Details of a Researcher

Kondo, Takao

写真a

Affiliation: Research Centers and Institutes, Keio University Global Research Institute (Mita)

Position: Project Assistant Professor (Non-tenured)/Project Research Associate (Non-tenured)/Project Instructor (Non-tenured)

Related Websites

https://www.ccrc.keio.ac.jp/research/cybersecurity-lab/

Page Top ▲

Other Affiliation 【 Display / hide 】

Cyber Security Research Center, Keio University, Researcher
Keio Research Institute of SFC, Keio University, Senior Researcher
KMD Research Institute, Keio University, Researcher
Industrial Cyber Security Center of Excellence, IPA, Researcher

Page Top ▲

Career 【 Display / hide 】

2013.04

-

2017.03

Keio University, Graduate School of Science and Technology, Project Researcher
2017.04

-

2020.10

Keio University, Headquarters of Information Technology Center, Assistant Professor
2020.11

-

2023.09

Keio University, Computer Security Incident Response Team, Assistant Professor
2023.10

-

Present

Keio University, Global Research Institute, Project Assistant Professor
2023.10

-

Present

Hokkaido University, Information Initiative Center, Assistant Professor

Page Top ▲

Academic Background 【 Display / hide 】

2009.04

-

2013.03

Keio University, Faculty of Science and Technology, Department of Information and Computer Science

University, Graduated
2013.04

-

2015.03

Keio University, Graduate School of Science and Technology

Graduate School, Completed, Master's course
2015.04

-

2016.03

Keio University, Graduate School of Medicine

Graduate School, Completed, Master's course
2016.04

-

2022.03

Keio University, Graduate School of Science and Technology

University, Completed, Doctoral course

Page Top ▲

Academic Degrees 【 Display / hide 】

Doctor (Engineering), Keio University, Coursework, 2022.03

ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

Page Top ▲

Licenses and Qualifications 【 Display / hide 】

(ISC)2 Certified Information Systems Security Professional (CISSP), 2022.08

Page Top ▲

Research Areas 【 Display / hide 】

Informatics / Information network
Informatics / Information security

Page Top ▲

Research Keywords 【 Display / hide 】

Internet, Distributed Systems
Cyber Security

Page Top ▲

Papers 【 Display / hide 】

Weaver Meets KANVAS: An Autonomous Closed-Loop Network Management System

Tanabe K., Kondo T., Mori K., Kuroda T., Satoda K., Teraoka F.

ACM International Conference Proceeding Series (ACM International Conference Proceeding Series) 28 - 36 2023.12

　View Summary

This paper proposes an autonomous network management system based on closed-loop control to deal with network failures and congestion. The proposed system is realized by collaboration of Weaver, an automated system configuration designer based on Intent-based Networking, and KANVAS (Knowledge base system in wide Area Networks with Versatility, Availability, and Scalability), a framework for collecting and utilizing network information. In the proposed system, the KANVAS system collects and analyzes network conditions, and the Weaver system plans and executes countermeasures against a failure event based on the analysis results. This paper shows two case studies. In the first case study, the proposed system can automatically recover from a service failure caused by a node failure in approximately 8.5 minutes. In the second case study, the proposed system can reroute VPN due to congestion in the underlay network in approximately 35 seconds. These results show that the proposed system can automatically recover service networks from a failure and congestion that occur on the underlay network in shorter time than that required for manual recovery.
- Access to Document (DOI)
A Lightweight Abnormality Detection Mechanism by Stray Packets Analysis

Jin Y., Matsuura S., Kondo T., Hosokawa T., Tomoishi M.

Proceedings ACM SIGUCCS User Services Conference (Proceedings ACM SIGUCCS User Services Conference) 9 - 11 2023.03

　View Summary

An academic organization network, e.g., a campus network, is running with limited financial support and manpower while it faces the same operational issues and cybersecurity threats as other organizations. Including the existing network facilities and computers for service providing, the increase of mobile devices such as BYOD becomes an issue in terms of misconfiguration and vulnerabilities. The current security systems focus on the backbone network so that the detailed traffic monitoring and data analysis cannot cover the abnormal behavior of all individual endpoints. In general, a misconfigured or intruded computer conducts some abnormal behavior, e.g., sending stray packets, compared to a normal device. Based on this point, we propose a lightweight abnormality detection mechanism by monitoring the stray packets in order to mitigate the above issues. As a result, not only the abnormal behavior can be detected but also maintain the performance of the existing security systems. In this paper, we describe the design and architecture of our proposed Traffic Analyzer', including the implementation and evaluation of our prototype system.
- Access to Document (DOI)
Using secret sharing to improve FIDO attack resistance for multi-device credentials

Luke K., Kondo T., Kai S., Mayes K., Tezuka S.

