Tetsuji TAKADA

Department of InformaticsAssociate Professor
Cluster II (Emerging Multi-interdisciplinary Engineering)Associate Professor

Degree

  • 博士 (工学), 電気通信大学

Research Keyword

  • Usable Security
  • Human-Computer Interaction
  • 情報セキュリティ
  • Network Security
  • Web application
  • User authentication

Field Of Study

  • Informatics, Human interfaces and interactions
  • Informatics, Information security

Career

  • Oct. 2010
    The University of Electro-Communications, Graduate School of Informatics and Engineering, Associate Professor, Japan

Educational Background

  • Apr. 1997 - Sep. 2000
    The University of Electro-Communications, Graduate School of Information Systems, 情報システム運用学専攻

Member History

  • Feb. 2023 - Dec. 2023
    編集委員, 情報処理学会 論文誌「次世代デジタルプラットフォームにおける情報流通を支えるセキュリティとトラスト」特集, Society, https://www.ipsj.or.jp/journal/cfp/23-V.html
  • Feb. 2022 - Dec. 2022
    編集委員, 情報処理学会 論文誌「持続可能な社会のIT基盤に向けた情報セキュリティとトラスト」特集, Society, https://www.ipsj.or.jp/journal/cfp/22-T.html

Award

  • Oct. 2022
    MWS Cup 2022 ハッカソン部門優勝(指導学生が受賞), 渡邉 祐貴(電気通信大学 II類(融合系)セキュリティ情報学プログラム)
  • Oct. 2022
    MWS Cup 2022 総合準優勝 (指導学生が受賞), 渡邉 祐貴(電気通信大学 II類(融合系) セキュリティ情報学プログラム)
  • Mar. 2022
    UEC Bug Bounty 2021最優秀賞・特別賞(指導学生が受賞), 五島崇樹(電気通信大学 学域2類 セキュリティ情報学プログラム)
  • Oct. 2021
    技術コンテストに指導学生2名がチームとして参加し、受賞
    MWS Cup 2021 当日課題 優勝 (指導学生が受賞), 江原 知志,横山 佳紀(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2021
    技術コンテストに指導学生2名がチームとして参加し、受賞
    MWS Cup 2021 総合優勝 (1位) (指導学生が受賞), 江原 知志,横山 佳紀(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2020
    技術コンテストに指導学生3名がチームとして参加し、受賞
    MWS Cup 2020 当日課題 優勝 (指導学生が受賞), 吉田 光宏,江原 知志,横山 佳紀(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2020
    技術コンテストに指導学生3名がチームとして参加し、受賞
    MWS Cup 2020 総合優勝 (1位) (指導学生が受賞), 吉田 光宏,江原 知志,横山 佳紀(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2020
    コンピュータセキュリティシンポジウム 2020 (CSS 2020)
    CSS 2020奨励賞 (指導学生が受賞), 江原 知志 (電気通信大学 大学院 情報学専攻)
    Japan society, Japan
  • Oct. 2018
    技術コンテストに指導学生2名がチームとして参加し、受賞
    MWS Cup 2018 総合優勝 (1位) (指導学生が受賞), 山岸 伶,大石 雄大(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2018
    情報処理学会 コンピュータセキュリティ研究会
    CSEC優秀研究賞 (指導学生が受賞), 服部 夢二 (電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2018
    ユーザブルセキュリティワークショップ2018 (UWS2018)
    UWS 2018 論文賞 (指導学生が受賞), 皆川 諒(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2018
    技術コンテストに指導学生2名がチームとして参加し、受賞
    MWS Cup 2018 当日課題 優勝 (指導学生が受賞), 山岸 伶,大石 雄大(電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2017
    技術コンテストに指導学生3名がチームとして参加し、受賞
    MWS Cup 2017 1位 (指導学生が受賞), 皆川 諒,村上 秀史,山岸 伶 (電気通信大学 大学院 情報学専攻)
    Japan society
  • Oct. 2017
    コンピュータセキュリティシンポジウム 2017 (CSS 2017)
    CSS2017学生論文賞 (指導学生が受賞), 山岸 伶 (電気通信大学)
    Japan society
  • Oct. 2017
    コンピュータセキュリティシンポジウム 2017 (CSS 2017)
    CSS2017コンセプト論文賞 (指導学生が受賞), 皆川 諒 (電気通信大学)
    Japan society
  • Oct. 2014
    技術コンテストに指導学生2名がチームとして参加し、受賞
    MWS Cup 2014 技術部門優勝 (指導学生が受賞), 望月翔太,後藤颯 (電気通信大学 大学院 総合情報学専攻)
    Japan society
  • Oct. 2014
    技術コンテストに指導学生2名がチームとして参加、受賞
    IWSEC Cup 2014 / Gold Prize (指導学生が受賞), 望月翔太,後藤颯 (電気通信大学 大学院 総合情報学専攻)
    International society
  • Feb. 2014
    インタラクション2014
    ベストインタラクティブ賞, 石塚 正也,高田 哲司(電気通信大学 大学院 総合情報学専攻)
    Japan society
  • Oct. 2011
    コンピュータセキュリティシンポジウム 2011 CSS2011 優秀論文賞, 高田哲司

