DICOMO2008 促廛蹈安ッ�ッ�

促泪谷促船叩促妊贈促蔵臓造分損其臓造其即調造肇但促丱造促谷(DICOMO2008)促揃促坦促櫂存促側促�

促損促奪揃促巽促坦 6A 促優奪肇錙実ヂ�∥βヂ斬ヂ㌢ッヂッ�テヂ�(CSEC)
�端損綻: 2008年7揃樽10�端(��) 13:50 - 16:00
�担族属: 促櫂辿促螢�
尊�長: �歐孫揃�祐 (KDDI存側袖脱遜棚)

6A-1 (損綻卒�: 13:50 - 14:15)

�棚名	促曠孫促肇戞村促孫�命速卒道襯径ヂ溝テッ�造砲捉造賊造谷促蹈安消庵�坦村箪遜存�箪村属
�淡村�	*属丹属脱遜啣丹, �嘆�� 善�� (名存轍属孫息其��巽続�), 福�� 亮贈 (属側�龍袖属辿�巽続�), 孫�渕他村�坦 (其甬γ�巽続�), ��淡存淡�綻 (卒担�狸�巽続�)
Page	pp. 1243 - 1251
Keyword	促優奪肇錙実ヂ�監暫�, 分損其促蹈庵��存, 促如村促多村箪遜存�箪村属, 促損促奪揃促巽促坦他丹�坦��坦
Abstract	促揃促孫促謄爐�獣��呂孫造谷促蹈安消庵�坦造蓮造袖臓卒誰造笋渋っﾃ�淡�兌圓両探�屐造袖坦動造嘆�里谷他奪造之腓�ぢ溝ぢ蛎とのでぢ㌢なぢぢ消庵�坦造任蔵造襦ヂ乎採��なログ他丹�坦造亮箪遜存造辰��存臓造卒��箪造竜損遜僂蓮造促揃促孫促謄�造嘆属��棚的造束造銚炭族�的造鳳多�僂孫造襪紳っ∥に獣��廚任蔵造襦ッ�命速造離蹈安消庵�坦造嘆�僂造造��命速卒道谷造嘆孫圓側製�覆任蓮造促優奪肇錙実ヂ�消ヂっ�LAN造僚��綻造棚存箪造筌斬ヂ安ッ∥ッ蛎トぢ澗とっ��屬袖造譴紳ルー促多造里箸続造鱈造法造�狸�僖蓮村促疋側促則促蔵臓憤焚村臓造促廛蹇実ブと呼ぶ）ぢ��屬袖造狸造討造造襦ヂプロー促屬測��屬袖造譴紳ルー促多造嘆�眠瓩溝っ��命速促僖賊促奪箸世賊造測村竪�世袖造狸造襪紳め，促損促属促叩促坦促��但造離曠孫促�同損里��命速造離蹈安消庵�坦造亮竪�世郎造�単造任蔵造襦ヂ我々造蓮造卒道谷�仂櫃離優奪肇錙実ヂ�にぢ�ぢぢて潅斬言獣�覆任麓竪�世測尊造�単造任蔵造辰多�命速促僖賊促奪箸鬚垢戮銅竪�世揃臓造促曠孫促�同損里��命速造両楮戮嘆�聴速造孫造襪蛎とっ加�椹悗揃造討造造襦ッ��文造任蓮造卒道谷�仂櫂曠孫促箸砲捉造造造��命速造里孫造戮撞足録造孫造谷造箸造造側多揃造揃造造卒道谷促但促妊谷造嘆��蠅径て∥ぢぢ渋ぢ蛎で考ぢ�っ�っ�っ�加��棚造里側造繊造続謄曠孫促箸卒造箸��命速促蹈安の渋乎�坦造��鱈�椶揃臓造促蹈安消庵�坦造亮箪遜存造琉狸�箪村属造嘆�坦属討孫造襦�

6A-2 (損綻卒�: 14:15 - 14:40)