Proceedings - 2023 8th International Conference on Information and Network Technologies, ICINT 2023 (Proceedings - 2023 8th International Conference on Information and Network Technologies, ICINT 2023) 49 - 56 2023

　View Summary

Public key cryptography-based authentication methods such as FIDO/WebAuthn can provide a number of security improvements over passwords. However, the need to register every device the user wishes to use reduces its usability for consumer applications. In 2022, the FIDO Alliance introduced a multi-device credential model, which claims to offer numerous convenience and usability enhancements for end users; however, the fact that the WebAuthn credential can leave the protection of a hardware security module undermines the security guarantees previously provided by the FIDO/WebAuthn framework. This limits FIDO's usefulness for applications which require more rigorous protection. Furthermore, FIDO does not specify key management aspects, instead, end users and relying parties are left responsible for credential management. These trade-offs force a difficult compromise between overall security and convenience. In this paper, we propose a protocol for a split-key FIDO mechanism, in which each user device maintains a portion of the user's credential instead of a fully-usable private key. By proving access to multiple devices, the user can use a cloud provider to reassemble their private key in an HSM-protected environment, then use the cloud provider to authenticate on their behalf. Service providers can preserve many of the benefits of multi-device credentials, while still providing relatively strong private key protections. In addition, our proposal adds a key management overlay to the existing FIDO/WebAuthn framework. Our approach uses a user's existing cloud provider to reduce access to a user's private key, thus reducing the potential for credential theft, even if one of the user's devices is fully compromised.
- Access to Document (DOI)
International Mutual Recognition: A Description of Trust Services in US, UK, EU and JP and the Testbed “Hakoniwa”

Kai S., Kondo T., Karimi N., Mersinas K., Sel M., Yus R., Tezuka S.

Proceedings of the International Conference on Security and Cryptography (Proceedings of the International Conference on Security and Cryptography) 1 764 - 771 2023

ISSN 21847711

　View Summary

With the proliferation of digital transactions, trust is becoming increasingly important, as exemplified by the World Economic Forum’s Data Free Flow with Trust. Digital signatures are utilized to establish trust to prevent spoofing and unauthorized modification of transmitted digital data. However, the extent of trust is limited by jurisdictions, trusted lists and bridge certificate authorities, and does not have international coverage. For this reason, mutual recognition is needed, i.e. trust relationships established across countries. Establishing mutual recognition is complex and time-demanding due to the legislations, systems, and technologies involved. In parallel, electronic signatures consist of complex systems and structures and, thus, focusing on the technical requirements and solutions can enhance mutual recognition processes. The purpose of our approach is to develop a testbed that can verify technical aspects of mutual recognition. This paper describes the concept of the testbed “Hakoniwa” which includes analyzing the requirements, simulating and testing mutual recognition trust services across US, UK, EU and JP.
- Access to Document (DOI)
KANVAS: A Network Information Sharing Framework Based on Network Ontology Bonsai

Kuchii K., Kondo T., Teraoka F.

ACM International Conference Proceeding Series (ACM International Conference Proceeding Series) 79 - 87 2022.12

　View Summary

Demands for acquiring Internet behavior are increasing for Internet-scale network understanding such as inter-AS path management and traffic engineering. Although there are several efforts to make Internet behavior public, most of the public information is not structured and it is hard for applications to use such information. This paper proposes a network information sharing framework called KANVAS. It defines a network ontology called Bonsai which models network structure from viewpoints of physical, logical, service, and operation network structures. Bonsai can express network virtualization technologies such as link aggregation (LAG), VLAN, L2 over L3 tunneling, and virtual routing and forwarding (VRF). Applications can access network information via useful API. As a first step of development of KANVAS and Bonsai, this paper describes network information sharing within a single domain focusing on failure localization and throughput monitoring as examples. Evaluation results on a PoC system show that the time for failure localization is short enough and a throughput monitoring tool can choose appropriate monitoring points.
- Access to Document (DOI)