Paper

  • Design Exploration for Better Security of Recognition-based Image Authentication in Mobile Environment
    Tetsuji Takada; Daniel Schwarz
    20th International Conference on Advances in Mobile Computing & Multimedia Intelligence (MoMM 2022), 28 Nov. 2022, Peer-reviwed
    International conference proceedings, English
  • 録画による覗き見攻撃に安全な個人認証のユーザインタフェース改良による実用性向上
    江原知志; 高田哲司
    情報処理学会論文誌, 情報処理学会, 63, 4, 15 Apr. 2022, Peer-reviwed
    Scientific journal, Japanese
  • Pict-Place Authentication: Recognition-based Graphical Password using Image Layout for Better Balance of Security and Operation Time
    Tetsuji Takada; Mitsuhiro Yoshida
    14th Biannual Conference of the Italian SIGCHI Chapter (CHItaly 2021), 11 Jul. 2021, Peer-reviwed
    International conference proceedings, English
  • Giving Motivation for Using Secure Credential through User Authentication by Game
    Tetsuji Takada; Yumeji Hattori
    Int'l Conf. on Advanced Visual Interface (AVI 2020), 01 Oct. 2020, Peer-reviwed
    International conference proceedings, English
  • 「かわいい」画像を用いた行動誘引によるセキュリティ警告の効果改善
    皆川諒; 高田哲司
    情報処理学会論文誌, 情報処理学会, 61, 3, 15 Mar. 2020, Peer-reviwed
    Scientific journal, Japanese
  • 推測攻撃に対する安全性改善を目的とした単語ペアの集合を秘密とする個人認証
    山岸伶; 高田哲司
    情報処理学会論文誌, 情報処理学会, 60, 4, 1119-1128, 15 Apr. 2019, Peer-reviwed
    Scientific journal, Japanese
  • Emoji-nized log browser: Visualization of server-logs by emoji for system administrators
    Tetsuji Takada; Takaaki Abe
    Proceedings of the Workshop on Advanced Visual Interfaces AVI, Association for Computing Machinery, 0-0, 29 May 2018, Peer-reviwed, We propose a log data visualization system by Emoji (pictorial symbol). A log inspection and its monitoring are essential task for system administrators to be aware of anomalous status of the IT systems and security incidents. Information visualization is a promising approach to assist the task. However, there is no visualization work to support understanding the textual data more directly. We, then, propose a text visualization by replacing text data with emoji based on a user-defined rule. In this paper, we explain an idea of visualization by emoji, and we also introduce a prototype system based on the idea for an access log of a web server. We also discuss about expected advantages and future work.
    International conference proceedings, English
  • AssociPass: A User Authentication System with Word-Pairs for Security against Guess Attack
    Rei Yamagishi; Tetsuji Takada
    Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems, ACM, 0-0, 20 Apr. 2018, Peer-reviwed
    International conference proceedings, English
  • 悪性コンテンツの隠蔽方法に着目したマルウェア感染への誘導用Webページ検知システムの提案
    荻野貴大; 高田哲司
    情報処理学会論文誌, 情報処理学会, 58, 12, 1833-1842, 15 Dec. 2017, Peer-reviwed
    Scientific journal, Japanese
  • Exploring alternative security warning dialog for atracting user atention: Evaluation of "Kawaii" effect and its additional stimulus combination
    Ryo Minakawa; Tetsuji Takada
    ACM International Conference Proceeding Series, Association for Computing Machinery, 582-586, 04 Dec. 2017, Peer-reviwed, One of security functions is a security warning dialog (SWdialog). However, the effect for ensuring security is questionable because of the habituation. This means that users tend to disregard of it through repeated encounters. In this paper, we propose an alternative security warning dialog using the effect of "Kawaii", which means "cute" in Japanese. We also propose a combination of additional effects with "Kawaii" to the dialog. We conducted an evaluation experiment with a small number of subjects in order to verify whether the proposed dialog has a potential of expected affection to users. From the results of the experiment, we find that the proposed dialog could obtain user attention better than the conventional dialogs. Moreover, one of proposed dialog that is applied the effect combined additional effects with "Kawaii" would have a potential to suppress disregarding action to the dialog even if a user is habituated.
    International conference proceedings, English
  • Authentication shutter: Alternative countermeasure against password reuse attack by availability control
    Tetsuji Takada
    ACM International Conference Proceeding Series, Association for Computing Machinery, 130521, 0-0, 29 Aug. 2017, Peer-reviwed, A mass attack to web services using leaked account information has been done in recent years. Hie causes of the attack are information leakage and use of a same password among multiple services. Available measures to the attack are mainly using an alternative authentication method such as two-factor authentication or onetime password. Such measures put an additional operation load or credential management on users, and may also impose additional management costs to users or service providers for dedicated devices. These issues limit the applicability of such measures to only parts of various services. Therefore, I propose an alternative measure against the attack by using the concept of shutters in car garages. Hie proposed scheme is referred as the "authentication shutter". In this scheme, a legitimate user can control the availability of user authentication directly. Tliis means that, even if an attacker has a valid user ID and password, if a legitimate user sets the user authentication as unavailable, an attacker cannot pass user authentication. I explain the basic idea and how to implement the scheme as a web system, and also discuss about the usability and security of the scheme.
    International conference proceedings, English
  • 秘密情報を変更せずに提供しうる安全性を柔軟に変更可能な再認式画像認証の提案
    森康洋; 高田哲司
    情報処理学会論文誌, 情報処理学会, 57, 12, 2641-2653, 15 Dec. 2016, Peer-reviwed, 本研究では,秘密情報を変更することなく提供する安全性を変更可能な再認式画像認証を提案する.提案する画像認証方式では前記の特徴を実現するため以下の2つの工夫を施している.工夫1)認証時の回答候補画像を増やす.工夫2)システムにより規定される部分領域内に正解画像を集中配置する.手法1により秘密情報を変更することなく安全性向上を可能にし,手法2により安全性向上にともなう操作負担の増加を抑制可能にする.この提案に基づく画像認証のプロトタイプシステムを実装し,利用可能性と操作負担に関して被験者による評価実験を実施した.その結果,提案する認証方式の操作時間は100枚の回答候補画像から4枚の正解画像を選択するのに平均15.2秒という結果となり利用可能性に疑念がないこと,また正解画像の制約付き配置については操作負担増加を抑制しうる効果が確認された.We propose two ideas to realize better security for a recognition-based image authentication: 1) adding more decoy images into an answer selection screen, 2) setting a condition for answer images layout. These ideas realize not only improving a security-level of the authentication scheme but also minimizing an additional load in a user operation. We implemented a prototype system based on the ideas and evaluated feasibility and operational load of the proposed system with subjects. From the result of the experiment, the conditional layout of answer images has an effect to suppress operational burden. Moreover, a user took sixteen seconds in average to pick up four answer images with an order from one hundred images.