�棚名	Evanescent Blacklisting for Automated Network Attack Mitigation
�淡村�	*Erwan Le Malecot (Kyushu University), Pascal Jinkoji (Supelec), Yoshiaki Hori, Kouichi Sakurai (Kyushu University)
Page	pp. 1252 - 1257
Keyword	Blacklist, Firewall, Network, Security, Mitigation
Abstract	1. Abstract With a skyrocketing number of proposed services, TCP/IP networks have been adopted by numerous organizations as part of their infrastructure. Unfortunately, that diffusion quickly attracted the attention of malicious people and as a result, TCP/IP networks are now facing a massive and incessant flow of attacks. A large portion of this flow is generated by automated processes such as scanning tools and worms. To counter those attacks, system administrators usually rely on Intrusion Detection Systems (IDSs) coupled up with the blacklisting of offensive hosts. However, that approach is showing its limits with the multiplication and dissemination of the attackers. In this paper, we propose to adapt current mitigation techniques to those new traits of attackers by associating a fading mechanism to blacklists. 2. Background In order to cope with network attacks, system administrators use active devices, typically firewalls. A firewall is a device that inspects the traffic exchanged by specified networks and, denies or allows the associated packets to pass based on a set of rules. The rules match selected packet attributes and specify the actions to perform in case of successful matches. Thus, by applying intrusion detection techniques, system administrators can gather lists of IP addresses corresponding to malicious hosts and then use firewalls to deny further traffic coming from those hosts (i.e. blacklisting). Still, this approach is showing its limits: IP addresses are increasingly assigned dynamically and reassigned frequently, attackers can forge suspicious packets seemingly coming from genuine hosts (i.e. spoofing), or simply can control many hosts (i.e. botnets). Consequently, blacklists should frequently be purged to avoid being overloaded by outdated information, and more importantly, to avoid denying access to previously spoofed genuine hosts. But, concurrently, attackers can also slow down their packet emission rate to try to evade such blacklisting mechanisms. 3. Evanescent Blacklisting Scheme System administrators are then confronted with contradictory directives as mitigating such slow attacks would require long term blacklisting, which is quite incompatible with the previously mentioned constraints. To deal with that rising conflict, we propose an original blacklisting scheme based on the use of random packet dropping as a way of penalizing initially blacklisted IP addresses while providing (mistakenly judged) genuine hosts a chance to pass traffic through the regulating system. The percentage of random packet dropping associated with an IP address, flagged by the system as potentially malicious, is to decrease progressively from 100% to finally become null after a specified amount of time. So a flagged IP address goes through several statuses, from fully banned to fully trusted again. If an IP address happens to be continuously sending malicious traffic, it is to be kept as untrusted, and thus will be continuously penalized. 4. Leads In order to validate the proposed approach and experimentally determine several required parameters, we started to implement our scheme using several Commercial Off-The-Shelf (COTS) firewalling frameworks. The initial testing results are really encouraging so we plan to polish our prototype to finally deploy it on a live network portion.

6A-3 (損綻卒�: 14:40 - 15:05)

