12]: If O is a random oracle then it is infeasible to find an input x such that the input-output pair (x,O(x)) has some desired property. In this paper, we observe relationships between zero-knowledge protocols and CIFEs. Specifically, we show that, in the non-uniform model, the existence of CIFEs implies that 3-round auxiliary-input zero-knowledge (AIZK) AM interactive proofs exist only for BPP languages. In the uniform model, we show that 3-round AIZK AM interactive proofs with perfect completeness exist only for easy-to-approximate languages. These conditional triviality results extend to constant-round AIZK AM interactive proofs assuming the existence of multi-input CIFEs, where "multi-input" means that the correlation intractability is satisfied with respect to multiple input-output pairs. Also, as a corollary, we show that any construction of uniform multi-input CIFEs from uniform one-way functions proves unconditionally that constant-round AIZK AM interactive proofs with perfect completeness only for easy-to-approximate languages.

In this paper, we propose a transformation function for a user's raw iris data, an "iris code" in iris scanning verification on the server, since the iris code requires to be hidden from even a server administrator. We then show that the user can be properly authenticated on the server, even though the iris code is transformed by the proposed function. The reason is that the function has a characteristic, "The (normalized) Hamming distances between the enrolled iris codes and the verified iris codes are conserved before and after the computation of the function," that is, the normalized Hamming distance in this scheme is equal to that in the existing scheme. We also show that the transformed iris code is sufficiently secure to hide the original iris code, even if a stronger attack model is supposed than the previously described model. That can be explained from the following two reasons. One reason is that nonlinear function, which consists of the three-dimensional rotation about the x-axis and the y-axis with the iris code lengthened bit by bit, and the cyclic shift, does not enable an attacker to conjecture the iris code. The other reason is that the success probabilities for the exhaustive search attack concerning the iris code in the supposed attack models are lower than those of the previously proposed methods and are negligible.

Linking schemes have been proposed assuming the model where the time-stamp issuer need not be trusted. However, in that environment, a fake chain attack and forward or backward dating attacks are still a residual risk in Time-Stamping services (TSS). In this paper, we propose a new time-stamping scheme that focuses on these problems. In our scheme, we use pseudonyms to prevent the time-stamp issuer from dating the time that the specific entity requests. Our scheme doesn't rely on only one trustworthy entity, and uses mutual communication between each entity. Two types of entities, server and clients without any trustworthy entities are configured in our system. The server provides an anonymous communication channel, but doesn't provide TSS, and the clients are not only time-stamp requesters but also issuers. So, when a client requests a time-stamp from the system, it is issued by one of the other clients.

In this paper, we examine the effectiveness of clock control in protecting stream ciphers from a distinguishing attack, and show that this form of control is effective against such attacks. We model two typical clock-controlled stream ciphers and analyze the increase in computational complexity for these attacks due to clock control. We then analyze parameters for the design of clock-controlled stream ciphers, such as the length of the LFSR used for clock control. By adopting the design criteria described in this paper, a designer can find the optimal length of the clock-control sequence LFSR.

This paper presents an integrated network configuration of wired and wireless access systems for nomadic computing and discusses the virtual LAN on a wireless access system. Furthermore, different types of ad hoc networks are summarized to delineate nomadic computing styles. In terms of user mobility, the integrated network provides a seamless connection environment, so a user can move between wireless and wired networks without dropping data communication sessions. This function is critical for nomadic computing users. By defining the integrated network and employing a virtual LAN, a nomadic computing environment can be realized. This paper reviews the key issues to realize integrated networks. They are mobile management including mobile IP, virtual IP and Logical Office, a high performance MAC, and security control.

Our recent progress in improving the performance of the GaInNAs laser is fully reviewed here. We improved the crystal quality of GaInNAs by optimizing the conditions for its grown by gas-source molecular beam epitaxy (MBE) using N radicals as a N source. We found that the temperature window for obtaining GaInNAs with high crystal quality, good surface morphology, and good photoluminescence (PL) characteristics is smaller than that for obtaining this kind of GaInAs. Like dopant atoms such as Si or Be in GaAs, the N radicals produced by an RF discharge have a high sticking coefficient. Their use is therefore effective when we want to increase and control the N content of GaInNAs. We found that the AsH3-flow-rate mainly affected crystal quality of GaInNAs rather than incorporation of nitrogen atoms. We also investigated the effects of thermal annealing on the optical properties of as-grown GaInNAs layers and found that it greatly increased the PL intensity and produced the large shift in the PL wavelength. The absorption spectra of the GaInNAs bulk layer revealed that the large shift in the PL wavelength is probably caused by a bandgap shift in the GaInNAs well layer, and cathodeluminescence measurements revealed that the increased PL intensity is due to the improved emission being more uniform spatially: uniformity from the entire region; in comparison, nonuniform dot-like regions exist in an as-grown GaInNAs layer. Optimizing the growth conditions and using thermal annealing effect, we made a 1.3-µm GaInNAs/GaAs single-quantum-well laser that has a high characteristic temperature (215 K) under pulsed operation. To our knowledge, this is the highest characteristic temperature reported for a 1.3-µm band-edge emitter suitable for used in optical-fiber communication systems. The use of GaInNAs as an active layer is, therefore, very promising for the fabrication of long-wavelength laser diodes with excellent high-temperature performance.

This paper proposes a novel sequential coherent preambleless demodulator that uses phase signals instead of complex signals in the automatic frequency control (AFC) and carrier recovery circuits. The proposed demodulator employs a phase-combined frequency error detection circuit and dual loop AFC circuit to achieve fast frequency acquisition and low frequency jitter. It also adopts an open loop carrier recovery scheme with a sample hold circuit after the carrier filter to ensure carrier signal stability within a packet. It is shown that the frame error rate performance of the proposed demodulator is superior, by 30%, to that offered by differential detection in a frequency selective Rayleigh fading channel. The hardware size of the proposed demodulator is about only 1/10 that of a conventional coherent demodulator employing complex signals.

In Shamir's (k,n)-threshold secret sharing scheme [1], a heavy computational cost is required to make n shares and recover the secret from k shares. As a solution to this problem, several fast threshold schemes have been proposed. However, there is no fast ideal (k,n)-threshold scheme, where k ≥ 3 and n is arbitrary. This paper proposes a new fast (3,n)-threshold scheme by using just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret, which is an ideal secret sharing scheme similar to Shamir's scheme. Furthermore, we evaluate the efficiency of the scheme, and show that it is more efficient than Shamir's in terms of computational cost. Moreover, we suggest a fast (k,n)-threshold scheme can be constructed in a similar way by increasing the sets of random numbers constructing pieces of shares.

Holonic Manufacturing Systems (HMSs), in which decisions are made through cooperation among holons (autonomous and cooperative manufacturing entities), eliminate various bottlenecks that exist in conventional systems to adapt to high-variety low-volume production. This paper describes the architecture of HMSs. Issues regarding incremental development and dynamic reconfiguration of cooperation mechanisms themselves, and mechanisms for ensuring stable and safe behaviors of HMSs are also discussed with reference to several proposals, with a view to applying the HMS architecture to large and complicated applications.