    Scientific journal, Japanese
  • Client-oriented web alteration detection system using link change state of a web page based on past and current page content
    Shouta Mochizuki; Tetsuji Takada
    17th International Conference on Information Integration and Web-Based Applications and Services, iiWAS 2015 - Proceedings, Association for Computing Machinery, Inc, 627-631, 11 Dec. 2015, Peer-reviwed, In this paper, we propose a client-oriented web alteration detection system that uses the changed state of links between the past and current versions of a browsing web page. Some measures against malicious web page alterations have been developed, such as URL-blacklist based access control. The limitations of such measures, however, are the coverage and timeliness. It is very difficult to capture all maliciously altered web page data on the Internet. A time delay from when an attacker alters a web page to when a browser blocks access to the web page is unavoidable. We focus on a page alteration such as a code injection or a page modification without a change in the visual layout. Such an alteration may lead users to experience further security threats. To detect altered web pages, whenever a user views a web page, our system extracts the link-based feature data from the page and stores it in a database. In addition, if the database has the feature data of a browsing web page from a previous access time, the system extracts the change in state of all links on the web page based on both the previous and current page content. Moreover, the results are provided to the users through a visual representation. Our system assists web-browsing users to remain aware of malicious alterations to a browsing web page. We believe that our system can engage web-browsing users to monitor web page alterations.
    International conference proceedings, English
  • Androidマルウェアへの対策行動へ利用者を誘導する警告ダイアログの提案と評価
    高橋雅香; 高田哲司
    情報処理学会論文誌, 56, 12, 2302-2312, Dec. 2015, Peer-reviwed, Android端末をターゲットにしたマルウェアは急増し,セキュリティ上の問題となっている.これに対する現実の対応策はAnti-Virus(AV)ソフトウェアを利用することである.しかし,Android用AVソフトウェアはマルウェアを削除することができず,利用者に対策行動を実施させる必要がある.その役割はAVソフトウェアのダイアログによって行われているが,実際には利用者を対策行動まで誘導できていないと考えられる.そこで本研究では,警告通知と対策行動への誘導というダイアログの2機能について改善案を提案し,それらの効果について被験者による評価実験を行った.これにより利用者を対策行動に誘導しうる新たなダイアログを提案し,その改善効果の可能性を示すことができた.本論文では,この改善版ダイアログの提案と評価実験について報告する.Malware applications for the Android OS has been released in the Internet and an application market. A threat caused from malware applications becomes non-negligible issue. A prior measure against the malware applications is an Anti-Virus software and the software notifies users of a malware infection to their terminals by a dialog interface. However, the dialogs in commercial Anti-Virus software products did not play a role of a risk notification and are simply ignored by mobile phone users. This is a serious issue for mobile phone security. Therefore, we propose an alternative customized malware notification dialog for both "leading users a better counter action to malware" and "inducing users to understand a security threat from a dialog information". We also conducted a user evaluation study for measuring an effectiveness of the proposed dialogs.
    Scientific journal, Japanese
  • Chameleon dial: Repeated camerarecording attack resilient PIN input scheme
    Tetsuji Takada; Masaya Ishizuka
    UbiComp and ISWC 2015 - Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and the Proceedings of the 2015 ACM International Symposium on Wearable Computers, Association for Computing Machinery, Inc, 365-368, 07 Sep. 2015, Peer-reviwed, In this paper, we propose a repeated camera-recording attack resilient personal identification number (PIN) authentication scheme. In the absence of any public reports regarding potential risks, throughout our daily lives, we are faced with the risk of camera-recording attacks, which are a type of shoulder-surfing attack. Conventional knowledgebased authentication schemes are vulnerable to such attacks because a user is required to types or tap a secret directly. Several studies have proposed ways of countering such attacks. However, these schemes have remained issues such as a complex operation, increased memory requirements, and/or the need for additional devices. We, therefore, propose a Chameleon Dial (CDial) to improve the issues, and to enable us to be secure against repeated camera-recording attacks.
    International conference proceedings, English
  • CCC: 携帯端末での暗証番号認証における振動機能を応用した覗き見攻撃対策手法
    石塚正也; 高田哲司
    情報処理学会論文誌, 56, 9, 1877-1888, Sep. 2015, Peer-reviwed, 携帯端末で個人認証を行う利用者にとって覗き見攻撃は現実的な脅威の1つである.この脅威に対する既存の対策方法は,入力操作や画面を隠すというほかにいくつかの提案がなされているが,それらの提案手法には入力手法の複雑化や学習負荷,秘密情報の増加にともなう記憶負担の増大,専用デバイスが別途必要などの問題がある.これに対して本論文では,現時点において入手可能なスマートフォンで暗証番号認証を行うことを想定し,スマートフォンの振動機能を応用することで覗き見攻撃への安全性を向上させうる暗証番号入力手法CCC(Circle Chameleon Cursor)を考案した.振動機能の利用により,CCCは視覚的情報による秘密情報の特定を困難にしつつ,認証操作時における認証端末と利用者間での秘密情報共有を可能にする.またその共有秘密を既存のダイヤルによる暗証番号入力操作に応用することにより,最小限の学習負担と記憶負担増加量ならびに別途専用デバイスは不要という利点を持つ入力手法となっている.このアイデアを基にAndroidスマートフォンアプリとしてプロトタイプを実装し,被験者による攻撃実験を実施した.その結果,3つの利用状況において認証操作を録画した動画記録から入力値を正しく特定できた被験者は0人という結果を得た.In this paper, we proposed simple yet secure Personal Idenfication Number (PIN) authentication scheme against observation attack for mobile devices. An observation attack (also known as a shoulder surfing attack) is an actual threat for mobile phone users. Some research works propose secure schemes against this sort of attack. However, these schemes have remained issues such as a complex input method, memory load increase for an additional secret and required a dedicated device. Our scheme, named Circle Chameleon Cursor, focuses on improving the issues of a PIN input scheme for a smart phone. The features of the proposed scheme as follows: 1) We use two secrets and the second secret is shared using a simple vibration signal between a mobile phone and a user. It makes hard to retrieve an input value even if an attack has some movie records about both a screen and a user operation. 2) CCC does not increase a memory load of a secret when a user does not use a PIN authentication. And 3) CCC does not require an additional dedicated device. We implemented a prototype system on an Android smart phone and conducted an observation attack experiment using some movie records of an authentication operation of the system. The result was that no one succeeded to identify an input value correctly.
    Scientific journal, Japanese
  • Anomalous Network Communication Detection System by Visual Pattern on a Client Computer