�棚名	IPSec�命速造測族�能造淵蔵促疋譽甲�儡孫造砲竪造谷IPv6袖臓卒誰造琉��透族叩造淵蔵促俗促損促孫村棚法
�淡村�	*孫探�� 遜即�� (促脱促咼謄奪俗臓臓促脱促咼足促多促孫存側袖脱遜棚/�轍測�巽続��造族奮惶損遜��巽続惘臓), 属脱他奪 �樽之 (孫足�巽損�立�巽続��巽続惘臓他丹�坦族奮惴側袖脱族�), 族速�樽損� (促脱促咼謄奪俗), �亳其多� (�轍測�巽続��造族奮惶損遜��巽続惘臓)
Page	pp. 1258 - 1265
Keyword	袖臓卒誰卒��箪, 存��螢�ドレス, 促蔵促疋譽甲�儡孫, IPv6, IPSec
Abstract	其叩年臓造IP�命速袖臓能造測�谷尊椶袖造譴紳消庵�坦族��鼎筌斬ンサデバヂぢヂ溝などの蟻∥器が製�焚遜造袖造狸造討造造襦ヂぢ蛎っ�っ�の蟻∥潅�は∥ぢ蟻∥潅�ユー促其造離優奪肇錙実ヂ�っ��弍綻造揃造多促蔵促疋譽溝ぢ��与造袖造狸造襪�∥ぢつねっ�同属狸造�IP促蔵促疋譽溝でぢ蛎っ�っ�の蟻∥潅�っ��命速造任足造狸造弌造賊坦続屬束造薺∥潅�っﾃ�歇蕁っ��尊遏ぢ監暫�っ佳行ぢβぢ蛎とぢ��動廚砲覆襦ド�者っ�は∥っ��箪存綻造離蔵促疋譽甲�儡孫袖臓孫遜造嘆損箪造張蔵促疋譽甲�儡孫�探�屬嘆�僂造臓造存��棚造�IPv6促蔵促疋譽溝っ加�僂造造多袖臓卒誰造�他促痢村促匹��命速造嘆族�能造箸孫造谷村棚法LTA6造嘆�坦属討揃造討造造襦ヂぢ径ぢ�ぢ径∥ぢぢ蛎の蔀�∥では∥ぢ蟻∥潅�っﾃ�歇蕁っ��尊遏ぢ監暫�っ佳行ぢγ蔀�旦造筏臓卒誰造隆屬�IPSec�命速造測造任足造覆造造箸造造側�辰�蠅�ぢ�っぢ紳∥ッ�楾討任蓮造造続造狸造辿造隆屬�IPSec�命速造嘆族�能造箸孫造襯�ドレス続辰�旦造銅棚法造嘆�坦属討孫造襦ッ�楴棚法造任蓮造促蔵促疋譽甲�儡孫造�前存奪造�ICMPv6臓造TCP臓造UDP促悒奪��但造亡泙泙狸造谷促船則促奪俗促袖促�造��儿孫造測生造存造覆造造茲βっ�動的造淵蔵促疋譽溝っ佳鈎っ�旦造討襪蛎とで∥�IPSec�命速造嘆族�能造砲揃造討造造襦ヂまぢ紳∥ぢチヂ�ッヂ�ヂ蟻ッ�造僚颪⑳孫造即造嘆��廚箸孫造襪蛎とで∥ぢヂ�ドレス�儡孫�探�屬僚竪�箪�辿族戮��禪座っ佳加�能造砲揃造討造造襦�

6A-4 (損綻卒�: 15:05 - 15:30)

�棚名	促損促足促絅�マッ�チヂ㌢ャス促箸��命速�霧炭率族遜
�淡村�	*属�藤隆, �� 揃嘆 (損属菱�典臓続�芦単村� 他丹�鶺蚕��鱈孫膰β誼β獣�)
Page	pp. 1266 - 1269
Keyword	存属卒��箪, �端��唇店脱, 促泪谷促船足促礇溝ッ�, Subset Cover

6A-5 (損綻卒�: 15:30 - 15:55)

