1. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 1 Research & Development for Internet Security in Japan November 24, 2000 Ryoichi Sasaki （ sasaki@sdl.hitachi.co.jp ） Senior Chief Researcher Systems Development Laboratory, Hitachi, Ltd. 14th AFSIT AFSIT : Asian Forum for the Standardization of Information Technologies

2. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 2 Table of Contents 1. Introduction 2. Security Threats and Countermeasures 3. Status on Security Countermeasures in Japan 4. Security Technology Creates Internet New Era 5. Current Status on Security R&D in Japan 6. R & D on Security Technologies in Hitachi 7. On Security Standards

3. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 3 1. Introduction Current Situation of Internet in Japan

4. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 4 Trend on Number of Hosts Connected to Internet (Number in '95 is 100% for each country) (%) Japan

5. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 5 Number of Internet Users in Japan From White Paper 2000 of Ministry of Posts and Telecommunications 76.7 11.6 16.9 27.1 10 20 30 40 50 60 70 Number (M Persons) 10 20 30 40 50 60 70 (%) 1997 1998 1999 2005 (Year) Diffusion Rate 1996 19.1%

6. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 6 Predicted Amount of E-Commerce (Business to Business) 0 20 40 60 80 100 120 140 160 180 199819992000200120022003 Japan USA Trillion Yen Year Announced by MITI in 1999 ９ 20 12 30 19 50 29 79 45 117 68 165

7. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 7 Background of Increase of Security Threat Big Digital Money Flow on Internet: More Powerful Attack to Get Big Money Increase of Victim Candidates Rapid Spread of Internet インターネットの普及 Increased Connection of Enterprise Network to Internet : Attack Increase via Internet to Extreme Valuable Information

8. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 8 Loss Caused by Attack to Security in USA Estimated by FBI / CSI 1996 1997 100M$ 100150 M$ 1998 1999 50 200 250 130M$ 120M$ 260M$

9. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 9 Number of Reported Security Incidents in Japan Data from JPCERT 97 1Q 97 2Q 97 3Q 97 4Q 98 1Q 98 2Q 98 1Q 98 3Q 98 4Q 99 1Q 99 2Q 99 3Q 99 4Q 00 1Q 0 100 200 300 400 500 600 700 800

10. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 10 2. Security Threats and Countermeasures

11. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 11 Objects Electronic Commerce Threats to Security Computer Files Threats to Security Loss of Confidentiality Loss of Integrity Loss of Availability (Repudiation) (Eavesdropping) (Interruption) (Improper Use) Loss of Evidence Network

12. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 12 (1) Protection against Intrusion (a) Access Control (Firewall etc.) (b) Encryption (2) Prevention,Detection, Recovery (a) Security Surveillance (b) Security Audit etc. Countermeasure against Attacker Countermeasure by Technology Countermeasure by Management (a) Security Policy Establishment (b) Security Education Attacker Intrusion Masquerade Security Hole Attack

13. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 13 3. Status on Security Countermeasures in Japan

14. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 14 Rate ％ 18.9 9.3 25.8 43.5 0.7 1.7 DecidedDecidingUnder Consideration Not DecidedUnnecessaryNo Answer Investigated by JIPDEC in 1999 No. of Companies ： 867 No. of Mean Employees ： 2194 persons Security Policy Investigated Results on Security Measure Status (1) is decided in only less than one fifth of companies. JIPDEC: Japan Information Processing Development Corporation

15. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 15 Rate(%) 23.8 12.5 62.2 1 0.6 Exist Under Consideration Not Exist Security Specialist exists in less than one fourth of companies. Investigated Results on Security Measure Status (2) Not Necessary No Answer

16. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 16 Investigated Results on Security Measure Status (3) 83.4 50.7 21.3 14.2 40.9 25.8 33.6 1.5 10.4 0 10 20 30 40 50 60 70 80 90 1 Usage of Password Usage of Firewall Usage of Access Control Soft Access Control to Outside Inhibition of Changing LAN Connection Log Analysis Others No Measure Firewall is used in more than 50% companies. Limitation of Network Operator

17. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 17 82.6 2.7 Usage of Cipher Not Usage No Answer Cipher is used in less than 15% companies. Investigated Results on Security Measure Status (3) 14.7 Rate(%)

18. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 18 4. Security Technology Creates Internet New Era

19. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 19 Inter Individuals Information Sharing GroupWare Mail, News, WEB Inner Companies Inter Companies Public, Home etc. EC(B to C)EC(B to C) E-Government EC(B to B)EC(B to B) E-Election New Social InfrastructureNew Social Infrastructure Internet * Intranet Extranet Socialnet Coverage E-Auction Future Direction Security Technologies Support Internet New Era Digital Signature Digital Watermarking Security Technologies Additional Features Information Exchange Improvement of work efficiency Application to Management Strategy Creation of new value of services E-Library Note ： * Narrow Meaning

20. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 20 Outline of Digital Signature (1) Entity Authentication : Protection from Masquerade (2) Message Authentication : Detection of Message Manipulation Real World Digital World Objectives (1) Entity Authentication (2) Message Authentication Usage of Seal or Signature for Identifying Originator Usage of Paper and Ink for Detecting Manipulation Digital Signature or Electronic Seal Usage of Asymmetric Cipher* : It is possible to identify single signature key user. Usage of Hash Function : It is possible to detect manipulation by checking hash value. * Asymmetric Cipher equals Public Key Cipher

21. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 21 Digital Signature Scheme Massage (M) Alice Encryption by Using Sa and Asymmetric Cipher Private Key of Bob ( Sa ) :Secret Hash Function(h) Hash Value ( h(M)) M +Digital Signature Digital Signature (S=Sa(h(M))) Bob Decryption by Using Pa and Asymmetric Cipher Public Key of Bob ( Pa ) : Open h’=Pa(S) h”=h(M) Compare Authenticated If only one bit of M was changed, the hash value will be changed totally Pair Keys Digital Signature (S=Sa(h(M))) Hash Function(h) M +Digital Signature =

22. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 22 Necessity of Certification Authority Objective:Certificate the real owner of public key Pa ( Protect to pretend Pc generated by Carol as Pa of Bob) Certification Authority:CA Bob Alice (1) Generate Private Key:Sa Public Key :Pa Private Key of CA: Sn Secret (2) Pa with Sn (Pa) (5) Signed Message + X.509 Certificate (6) Pn (7) Calculate Pa Pa= Pn(Sn(Pa)) (8) Use Pa for Verification Public Key of CA: Pn Open (4) Public Key Certificate (X.509 V.3) (3) Registration of Pa and the Owner (Note:There was same system in the era of King Hammurabi about 4100 years ago.) (Asymmetric Cipher )

23. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 23 Example of Structure for CAs Root CA CA11 CA12 EE1 EE2 EE3 EE4 EE: End Entity ( User of CA ) Hierarchical Structure of CAs Certificate CA1 CA2

24. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 24 PKI for Supporting Certification Root CA CA11 CA12 EE1 EE2 EE3 EE4 Certificate CA1CA2 PKI consists of protocols, services, and standards supporting applications of public-key cipher (asymmetric cipher), especially related the use of Certificate Authority(CA). PKI : Public Key Infrastructure

25. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 25 Inter Individuals Information Sharing GroupWare Mail, News, WEB Inner Companies Inter Companies Public, Home etc. EC(B to C)EC(B to C) E-Government EC(B to B)EC(B to B) E-Election New Social InfrastructureNew Social Infrastructure Internet * Intranet Extranet Socialnet Coverage E-Auction Future Direction Security Technologies Support Internet New Era Digital Signature Digital Watermarking Security Technologies Additional Features Information Exchange Improvement of work efficiency Application to Management Strategy Creation of new value of services E-Library Note ： * Narrow Meaning

26. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 26 Example of Watermarking Original ImageEmbedded Image Owner Htachi buyer Sasaki Embedd- ing software Owner Hitachi Buyer Sasaki Extract- ing Software Embedded Position

27. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 27 5. Current Status on Security R&D in Japan

28. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 28 Main Players on Security R & D in Japan Collaboration Universities Companies Government MITI - IPA MPT - TAO Fund for Security Projects MITI : Ministry of International Trade and Industry MPT : Ministry of Posts and Telecommunications IPA : Information - Technology Promotion Agency, Japan TAO : Telecommunications Advancement Organization of Japan STA : Science and Technology Agency STA

29. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 29 Main Players on Security R & D in Japan Collaboration Universities Companies Government MITI - IPA MPT - TAO Fund for Security Projects MITI : Ministry of International Trade and Industry MPT : Ministry of Posts and Telecommunications IPA : Information - Technology Promotion Agency, Japan (1) Anti-Computer-Virus Activities (2) Countermeasures Against Unauthorized Access to Computers in Cooperation with JPCERT (3) Study of Cryptography and Authentication Technologies (4) Study of IT Security Evaluation and Certification / Validation Scheme IPA - Security Center

30. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 30 Main Players on Security R & D in Japan Collaboration Universities Companies Government MITI - IPA MPT - TAO Fund for Security Projects MITI : Ministry of International Trade and Industry MPT : Ministry of Posts and Telecommunications IPA : Information - Technology Promotion Agency, Japan TAO : Telecommunications Advancement Organization of Japan O Tokyo University (Professor IMAI), O Chuo University (Professor TSUJII), O Yokohama National University, O Kyushu University, O Keio University etc. Universities

31. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 31 Main Players on Security R & D in Japan Collaboration Universities Companies Government MITI - IPA MPT - TAO Fund for Security Projects MITI : Ministry of International Trade and Industry MPT : Ministry of Posts and Telecommunications IPA : Information - Technology Promotion Agency, Japan TAO :Telecommunications Advancement Organization of Japan O NTT, O Hitachi, O Mitsubishi, O NEC, O NTT Data, O Fujitsu, O Panasonic, etc. COMPANY

32. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 32 Security Technologies for Research Field Technology Element Technology System Technology Social Technology 1 2 3 4 5 6 7 8 9 10 11 12 Certification Access Control Encryption Digital Signature Computer Virus Secure Network Recovery Vulnerability Risk Assessment Interdependency Risk Communication Security User Interface

33. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 33 Comparison of Research Area in USA and Japan Field Technology Element Technology System Technology Social Technology 1 2 3 4 5 6 7 8 9 10 11 12 Certification Access Control Encryption Digital Signature Computer Virus Secure Network Recovery Vulnerability Risk Assessment Interdependency Risk Communication Security User Interface USA* Japan+ Research Area (%) * Ratio of number of papers in ACM and IEEE for this ten years (Total No.:4696) + Ratio of number of papers in IPSJ and IEICE for this ten years (Total No.:555) 29 28 24 4 6 3 3 4 3 1 3 3 33 2 1 4 6 1 47 6 0 0 0 0

34. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 34 Main Players on Security R & D in Japan Collaboration Universities Companies Government MITI - IPA MPT - TAO Fund for Security Projects MITI : Ministry of International Trade and Industry MPT : Ministry of Posts and Telecommunications IPA : Information - Technology Promotion Agency, Japan TAO :Telecommunications Advancement Organization of Japan O NTT, O Hitachi, O Mitsubishi, O NEC, O NTT Data, O Fujitsu, O Panasonic, etc. COMPANY

35. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 35 6. R & D on Security Technologies in Hitachi

36. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 36 Hitachi’s Security Concept Secureplaza Attack! Router Crypt LSI Smart Card Attack! Ｍｅｓｓａｇｅ ＥＣ Hitachi’s Total Power Hitachi’s Security Services and Products Hardware Products Software Products Systems Integration Services Operation Services Encryption Library Firewall EC System Inter-Corporate EC Certificate Authority Security Monitoring

37. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 37 History on R&D of Security in Hitachi Phase 3 (1998 - ) Business Establishment Period Phase 2 (1993 - 1997) Products Development Period Phase 1 (1987 - 1993) Technology Development Period

38. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 38 Business Area and Developed Security Technologies Business Area Service Soft- ware Hard- Ware Developed Security Technologies SI & Operation Special Service Security Monitoring, Key Recovery Certificate Authority, Notary System Middle Software Library Subsystem Component LSI for Encryption, Smart Card Encryption for Hardware Equipment Biometrics for Authentication Encryption Algorithms Digital Water Marking Secure Commerce Protocol, Key Management,Group Security

39. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 39 Common Key Cipher and Public Key Cipher Public Key Cipher Examples DESRSA Relation between Encryption/ Decryption Keys Encryption Key = Decryption Key Encryption Key ≠ Decryption Key Secret Key DeliveryNot Necessary Digital Signature Difficult Straightforward Speed FastSlow ApplicationsData Encryption Key Delivery Digital Signature Common Key Cipher Necessary

40. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 40 Common Key Cipher Developed in Japan Company Name Year Comment NTT Mitsubishi NEC FEAL-N E2 MULTI2 MULTI-S01 MISTY Unicorn 1990 1989 2000 1996 1997 Candidate of AES Stream Cipher Hitachi 1998

41. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 41 Products Related MULTI (b) Encryption LSI for Satellite Broadcast (a) Encryption Software Library （ Keymate/MULTI ） (Japan Standard for Digital Satellite Broadcast ） PerfecTV DirecTV Japan TV IRD MULTI Chip MULTI is the baseline cipher recommend by CPTWG for IEEE1394 CPTWG: Copy Protection Technology Working Group

42. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 42 Common Key Cipher and Public Key Cipher Public Key Cipher Examples DESRSA Relation between Encryption/ Decryption Keys Encryption Key = Decryption Key Encryption Key ≠ Decryption Key Secret Key DeliveryNot Necessary Digital Signature Difficult Straightforward Speed FastSlow Applications Data Encryption Key Delivery Digital Signature Common Key Cipher Necessary

43. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 43 Necessity of New Public Key Cipher RSA Required key length for safe enough 1990 512 bits 1998 1024 bits 2004 2048 bits Computation time when key length becomes twice 6 times - 8 times Improvement of Hardware and Integer Factorization Method Hitachi has decide to develop new public key cipher in 1996.

44. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 44 Hitachi Elliptic Curve Cryptosystem(ELCURVE) Type of Elliptic Curve Scheme Digital Signature Encryption/ Decryption K-out-of-N Scheme Elliptic Curve based on 2 powers Elliptic Curve based on large prime numbers Hitachi original scheme ELCURVE Software Library for PC and WS (Product:Keymate/Crypto) Software for Smart Card ( Prototype )

45. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 45 Development of ELCURVE on Smart Card PC Smart Card H8/3111 BLOCK DIAGRAM ROM 14K BYTES RAM 512 BYTES EEPROM 8K BYTES CO- PROCESSOR RAM 288 BYTES H8/300 CPUI/O PORT EXTERNAL CLOCK ： 10MHZ CPU ： 5MHZ 、 CO-PROCESSOR ： 10MHZ DIGITAL SIGNATURE(160BITS) 0.17 SEC ・ High speed calculation by utilizing co-processor in smart card designed for fast RSA calculation

46. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 46 Business Area and Developed Security Technologies Business Area Service Soft- ware Hard- Ware Developed Security Technologies SI & Operation Special Service Security Monitoring, Key Recovery Certificate Authority, Notary System Middle Software Library Subsystem Component LSI for Encryption, Smart Card Encryption for Hardware Equipment Biometrics for Authentication Encryption Algorithms Digital Water Marking Secure Protocol, Key Management, Group Security

47. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 47 paint- ing Application Areas of Watermarking Protection by watermarking needed １ month $10 Life span catalogue news- paper TV-news education software music movie karaoke magazine Still picture painting Motion picture Picture in digital book Voice Music Voice in movie TextSentence in digital book Program Application programs Contents kind Examples program book high low short long Movies in DVD Price Photography

48. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 48 Actual Applications of Water Mark (1) Copy Detection in Toppan Co. for Selling Digital Arts ( Still Picture ) (2) Copy Protection Standard Proposal for DVD - RAM in CPTWG ( Motion Picture ) (3) Internet - Marks For WWW paint- ing Protection by watermarking needed １ month $10 Life span catalogue news- paper TV-news education software music movie karaoke magazine program book short long Price

49. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 49 Problems Web systems are important social infrastructures. – Means for effective information delivery and collection – Bases for most EC systems However they have trust problems. – Impersonation (e.g., fake Web site represents itself as an established site) – Criminal actions (e.g., receives money and then disappears without sending goods) – Unclear service policies (e.g., on returning goods)

50. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 50 Authentication using visual seals Authority issues seals guaranteeing or rating Web sites. Seals are pasted on the Web pages. Consumers trust or know service levels of the Web sites via the seals. Problems Seals are easily forged and copied onto unauthorized Web pages. Reliable seal system is needed.

51. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 51 Recommend for School Education SCIENCE ΕΔΩ Assoc. Internet-Mark technology Internet-Marks are verifiable seals because digital signatures are embedded in them by digital watermarking. Material image (JPEG, bit map, etc.) Internet-Mark (JPEG, bit map, etc.) Watermarking Embedded digital signature Recommend for School Education SCIENCE ΕΔΩ Assoc. Digital object for which Internet-mark will be used. Private key of issuer Digital signature Internet-Marks can be verified via the embedded digital signatures.

52. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 52 Details of Internet-Mark Watermarking Material Image Web site address Web page Internet-Mark Signature, etc. Additional info. - term of validity etc. Certificate for issuer Private key of issuer Paste Digital signature

53. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 53 Business Area and Developed Security Technologies Business Area Service Soft- ware Hard- Ware Developed Security Technologies SI & Operation Special Service Security Monitoring, Key Recovery Certificate Authority, Notary System Middle Software Library Subsystem Component LSI for Encryption, Smart Card Encryption for Hardware Equipment Biometrics for Authentication Encryption Algorithms Digital Water Marking Secure Commerce Protocol, Key Management,Group Security

54. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 54 Prototype model for Product Biometric Authentication Devices of Hitachi Demonstration model Fingerprint Device Veridicom FPS100A 300×300×8bits 12Mbps USBI/F Hitachi’s Contactless Smart Card & R/W 8bits CPU 8kB EEPROM 9600bps

55. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 55 Outline of Secured Office System Door Control unit Smart card R/W Door Log DB Temporal Fingerprint file DB Entrance X.509 User’s Office User List Enrollment Server Card Issuer System Certification Authority Issuer Center Smart Card certificated fingerprint Smart Card certificated fingerprint PCs for End User Live scanner Live scanner DB access control Log-on access control Verification Server Entrance control Workflow control

56. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 56 Business Area and Developed Security Technologies Business Area Service Soft- ware Hard- Ware Developed Security Technologies SI & Operation Special Service Security Monitoring, Key Recovery Certificate Authority, Notary System Middle Software Library Subsystem Component LSI for Encryption, Smart Card Encryption for Hardware Equipment Biometrics for Identification Encryption Algorithms Digital Water Marking Secure Commerce Protocol, Key Management,Group Security

57. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 57 インタネット For Operator CA system Against Invasion Firewall Firewall Encryption Encryption Hitachi Certificate Authority Server CA Server Certificate StoreBank/Card Company Consumer Certification List Against Inside Crime Prevent Single Operation Front End Server Firewall Certificate

58. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 58 Certificate Authority Notary Authority Corporate A Corporate B A B NA A B ＡＢ 1998/3/6 14:10 NA Time Stamping NA Archiving a digital document Notary Service Certificate Authorize NAB A B A B Making(Writing) a notarial deed CA 認 Authorizing a private document Image of CA & NA System for Ministry of Justice

59. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 59 Business Area and Developed Security Technologies Business Area Service Soft- ware Hard- Ware Developed Security Technologies SI & Operation Special Service Security Monitoring, Key Recovery Certificate Authority, Notary System Middle Software Library Subsystem Component LSI for Encryption, Smart Card Encryption for Hardware Equipment Biometrics for Identification Encryption Algorithms Digital Water Marking Secure Commerce Protocol, Key Management,Group Security

60. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 60 7. On Security Standards

61. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 61 Security Standards and Related Organizations National Level World Wide Security Application Field Official ： ISO-SC27, ITU etc. Private ： IETF(Protocol) etc. Official: NIST(AES), JIS etc. Private : IEEE (1394) etc. SET (Certification) MULTOS (Card OS ) CPTWG (Copy Protection ) etc. Security Basic Field

62. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 62 On Cryptography Standard (1) USA: AES Project by NIST AES (Advanced Encryption Standard ) was selected in Oct. 2000. - > Rijndael Proposed from Belugium (2) JAPAN: CRYPTEC Project by IPA and TAO ( Chair: Prof. Imai ) Assessment of Security and the Implementation of Available Cryptographic Techniques to Achieve information Security in the Electronic Government -> Technical Report Including a List of Analytical Results on Security Profile and Implementation Aspects for Proposed Cryptographic Technologies ( in March, 2001 ) (3) EC : NESSIE Project by the Information Technology Programme of the European Commission 1.National Level / Official

63. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 63 On Cryptography Standard 2. World Wide / Official Standardization of Ciphers has started at ISO/IEC JTC1 SC 27 (#18033) from 1999. Standardization Items (1) Asymmetric Ciphers (2) Block Ciphers (3) Stream Ciphers Symmetric Ciphers (Common Key Ciphers)

64. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 64 Security Standards and Related Organizations National Level World Wide Security Application Field Official ： ISO-SC27, ITU etc. Private ： IETF(Protocol) etc. Official: NIST(AES), JIS etc. Private : IEEE (1394) etc. SET (Certification) MULTOS (Card OS ) CPTWG (Copy Protection ) etc. Security Basic Field

65. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 65 IETF WG on Security Common Authentication Technology (cat) IP Security Protocol (ipsec) Intrusion Detection Exchange Format (idwg) Public-Key Infrastructure (X.509) (pkix) Simple Public Key Infrastructure (spki) XML Digital Signatures (xmldsig) Authenticated Firewall Traversal (aft) One Time Password Authentication (otp) Secure Shell (secsh) Transport Layer Security (tls) An Open Specification for Pretty Good Privacy (openpgp) Domain Name System Security (dnssec) S/MIME Mail Security (smime) Web Transaction Security (wts) Secure Network Time Protocol (stime) Infrastructure Middleware Application CategoryWG

66. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 66 8. Conclusion

67. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 67 Conclusions 1. R & D on security technologies in Japan were explained. 2. Future Tendency (1) Attack will increase and be harder in future. (2) More powerful countermeasures will be required, especially in security surveillance, audit, evaluation and education. (3) Attack will be given from all over the world. Therefore, world wide collaborations must be performed to protect against the attacks.

68. Copyright (c) 2000 Hitachi, Ltd. All rights reserved. 68 Research & Development for Internet Security in Japan END