    Hayate Goto; Tetsuji Takada
    30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, ASSOC COMPUTING MACHINERY, 1263-1269, 2015, Peer-reviwed, In this study, we propose a visual anomaly detection system for network connections on a client computer. End users are exposed to security threats and they remain vulnerable to unknown emerging threats because current tools such as antivirus software and firewalls can only handle known threats. The proposed system aims to become a complementary security tool for end users that visualizes both inbound and outbound network connections on their computers. We consider three design features in this security tool for end users: visualizing a block of logs as a network usage trend, providing a temporal sequence of the log content as visual images, and anomaly detection based on frequency analysis. These features help users to build a normal usage model in their minds and they make them more aware of suspicious network traffic on their computers by observing visual differences between images. We also present four visual examples of anomalous network traffic based on the proposed system. These examples show that our tool has the potential to detect anomalous network communication.
    International conference proceedings, English
  • A Visual Approach to Detecting Drive-by Download Attacks
    Tetsuji Takada; Katsuhiro Amako
    8th International Symposium on Visual Information Communication and Interaction (VINCI 2015), ASSOC COMPUTING MACHINERY, 162-163, 2015, Peer-reviwed, Drive-by Download(DbD) attack is one of malware infection schemes that pose a major threat to users on the Internet. The attack tends to go unnoticed by users, because, upon infection, there is almost no visible change to the screen or the computer. Moreover, infections can occur merely as a result of a user visiting a web page. The conventional approach to DbD attacks is to use anti-virus(AV) software to detect malware. However, this approach is limited, because AV software does not always correctly detect emerging malware. Therefore, we designed a network-communication visualization system to assist in the detection of DbD attacks. We expect that the proposed visualization system will successfully give an awareness to users of suspicious software downloads.
    International conference proceedings, English
  • MTAPIN: Multi-touch key input enhances security of PIN authentication while keeping usability
    Tetsuji Takada; Yuki Kokubun
    International Journal of Pervasive Computing and Communications, Emerald Group Publishing Ltd., 10, 3, 276-290, 26 Aug. 2014, Peer-reviwed, Findings-The authors conducted a user evaluation study using a Web-based prototype system. The results of the study indicate that PIN input time, input errors and secret memorability of the proposed scheme were no worse than those of conventional PIN authentication. The theoretical security level of the proposed scheme is almost three and a half times than that of the conventional scheme.
    Originality/value-The paper introduced a multi-touch-allowed secret input operation into a PIN authentication. Though the introduction affected not only an input operation but also a PIN input interface and secret information, it makes possible to realize a better security level without a drastic change of a user interface and taking a longer input time.
    Purpose-The aim of the research is to realize a better form of personal identification number (PIN) authentication for a mobile phone without lowering usability and acceptability.
    Design/methodology/approach-The authors’ approach is to extend the input operation of PIN authentication by allowing more than one number at a time using a multi-touch-enabled screen. The authors also introduced substitution keys to be able to type any combination of a PIN value and an input pattern by multi-touch typing.
    Scientific journal, English
  • Extended PIN authentication scheme allowing multi-touch key input
    Tetsuji Takada; Yuki Kokubun
    ACM International Conference Proceeding Series, 307-310, 2013, Peer-reviwed, In this paper, we report our trial to make a better form of personal identification number(PIN) authentication for a mobile device. We think that mobile users should be given a more secure alternative authentication because PIN authentication has well-known flaws. However, proposed alternative schemes change the authentication method drastically and that may discomfort mobile users. Our approach is to just change the input operation of PIN authentication by allowing more than one number at a time using a multi-touch enabled screen. We implemented a web-based prototype system and conducted an informal user study using it. The results of the study indicate that PIN input time, input errors and secret memorability of the proposed scheme were no worse than those of conventional PIN authentication. We also discuss the mathematical security level and other advantages of the scheme. © 2013 ACM.
    International conference proceedings, English
  • ConfShare: 学術会議参加にかかわる作業支援を目的としたWebサービス
    高田哲司
    情報処理学会論文誌, 情報処理学会, 49, 12, 4093-4104, Dec. 2008, Peer-reviwed, 本論文では,研究者が学術会議に参加するために必要となる3つの作業を支援することを目的としたWebサービス"ConfShare"について述べる.研究者にとって学会に参加して自身の研究成果を発表したり,最新の研究成果を知ることは必要不可欠な活動である.しかし学会が開催する会議に関する情報は分散して存在しており,また様々な主催組織による多種多様な会議が存在するため,自分の研究領域や研究成果に適した会議の選定やその情報収集には手間をかけなければならず,それは研究者の負担となっている.また会議への参加を決定した後も,会議情報Webページを通じて随時提供される新たな情報を収集する作業が必要であり,それも研究者の負担となっている.そこで本研究では学術会議開催情報を一元的に集約可能にし,研究者が会議に参加する際に必要となる3つの作業,すなわち会議情報の収集,参加および論文投稿の可否判断ならびに会議情報Webページの更新追従を支援するWebサービス"ConfShare" を開発した.本サービスを利用することにより,会議情報の収集から論文投稿や参加の検討,そして会議主催者側から提供される最新情報の収集にまつわる作業を本サービス内で実施でき,会議開催情報の扱いにかかわる研究者の作業支援を可能にする.One of essential tasks for researchers is to find an appropriate conference to submit a paper or attend it for getting latest research results. However, conference information are not well-organized from a researcher's point of view. Moreover, Searching them by a web search engine is not always a better way. Even after a researcher decides a conference to go, she/he has to catch up on various new information about the conference. These tasks are time-consuming and they must be done by researchers themselves. I consider that it must be useful if there is a support service to assist researchers to do them. In order to realize such a service, I make clear necessary functions and also design a user interface and interactive functions for the service. I, then, developed "ConfShare" for that purpose. ConfShare shares conference information independently with the hosting organizations and enables researchers to browse and search them for assist finding both a conference information and a submission deadline information. ConfShare is also tracking a conference web page update. It helps to catch up with new information about a conference. These functions assist researchers in doing various tasks in order to attend an academic conference.