�棚名	孫遜成他��正臓能造嘆損箪造勅��但�命速促廛鱈促肇続促谷造��坦属�
�淡村�	*袖伐測存族, 他速揃則村歎, 西�樽多多 (促肇茱�IT続束発促損促鵐拭村), �� 淡揃�, �巽�� 竪, 尊贈属脱遜即村湛 (損尊其筏損遜��鱈孫膰β誼β獣�消庵�鵐札足促奪促棚促謄贈存側袖罐斬ンタ∥�)
Page	pp. 1270 - 1275
Keyword	村嶌椒揃促孫促謄�, 促損促足促奪促棚促謄贈, 促廛鱈促肇続促谷, 孫遜成他��
Abstract	贈賊臓促遜淡其叩年臓造村�両�但造旅遜成�担�覆砲弔造造��纏�制存脱�仂櫃箸覆谷造但造里��箪族叩造造遜造狸造辿造嘆造弔覆属�命速�担分造砲弔造造�標遜牴渋ぢ蟻れた促優奪肇錙実ヂ�蟻斬術っ� 導�綻造測造孫造孫造漾造村�両�但LAN造楼狸�未離捉促侫贈促孫造辰族��鱈造砲蔵造谷LAN造��損歎造揃造多揃��屬箸覆辰討足造多臓促造泙多臓造ITS其罰側造任蓮造村崋峇��命速袖臓能造�全村�両造悗��谷尊椶箸遜造狸造嘆 �僂造造多存嘆�婿旦存��禪座ヂ�プリケ臓村促揃促巽促鵑��世袖造狸造討造造襦ヂぢ蛎っ�は∥� 続銅�両造測村束村屬琉��屐造速��湛造両探�崗丹�坦造嘆村綻属呂縫屮蹇実ドヂ㌢ャス促� 造揃臓造造遜造狸造砲竪造辰討蔵造谷村�両造麓綻属呂亮�両造虜贈存奪造�動造足造嘆予測造任足造谷造続造箸束造蕁ぢ消��融旦存里硫�能性造測造蔵造谷他狸孫巽造法造�鱈属婀足袖俗臓造揃拗陲△襪� 造浪丹�綻的造�制存罎溝るこ造箸如造損旦存里��禪座っ佳ねらう造但造里任蔵造襦� 造続造里多造瓠ぢ安㌢意ぢ�っ�者ぢ�乎㌢っぢ紳消庵�坦造嘆村崋峇��命速造��歎遜个孫造襪蛎っ� 造埜嘆�未嘆�達叩磴蟻ぢ斬っ�よう造覆続造箸測族�能造箸覆襦ヂ言ぢぢ澗溝ぢ�っ�ば∥ぢ車っ� 村匆単造嘆損戮即造襯ぢッ蛎フッ�の庵��担造箸覆辰多造箸造造側造続造箸任蔵造蝓っ��屐造鉄道制存脱造箸造造辰多 SCADA 促揃促孫促謄�造�同�佑離損促足促奪促棚促謄贈造嘆袖叩造叩造辿造狸造襦� 造続造狸造嘆村存遜造孫造谷造砲蓮造村�両�但造��谷尊椶袖造狸促優奪肇錙実ヂ�佳渋ぢ蟻っ�るコ促坦促團紂実ヂ紳ノ∥実ド（車載器あ造襪ぢっ� ECU造噺討屐促�楾討任蓮造属焚村 ECU 造筏足造孫臓砲測正造揃造造属嫂泙揃造多促廛蹈安ッ�ッ�造�動尊遒径てぢぢるこ造箸嘆�歉擇孫造谷損��箸漾造造孫造覆誰造噌遜成他��世測必�廚箸覆襦ヂぢ径ぢ�ぢ径なぢ�ら，村�両�但造��谷尊椶袖造狸造谷 ECU 造蓮造属狸�未�PC �湛造��脱造��達促螢渋∥実ヂ溝なっ�のでぢ�っ� 造多造瓠ぢぢ渋ぢ蛎っ��淡�僂袖造狸造討造造觜柔�消��世��箪村属造鬚修里泙��淡�僂孫造襪� 造箸呂任足造覆造臓促造続造里茲βっ��愀覆束造蕁っ�楾討任蓮造�達促螢渋∥実ヂ溝っ�多多担造離痢村促� + 造辰造辰促螢渋∥実ヂ溝っ佳暫渋つ沼�臣澗のノ∥実ドぢ�ネットワー促俗族遜造袖造狸造討造造谷造箸造造側他嘆揃誰造砲捉造造造�, 