Kondo, Takao

写真a

Affiliation

Research Centers and Institutes, Keio University Global Research Institute (Mita)

Position

Project Assistant Professor (Non-tenured)/Project Research Associate (Non-tenured)/Project Instructor (Non-tenured)

Related Websites
Page Top ▲

Other Affiliation 【 Display / hide

  • Cyber Security Research Center, Keio University, Researcher

  • Keio Research Institute of SFC, Keio University, Senior Researcher

  • KMD Research Institute, Keio University, Researcher

  • Industrial Cyber Security Center of Excellence, IPA, Researcher

Page Top ▲

Career 【 Display / hide

  • 2013.04
    -
    2017.03

    Keio University, Graduate School of Science and Technology, Project Researcher

  • 2017.04
    -
    2020.10

    Keio University, Headquarters of Information Technology Center, Assistant Professor

  • 2020.11
    -
    2023.09

    Keio University, Computer Security Incident Response Team, Assistant Professor

  • 2023.10
    -
    Present

    Keio University, Global Research Institute, Project Assistant Professor

  • 2023.10
    -
    Present

    Hokkaido University, Information Initiative Center, Assistant Professor

Page Top ▲

Academic Background 【 Display / hide

  • 2009.04
    -
    2013.03

    Keio University, Faculty of Science and Technology, Department of Information and Computer Science

    University, Graduated

  • 2013.04
    -
    2015.03

    Keio University, Graduate School of Science and Technology

    Graduate School, Completed, Master's course

  • 2015.04
    -
    2016.03

    Keio University, Graduate School of Medicine

    Graduate School, Completed, Master's course

  • 2016.04
    -
    2022.03

    Keio University, Graduate School of Science and Technology

    University, Completed, Doctoral course

Page Top ▲

Academic Degrees 【 Display / hide

  • Doctor (Engineering), Keio University, Coursework, 2022.03

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

Page Top ▲

Licenses and Qualifications 【 Display / hide

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2022.08

Page Top ▲
 

Research Areas 【 Display / hide

  • Informatics / Information network

  • Informatics / Information security

Page Top ▲

Research Keywords 【 Display / hide

  • Internet, Distributed Systems

  • Cyber Security

Page Top ▲
 

Papers 【 Display / hide

  • Weaver Meets KANVAS: An Autonomous Closed-Loop Network Management System

    Tanabe K., Kondo T., Mori K., Kuroda T., Satoda K., Teraoka F.

    ACM International Conference Proceeding Series (ACM International Conference Proceeding Series)     28 - 36 2023.12

     View Summary

    This paper proposes an autonomous network management system based on closed-loop control to deal with network failures and congestion. The proposed system is realized by collaboration of Weaver, an automated system configuration designer based on Intent-based Networking, and KANVAS (Knowledge base system in wide Area Networks with Versatility, Availability, and Scalability), a framework for collecting and utilizing network information. In the proposed system, the KANVAS system collects and analyzes network conditions, and the Weaver system plans and executes countermeasures against a failure event based on the analysis results. This paper shows two case studies. In the first case study, the proposed system can automatically recover from a service failure caused by a node failure in approximately 8.5 minutes. In the second case study, the proposed system can reroute VPN due to congestion in the underlay network in approximately 35 seconds. These results show that the proposed system can automatically recover service networks from a failure and congestion that occur on the underlay network in shorter time than that required for manual recovery.

  • A Lightweight Abnormality Detection Mechanism by Stray Packets Analysis

    Jin Y., Matsuura S., Kondo T., Hosokawa T., Tomoishi M.

    Proceedings ACM SIGUCCS User Services Conference (Proceedings ACM SIGUCCS User Services Conference)     9 - 11 2023.03

     View Summary

    An academic organization network, e.g., a campus network, is running with limited financial support and manpower while it faces the same operational issues and cybersecurity threats as other organizations. Including the existing network facilities and computers for service providing, the increase of mobile devices such as BYOD becomes an issue in terms of misconfiguration and vulnerabilities. The current security systems focus on the backbone network so that the detailed traffic monitoring and data analysis cannot cover the abnormal behavior of all individual endpoints. In general, a misconfigured or intruded computer conducts some abnormal behavior, e.g., sending stray packets, compared to a normal device. Based on this point, we propose a lightweight abnormality detection mechanism by monitoring the stray packets in order to mitigate the above issues. As a result, not only the abnormal behavior can be detected but also maintain the performance of the existing security systems. In this paper, we describe the design and architecture of our proposed Traffic Analyzer', including the implementation and evaluation of our prototype system.