    Scientific journal, Japanese
  • fakePointer: 映像記録による覗き見攻撃にも安全な認証手法
    高田哲司
    情報処理学会論文誌, 情報処理学会, 49, 9, 3051-3061, Sep. 2008, Peer-reviwed, 本論文では,ビデオ撮影による覗き見攻撃に対しても安全性を確保可能にする認証手法“fakePointer”について述べる.これまでの覗き見攻撃はその実行主体が人間であった.しかし近年ではビデオカメラにより認証行為を撮影し,その映像記録から秘密情報を解析し,収集する手法が用いられる傾向にあり,その手法による事件も実際に発生している.しかし,そうした脅威に対して有効な技術的対策手法は数少なく,またそれらの手法の多くは,現状の脅威に対して部分的な安全性のみを提供するにとどまるか,安全性は向上するものの,ユーザによる実行可能性が低い手法であったりする.そこで本論文では,現状の脅威を基に覗き見攻撃において想定すべき脅威を整理し,その脅威に対しても安全性を確保しうる手法としてfakePointerを提案した.fakePointerは,認証行為の映像記録があったとしてもユーザの入力値を特定困難にする入力インタフェースと,認証のたびにランダムに生成される回答選択情報を利用した回答入力方法のランダム化により,現状で想定される覗き見攻撃の脅威に対しても一定の安全性を確保しうる認証手法となっている.I propose a novel user authentication scheme called “fakePointer”. The system makes peeping attack with a video camera hard on a user authentication. A peeping attack is one of threats for a user authentication. An attack looks into a target authentication activity from a behind and thieves secret information of the target. In these days, moreover, a method of the attack has changed to recording an authentication activity as a movie by a video camera. It also changed supposed threats of the attack. In this paper, I reconsider about threats of the peeping attack in a latest attack method and make clear a necessary requirement for building a secure authentication. One of the requirement is that it is hard for an attacker to identify user input from a video record of victim's authentication activity. The other is that input method of secret must be randomized in each authentication action. I realize a user authentication scheme as a fakePointer that meets with above requirements.
    Scientific journal, Japanese
  • 個人認証システム「あわせ絵」の安全性と利便性に関する評価実験
    高田哲司; 大貫岳人; 小池英樹
    情報処理学会論文誌, 47, 8, 2602-2612, Aug. 2006, Peer-reviwed
    Scientific journal, Japanese
  • Awase-E: Recognition-based image authentication scheme using users' personal photographs
    Tetsuji Takada; Takehito Onuki; Hideki Koike
    2006 INNOVATIONS IN INFORMATION TECHNOLOGY, IEEE, 481-485, 2006, Peer-reviwed, In this paper, we propose a recognition-based image authentication system, named "Awase-E". There are two unique features in the system. One is to use users' personal photographs as their secret information. The other is that the system introduces a "no answer" case in a verification of an authentication trial. We developed an web-base prototype system and conducted exploratory experiments to determine the memorability of this secret information. As a result of the experiments, we determined that the memorability of the secret information in Awase-E is almost the same as the memorability of a PIN number, even over a long period of time with infrequent use. Moreover, even after users are forced to update their secret information, they can pass the authentication without forgetting the secret information or confusing the old and new secret information. We also present a comparison between Awase-E and PIN authentication regarding both security and usability, and we indicate that the Awase-E has potential to become a reasonable candidate as an alternative to PIN authentication.
    International conference proceedings, English
  • A Study for Some Experiences of the Operation of Highly Interactive Decoy System
    SHIBUYA YOSHIHIRO; KOIKE HIDEKI; TAKADA TETSUJI; YASUMURA MICHIAKI; ISHII TAKEMOCHI
    IPSJ journal, Information Processing Society of Japan (IPSJ), 45, 8, 1921-1930, 15 Aug. 2004, Peer-reviwed, With the rapid increase of the number of Internet users, now network use is indispensable to individuals and to organization. Although Internet provides us various services and our lives depend on it heavily, we have many problems of suspicious accesses. However, there are few opportunities to recognize what an actual exploit is, and it is difficult to recognize of the security, that is not visible. In this paper, we deployed a decoy system based on the highly interactive level Honeynet Project has defined. This system enables to be decoy on the OS level, making intruders act freely without restriction. It records not only the known activities, but unknown vulnerabilities and activities without being notified by the intruders. Currently, the concept of highly interactive level decoy system is new, the information in these system is not fully available. Prom these references, we have conducted an operation of the system, while adding some new features that were necessary. By analyzing all the logs from the system, we describe problems and propose the suitable operation methods.
    Scientific journal, Japanese
  • SnortView: NIDSの誤検知判別を目的とした視覚化システム
    大野一広; 高田哲司; 小池英樹
    情報処理学会論文誌, 44, 11, 2757-2766, Nov. 2003, Peer-reviwed
    Scientific journal, Japanese
  • Awase-E: the Method Enables an Image-based Authentication to be More Secure and Familiar for Users with Providing Image Registration and User Notification
    TAKADA TETSUJI; KOIKE HIDEKI
    Transactions of Information Processing Society of Japan, Information Processing Society of Japan (IPSJ), 44, 8, 2002-2012, 15 Aug. 2003, Peer-reviwed, We propose the method that makes image-based authentication to be more secure and familiar to users. We introduce a novel image-based authentication system, called "Awase-E", based on the methods. Current image-based authentications have some problems: using artificial images, necessary for memorizing some but not a few images and presenting password images at all time. In order to improve them, we introduce "image registration" and "notification to users" into image-based authentication. It makes possible to reduce the load to human memory and build a security against some types of attacks.
    Scientific journal, Japanese
  • Awase-E: Image-based authentication for mobile phones using user's favorite images
    Tetsuji Takada; Hideki Koike
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2795, 347-351, 2003, Peer-reviwed, There is a trade-off between security and usability in user authentication for mobile phones. Since such devices have a poor input interfaces, 4-digit number passwords are widely used at present. Therefore, a more secure and user friendly authentication is needed. This paper proposes a novel authentication method called "Awase-E". The system uses image passwords. It, moreover, integrates image registration and notification interfaces. Image registration enables users to use their favorite image instead of a text password. Notification gives users a trigger to take action against a threat when it happens. Awase-E is implemented so that it has a higher usability even when it is used through a mobile phone. © Springer-Verlag Berlin Heidelberg 2003.