造遜造狸造辿全�里測其即調造揃造胴遜成他��世嘆村存遜造孫造谷造多造叩造離痢村促百屬任�認他� (Attestation) �箪村属造嘆�坦属討孫造襦� 贈族臓促必�弋臓能 �坦属��箪村属造任蓮造族村袖足造隆丹�楜臓能造嘆村存遜造孫造襦� 臓側村��但LAN造砲捉造造造導� ECU 造蓮造促遜促侫肇側促則促蔵孫遜成造測袖旦族弔袖造譴臣�任� 造蔵造襪蛎とぢ�鈎ﾇ�ぢ蟻れた ECU 造箸里漾造�命速族�能造箸覆谷臓側続� ECU 卒��命速造砲捉造賊造谷族綻達但�瓢� 臓側村�両造砲捉造造造討蓮造遜造�箪造砲竪造棚 ECU 造遜造里但造里慮魎后造続� ECU 造� 造捉造造造��谷尊椒廛蹈安ッ�ッ�造嘆造竪造蠖径ぢ径ぢっ�任悗慮魎垢硫�能性造測造蔵造蝓� 造続造狸造辿造僚于抔奪造��儿孫造��个揃造討但正造揃造俗 ECU 造旅遜成造測認他擇袖造狸造谷前贈族孫�造砲竪造蝓ぢ蔀�両他探�屬嘆測�蠅溝るセ促鵐機村�瑤�辿�命速造砲竪造谷促如村促多造琉�動臓造ECU 造砲捉造賊造谷族湛息臓造村崋峇��命速造砲竪造谷発多速造箸造造側全造討� 促侫則臓村促尊造砲捉造造造董造族綻達但造任足造谷族�能性造嘆族坦�嘆造任足造襦� 贈続臓促�坦属銅棚法造粒袖�� 造泙尊臓造村�両�但造� Attestation 造嘆�狸�巽造帽圓側 Attestation Master ECU (属焚村単造� Master ECU 造筏足造孫) 造鮨卦測造�導�綻造孫造襦�Master ECU 造� 予造畤��棚造任足造襯斬ンタ∥実とっﾃ�命速造砲竪造蝓ぢ実�蔀�両造��谷尊椶袖造狸造谷族�能性造里蔵造谷全促痢村促匹亮誰�未肇廛蹈安ッ�ッ�造��任亡悗孫造谷促如村促多促戞村促孫造嘆損箪造帖促続謄痢村促匹蓮造袖俗動損綻造房束�谷尊椒廛蹈安ッ�ッ�造離魯奪揃促奪�佑嘆 Master ECU 造��坦孫陲掘造Master ECU 造��有促如村促多促戞村促孫造鮖仮箸揃臓造造遜造譴� 袖旦族弔袖造譴臣�任里但造里任蔵造襪�っ佳鈎ﾇ�ぢ溝る．続�認造袖造譴紳消�甲�のみ∥っ�旦続尊促痢村促匹��个揃臓造Attestation Token 造嘆発孫圓孫造襦ヂ鈎��痢村促匹蓮造他促痢村促匹箸��命速造忘櫃揃全�命速促僖賊促奪箸砲捉造造造� Attestation Token 造嘆造弔賊臓造続銅��痢村促匹� Attestation Token 造嘆続�認造任足造多他狸孫巽造里� 造遜造��命速�但�討嘆村探�箪造孫造襦� 贈卒臓促促廛鱈促肇多促造促彁樽尊樽造砲竪造谷評族� 促廛鱈促肇多促造促彁樽尊樽造砲竪造蝓� 臓側贈続他呂��坦属討揃造多村棚法造測贈族他呂能劼戮多袖臓能造嘆�綻造多造揃造討造造襪蛎っ� 臓側属狸�未��叩袖擇揃造討造造谷 TPM 促船奪廚嘆�僂造造多孫遜成他��世��脱造戞造同属狸 CPU 造任捉造茲� 100 �楾但速造任蔵造襪蛎と∥ぢ言ぢぢ澗溝ぢ�っ�っ� 100 分造裡賊造��達促螢渋∥実ヂ溝っ� ECU 造任但同�湛袖臓能造嘆村存遜造任足造襪蛎っ� 造嘆続�認造揃造多臓促