  • International Mutual Recognition: A Description of Trust Services in US, UK, EU and JP and the Testbed “Hakoniwa”

    Kai S., Kondo T., Karimi N., Mersinas K., Sel M., Yus R., Tezuka S.

    Proceedings of the International Conference on Security and Cryptography (Proceedings of the International Conference on Security and Cryptography)  1   764 - 771 2023

    ISSN  21847711

     View Summary

    With the proliferation of digital transactions, trust is becoming increasingly important, as exemplified by the World Economic Forum’s Data Free Flow with Trust. Digital signatures are utilized to establish trust to prevent spoofing and unauthorized modification of transmitted digital data. However, the extent of trust is limited by jurisdictions, trusted lists and bridge certificate authorities, and does not have international coverage. For this reason, mutual recognition is needed, i.e. trust relationships established across countries. Establishing mutual recognition is complex and time-demanding due to the legislations, systems, and technologies involved. In parallel, electronic signatures consist of complex systems and structures and, thus, focusing on the technical requirements and solutions can enhance mutual recognition processes. The purpose of our approach is to develop a testbed that can verify technical aspects of mutual recognition. This paper describes the concept of the testbed “Hakoniwa” which includes analyzing the requirements, simulating and testing mutual recognition trust services across US, UK, EU and JP.

  • Using secret sharing to improve FIDO attack resistance for multi-device credentials

    Luke K., Kondo T., Kai S., Mayes K., Tezuka S.

    Proceedings - 2023 8th International Conference on Information and Network Technologies, ICINT 2023 (Proceedings - 2023 8th International Conference on Information and Network Technologies, ICINT 2023)     49 - 56 2023

     View Summary

    Public key cryptography-based authentication methods such as FIDO/WebAuthn can provide a number of security improvements over passwords. However, the need to register every device the user wishes to use reduces its usability for consumer applications. In 2022, the FIDO Alliance introduced a multi-device credential model, which claims to offer numerous convenience and usability enhancements for end users; however, the fact that the WebAuthn credential can leave the protection of a hardware security module undermines the security guarantees previously provided by the FIDO/WebAuthn framework. This limits FIDO's usefulness for applications which require more rigorous protection. Furthermore, FIDO does not specify key management aspects, instead, end users and relying parties are left responsible for credential management. These trade-offs force a difficult compromise between overall security and convenience. In this paper, we propose a protocol for a split-key FIDO mechanism, in which each user device maintains a portion of the user's credential instead of a fully-usable private key. By proving access to multiple devices, the user can use a cloud provider to reassemble their private key in an HSM-protected environment, then use the cloud provider to authenticate on their behalf. Service providers can preserve many of the benefits of multi-device credentials, while still providing relatively strong private key protections. In addition, our proposal adds a key management overlay to the existing FIDO/WebAuthn framework. Our approach uses a user's existing cloud provider to reduce access to a user's private key, thus reducing the potential for credential theft, even if one of the user's devices is fully compromised.

  • KANVAS: A Network Information Sharing Framework Based on Network Ontology Bonsai

    Kuchii K., Kondo T., Teraoka F.

    ACM International Conference Proceeding Series (ACM International Conference Proceeding Series)     79 - 87 2022.12

     View Summary

    Demands for acquiring Internet behavior are increasing for Internet-scale network understanding such as inter-AS path management and traffic engineering. Although there are several efforts to make Internet behavior public, most of the public information is not structured and it is hard for applications to use such information. This paper proposes a network information sharing framework called KANVAS. It defines a network ontology called Bonsai which models network structure from viewpoints of physical, logical, service, and operation network structures. Bonsai can express network virtualization technologies such as link aggregation (LAG), VLAN, L2 over L3 tunneling, and virtual routing and forwarding (VRF). Applications can access network information via useful API. As a first step of development of KANVAS and Bonsai, this paper describes network information sharing within a single domain focusing on failure localization and throughput monitoring as examples. Evaluation results on a PoC system show that the time for failure localization is short enough and a throughput monitoring tool can choose appropriate monitoring points.

display all >>

Page Top ▲

Papers, etc., Registered in KOARA 【 Display / hide

Page Top ▲
 

Courses Taught 【 Display / hide

  • INCIDENT RESPONSE AND FORENSIC

    2024

  • INCIDENT RESPONSE AND FORENSIC

    2023

  • INCIDENT RESPONSE AND FORENSIC

    2022

  • INCIDENT RESPONSE AND FORENSIC

    2021

  • DATA SECURITY

    2021

display all >>

Page Top ▲
 

Committee Experiences 【 Display / hide

  • 2018.03
    -
    Present

    Board member, WIDE Project

Page Top ▲