    Scientific journal
  • MieLog: A highly interactive visual log browser using information visualization and statistical analysis
    T Takada; H Koike
    USENIX ASSOCIATION PROCEEDINGS OF THE SIXTEENTH SYSTEMS ADMINISTRATION CONFERENCE (LISA XVI), USENIX ASSOC, 133-144, 2002, Peer-reviwed, System administration has become an increasingly important function, with the fundamental task being the inspection of computer log-files. It is not, however, easy to perform such tasks for two reasons. One is the high recognition load of log contents due to the massive amount of textual data. It is a tedious, time-consuming and often error-prone task to read through them. The other problem is the difficulty in extracting unusual messages from the log. If an administrator does not have the knowledge or experience, he or she cannot readily recognize unusual log messages. To help address these issues, we have developed a highly interactive visual log browser called "MieLog." MieLog uses two techniques for manual log inspection tasks: information visualization and statistical analysis. Information visualization is helpful in reducing the recognition load because it provides an alternative method of interpreting textual information without reading. Statistical analysis enables the extraction of unusual log messages without domain specific knowledge. We will give three examples that illustrate the ability of the MieLog system to isolate unusual messages more easily than before.
    International conference proceedings, English
  • Tudumi: Information visualization system for monitoring and auditing computer logs
    T. Takada; H. Koike
    Proceedings of the International Conference on Information Visualisation, 2002-January, 570-576, 2002, Peer-reviwed, © 2002 IEEE. Computer security breaches are already a major problem in using computers. The most basic defense against it is to monitor and audit the computer logs. Computer logs, however have a huge amount of textual data. It is, therefore, almost impossible to inspect them manually using current systems. We propose a log visualization system called «Tudumi». Tudumi consists of several functions which assist system administrators to perform such tasks manually. These functions are information visualization, log summarization and reflecting known rules into the visualization method. Tudumi makes it easier to detect anomalous user activities, such as intrusion, from a huge amount of computer logs.
    International conference proceedings
  • MieLog : Log Information Browse with Information Visualization and Text Mining
    TAKADA Tetsuji; KOIKE Hideki
    Transactions of Information Processing Society of Japan, Information Processing Society of Japan (IPSJ), 41, 12, 3265-3275, 15 Dec. 2000, Peer-reviwed, It is necessary for system administrator to investigate some log information. The reason is that log-files contain enormous information generated from an operating system and various programs and these information are useful to solve a variety of troubles on computer. Moreover, an intrusion to the computer becomes serious problem more and more. A system administrator, therefore, has to watch a log information periodically in order to find out the intrusion marks. In this research, we developed log information browsing systemwhich is called"MieLog", in order to support such task. MieLog extracts some characteristics from log information. An example of these characteristics is the number of log outputting in fixed time or the length of log text. MieLog, moreover represents their characteristics visually with textual information. As a result, MieLog makes it easier for systemadministrator to investigate log information.
    Scientific journal, Japanese
  • A Proposal of Novel Intrusion Management Using Log Information Visualization Systems by Multiple Users
    TAKADA Tetsuji; KOIKE Hideki
    Transactions of Information Processing Society of Japan, Information Processing Society of Japan (IPSJ), 41, 8, 2216-2227, 15 Aug. 2000, Peer-reviwed, An intrusion to the computer becomes a serious threat. Some methods to cope with them are already proposed. Such methods, however, do not come to use widely, because these methods have some problems respectively. We extract the problem from existing intrusion management. As a result of it, we led that periodical log inspection makes a computer more secure against the intrusion. We suggest a log information visualization system that helps inspecting log information. We propose two visualization methods in this research. One is a summary visualization. The other is a time based visualization. Both methods enable an inspector to investigate log information more easily and effectively. This advantage makes it possible for a novice user to investigate log information. We also propose a novel intrusion management that monitors log information by multiple users using visualization systems.This method can improve not only the problem in existing intrusion detection systems but also the problem originated in human factor.
    Scientific journal, Japanese
  • 逃げログ: 削除まで考慮に入れたログ情報保護手法
    高田哲司; 小池英樹
    情報処理学会論文誌, 41, 03, 823-831, Mar. 2000, Peer-reviwed
    Scientific journal, Japanese
  • VisuaLinda: a framework for visualizing parallel Linda programs
    Hideki Koike; Tetsuji Takada; Toshiyuki Masui
    IEEE Symposium on Visual Languages, Proceedings, 174-178, 1997, Peer-reviwed, This paper describes the VisuaLinda system, which is an integration of a Linda server and a visualizer of parallel Linda programs. Since the visualization module is built in the Linda server, programmers do not need to put additional visualization primitives in their client programs in order to visualize the behavior of their programs. This framework significantly reduces the programmers' burden in debugging parallel programs, owing to the following two features. First, it minimizes the 'probe effect,' which is one of the main concerns in monitoring parallel programs. Second, VisuaLinda uses three-dimensional space to display both the relation between the Linda server and the client programs, and the execution of client programs. This framework can be used to display a much larger number of processes than using 2D visualization techniques, see two relations simultaneously, improve the visibility of communication lines, and see each process's state as well as the overview of the execution.
    International conference proceedings

MISC

  • "Exploring the Design Space of Graphical Passwords on Smartphones"の紹介
    高橋雅香; 高田哲司
    04 Nov. 2013, 研究報告セキュリティ心理学とトラスト(SPT), 2013, 11, 1-2, Japanese, 170000078738
  • Image-based User Authentication
    KOIKE Hideki; MASUI Toshiyuki; TAKADA Tetsuji
    現在の情報社会において,個人認証手法として一般的なのは4桁PINや英数字パスワードといった文字列パスワードである.その安全性の根拠は組合せの数であるが,実際には人々は記憶を容易にするため簡単な文字列を選択する傾向が強い.またキーボードによる文字入力はユビキタス環境において使いやすいとは言えない.これに対し,画像を用いた認証手法が研究開発されている.本人しか知り得ない記憶情報を鍵として使用することによる安全性の高さ,記憶負荷の低さ,入力の容易さといった利便性の高さがその特徴である.本稿では,画像認証の概要,システム例,利点と問題点などについて解説する., Information Processing Society of Japan (IPSJ), 15 May 2006, IPSJ Magazine, 47, 5, 479-484, Japanese, 0447-8053, 110004720791, AN00116625
  • 逃げログ--削除まで考慮に入れたログ情報保護手法
    高田 哲司; 小池 英樹
    共立出版, May 2000, Bit, 32, 5, 47-53, Japanese, 0385-6984, 40000002925, AN00000416

Lectures, oral presentations, etc.

  • ログインページの運用方法変更によるパスワード認証の安全性改良法
    根本啓佑; 高田哲司
    Oral presentation, Japanese, インターネットと運用技術シンポジウム(IOTS 2023), 情報処理学会 インターネットと運用技術研究会, Peer-reviewed, Domestic conference
    07 Dec. 2023- 08 Dec. 2023
  • Webブラウザにおけるフィッシングページ検出の実現可能性調査
    渡邉祐貴; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2023 (CSS 2023), http://www.iwsec.org/css/2023/
    31 Oct. 2023
  • 推測攻撃対策を意図したペア情報による個人認証手法の安全性・利便性評価:単語ペアと絵文字ペアの比較(第2報)
    横山佳紀; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2022 (CSS 2022), 情報処理学会 コンピュータセキュリティ研究会, ハイブリッド(熊本), http://www.iwsec.org/css/2022/, Domestic conference
    24 Oct. 2022
  • 二要素認証の利便性向上に向けた一考察:物理デバイスの所持を不要にする二要素認証の提案
    高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2021 (CSS 2021), 情報処理学会 コンピュータセキュリティ研究会, オンライン開催, http://www.iwsec.org/css/2020/, Domestic conference
    26 Oct. 2021
  • Pict Place Authentication: 再認式画像認証における回答方法変更による安全性改善の試み
    吉田光宏; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2020 (CSS 2020), 情報処理学会 コンピュータセキュリティ研究会, オンライン(神戸), http://www.iwsec.org/css/2020/, Domestic conference
    27 Oct. 2020
  • 推測攻撃対策を目的としたペア情報による個人認証の安全性評価:単語ペアと絵文字ペアの比較
    横山佳紀; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2020 (CSS 2020), 情報処理学会 コンピュータセキュリティ研究会, オンライン(神戸), http://www.iwsec.org/css/2020/, Domestic conference
    27 Oct. 2020
  • 録画による覗き見攻撃に安全な個人認証のユーザインタフェース改良による実用性向上
    江原知志; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2020 (CSS 2020), 情報処理学会 コンピュータセキュリティ研究会, オンライン(神戸), http://www.iwsec.org/css/2020/, Domestic conference
    27 Oct. 2020
  • Pict Place Shuffle: 情報配置と間接入力による再認式画像認証の改良
    吉田光宏; 高田哲司
    Poster presentation, Japanese, 情報処理学会 インタラクション 2020, 情報処理学会 HCI, GN, UBI, EC研究会, 東京, Peer-reviewed, http://www.interaction-ipsj.org/2020/, Domestic conference
    11 Mar. 2020
  • 機械学習による悪意あるWebブラウザ拡張機能検出の試み: 良性/悪性の挙動の差に基づくデータを用いて
    大石雄大; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2019 (CSS 2019), http://www.iwsec.org/css/2019/program.html#i2D3, Domestic conference
    22 Oct. 2019
  • 画像選択から画像配置へ:操作負担に配慮した2段階回答による画像認証の安全性改善
    吉田光宏
    Poster presentation, Japanese, コンピュータセキュリティシンポジウム 2019 (CSS 2019), 情報処理学会 コンピュータセキュリティ研究会, 長崎, http://www.iwsec.org/css/2019/demo.html, Domestic conference
    21 Oct. 2019
  • 「かわいい」はセキュリティ警告の効果を改善しうるか?(第2報)〜心理効果による安全行動誘引の試み〜
    皆川諒; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2018 (CSS 2018), http://id.nii.ac.jp/1001/00192045/, Domestic conference
    22 Oct. 2018
  • 安全な秘密情報利用の動機付けを目的とした個人認証のゲーム化
    服部夢二; 高田哲司
    Oral presentation, Japanese, 情報処理学会 コンピュータセキュリティ研究会, http://id.nii.ac.jp/1001/00186266/, Domestic conference
    Mar. 2018
  • 私的な連想情報の再認による個人認証と安全性評価
    山岸伶; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2017 (CSS 2017), http://id.nii.ac.jp/1001/00187186/, Domestic conference
    23 Oct. 2017
  • 馴化を抑制しうる新たなセキュリティ警告の探求:かわいいとその付加刺激の効果に関する評価
    皆川諒; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2017 (CSS 2017), http://id.nii.ac.jp/1001/00187169/, Domestic conference
    23 Oct. 2017
  • 不可視Webコンテンツ特徴に基づくDrive-by Download攻撃の検知と調査支援ツールの提案
    荻野貴大; 高田哲司
    Oral presentation, Japanese, 情報処理学会 コンピュータセキュリティ研究会, http://id.nii.ac.jp/1001/00178420/, Domestic conference
    03 Mar. 2017
  • 1つの秘密情報で複数の安全性を提供しうる個人認証
    高田哲司; 森康洋
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2016 (CSS 2016), Domestic conference
    13 Oct. 2016
  • Webページ内リンク情報の変化に基づくWeb改ざん検知の有効性検証
    望月翔太; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2015 (CSS 2015), http://id.nii.ac.jp/1001/00146827/, Domestic conference
    22 Oct. 2015
  • 回答候補画像の追加と正解画像の集中配置による再認式画像認証の安全性改善と操作負担抑制
    森康洋; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2015 (CSS 2015), http://id.nii.ac.jp/1001/00146863/, Domestic conference
    22 Oct. 2015
  • Androidマルウェアへの対策行動を誘導する警告手法の提案
    高橋雅香; 高田哲司
    Oral presentation, Japanese, 情報処理学会 コンピュータセキュリティ研究会, http://id.nii.ac.jp/1001/00113619/, Domestic conference
    06 Mar. 2015
  • 個人認証のパーソナライズ化を目指した規則ベース個人認証の提案
    高浪悟; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2014 (CSS 2014), http://id.nii.ac.jp/1001/00106613/, Domestic conference
    23 Oct. 2014
  • Authentication shutter: 個人認証に対する攻撃を遮断可能にする対策の提案
    高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2014 (CSS 2014), http://id.nii.ac.jp/1001/00106614/, Domestic conference
    23 Oct. 2014
  • 疑わしい通信の検知支援を目指したクライアント計算機向け通信視覚化システムの提案
    後藤颯; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2014 (CSS 2014), http://id.nii.ac.jp/1001/00106553/, Domestic conference
    22 Oct. 2014
  • リンク情報の時間変化に着目したWeb改ざん検知支援システムの提案
    望月翔太; 高田哲司
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2014 (CSS 2014), http://id.nii.ac.jp/1001/00106563/, Domestic conference
    22 Oct. 2014
  • 選択と並び替えによる個人認証手法の提案
    森康洋; 高田哲司
    Poster presentation, Japanese, コンピュータセキュリティシンポジウム 2014 (CSS 2014), http://www.iwsec.org/css/2014/demo.htm, Domestic conference
    21 Oct. 2014
  • 情報視覚化によるDBD(Drive-by Download)攻撃対策の一検討 "
    尼子雄大; 高田哲司
    Oral presentation, Japanese, 情報処理学会 コンピュータセキュリティ研究会, http://id.nii.ac.jp/1001/00098848/, Domestic conference
    07 Mar. 2014
  • 振動機能を応用した携帯端末での個人認証における覗き見攻撃対策手法
    石塚正也; 高田哲司
    Public symposium, Japanese, コンピュータセキュリティシンポジウム 2013 (CSS 2013), 情報処理学会 コンピュータセキュリティ研究会, 高松, http://id.nii.ac.jp/1001/00098266/
    Oct. 2013
  • 似顔絵認証: 情報認知の個人差を用いた記憶照合型個人認証への推測攻撃に対する安全性向上策の提案
    益尾文里; 高田哲司
    Public symposium, Japanese, コンピュータセキュリティシンポジウム 2012 (CSS 2012), 情報処理学会, 島根, http://id.nii.ac.jp/1001/00086735/
    Nov. 2012
  • 同時押し認証: 暗証番号認証の改善を目指した一つの試み
    国分佑樹; 高田哲司
    Public symposium, Japanese, マルチメディア、分散、協調とモバイルシンポジウム (DICOMO 2012), 情報処理学会, 石川
    Jul. 2012
  • 災害被災者の生活復旧支援を目的とした「自分証明書」に関する一検討
    高田哲司
    Public symposium, Japanese, コンピュータセキュリティシンポジウム 2011 (CSS 2011), 情報処理学会 コンピュータセキュリティ研究会, 新潟, http://id.nii.ac.jp/1001/00077998/
    12 Oct. 2011
  • fakePointer 2 : 個人認証における覗き見攻撃への安全性を向上させるユーザインタフェースの提案
    高田哲司
    暗号と情報セキュリティシンポジウム (SCIS 2007)
    Jan. 2007
  • 鼓: 不正侵入検知を目的としたログ情報の視覚化
    高田 哲司; 小池 英樹
    Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2000 (CSS 2000)
    27 Oct. 2000
    26 Oct. 2000- 27 Oct. 2000
  • 逃げログ - 削除まで考慮に入れたログ情報保護手法
    高田哲司; 小池英樹
    情報処理学会 研究報告1999-CSEC-005
    21 May 1999
  • ログファイルの視覚化による不正侵入検知手法の提案
    高田哲司; 小池英樹
    コンピュータセキュリティシンポジウム (CSS'98)
    Oct. 1998
    Oct. 1998 Oct. 1998