近藤 賢郎 (コンドウ タカオ)

Kondo, Takao

写真a

所属(所属キャンパス)

研究所・センター等 グローバルリサーチインスティテュート (三田)

職名

特任助教(有期)

HP
このページの先頭へ▲

その他の所属・職名 【 表示 / 非表示

  • 慶應義塾大学 サイバーセキュリティ研究センター, 所員

  • 慶應義塾大学 SFC 研究所, 上席所員

  • 慶應義塾大学 KMD 研究所, リサーチャー

  • 独立行政法人情報処理推進機構 (IPA) 産業サイバーセキュリティセンター, 研究員

このページの先頭へ▲

経歴 【 表示 / 非表示

  • 2013年04月
    -
    2017年03月

    慶應義塾大学, 大学院理工学研究科, 研究員

  • 2017年04月
    -
    2020年10月

    慶應義塾, インフォメーションテクノロジーセンター本部, 助教

  • 2020年11月
    -
    2023年09月

    慶應義塾, 情報セキュリティインシデント対応チーム, 助教

  • 2023年10月
    -
    継続中

    慶應義塾大学, グローバルリサーチインスティチュート, 特任助教

  • 2023年10月
    -
    継続中

    北海道大学, 情報基盤センター, 助教

このページの先頭へ▲

学歴 【 表示 / 非表示

  • 2009年04月
    -
    2013年03月

    慶應義塾大学, 理工学部, 情報工学科

    大学, 卒業

  • 2013年04月
    -
    2015年03月

    慶應義塾大学, 大学院理工学研究科

    大学院, 修了, 博士前期

  • 2015年04月
    -
    2016年03月

    慶應義塾大学, 大学院医学研究科

    大学院, 修了, 博士前期

  • 2016年04月
    -
    2022年03月

    慶應義塾大学, 大学院理工学研究科

    大学, 修了, 博士

このページの先頭へ▲

学位 【 表示 / 非表示

  • 博士(工学), 慶應義塾大学, 課程, 2022年03月

    ZINK: A Scalable and Secure Information Centric Networking Mechanism Utilizing Layered Network Architecture

このページの先頭へ▲

免許・資格 【 表示 / 非表示

  • (ISC)2 Certified Information Systems Security Professional (CISSP), 2022年08月

このページの先頭へ▲
 

研究分野 【 表示 / 非表示

  • 情報通信 / 情報ネットワーク

  • 情報通信 / 情報セキュリティ

このページの先頭へ▲

研究キーワード 【 表示 / 非表示

  • インターネット,分散システム

  • サイバーセキュリティ

このページの先頭へ▲
 

論文 【 表示 / 非表示

  • Weaver Meets KANVAS: An Autonomous Closed-Loop Network Management System

    Tanabe K., Kondo T., Mori K., Kuroda T., Satoda K., Teraoka F.

    ACM International Conference Proceeding Series (ACM International Conference Proceeding Series)     28 - 36 2023年12月

     概要を見る

    This paper proposes an autonomous network management system based on closed-loop control to deal with network failures and congestion. The proposed system is realized by collaboration of Weaver, an automated system configuration designer based on Intent-based Networking, and KANVAS (Knowledge base system in wide Area Networks with Versatility, Availability, and Scalability), a framework for collecting and utilizing network information. In the proposed system, the KANVAS system collects and analyzes network conditions, and the Weaver system plans and executes countermeasures against a failure event based on the analysis results. This paper shows two case studies. In the first case study, the proposed system can automatically recover from a service failure caused by a node failure in approximately 8.5 minutes. In the second case study, the proposed system can reroute VPN due to congestion in the underlay network in approximately 35 seconds. These results show that the proposed system can automatically recover service networks from a failure and congestion that occur on the underlay network in shorter time than that required for manual recovery.

  • A Lightweight Abnormality Detection Mechanism by Stray Packets Analysis

    Jin Y., Matsuura S., Kondo T., Hosokawa T., Tomoishi M.

    Proceedings ACM SIGUCCS User Services Conference (Proceedings ACM SIGUCCS User Services Conference)     9 - 11 2023年03月

     概要を見る

    An academic organization network, e.g., a campus network, is running with limited financial support and manpower while it faces the same operational issues and cybersecurity threats as other organizations. Including the existing network facilities and computers for service providing, the increase of mobile devices such as BYOD becomes an issue in terms of misconfiguration and vulnerabilities. The current security systems focus on the backbone network so that the detailed traffic monitoring and data analysis cannot cover the abnormal behavior of all individual endpoints. In general, a misconfigured or intruded computer conducts some abnormal behavior, e.g., sending stray packets, compared to a normal device. Based on this point, we propose a lightweight abnormality detection mechanism by monitoring the stray packets in order to mitigate the above issues. As a result, not only the abnormal behavior can be detected but also maintain the performance of the existing security systems. In this paper, we describe the design and architecture of our proposed Traffic Analyzer', including the implementation and evaluation of our prototype system.

  • International Mutual Recognition: A Description of Trust Services in US, UK, EU and JP and the Testbed “Hakoniwa”

    Kai S., Kondo T., Karimi N., Mersinas K., Sel M., Yus R., Tezuka S.

    Proceedings of the International Conference on Security and Cryptography (Proceedings of the International Conference on Security and Cryptography)  1   764 - 771 2023年

    ISSN  21847711

     概要を見る

    With the proliferation of digital transactions, trust is becoming increasingly important, as exemplified by the World Economic Forum’s Data Free Flow with Trust. Digital signatures are utilized to establish trust to prevent spoofing and unauthorized modification of transmitted digital data. However, the extent of trust is limited by jurisdictions, trusted lists and bridge certificate authorities, and does not have international coverage. For this reason, mutual recognition is needed, i.e. trust relationships established across countries. Establishing mutual recognition is complex and time-demanding due to the legislations, systems, and technologies involved. In parallel, electronic signatures consist of complex systems and structures and, thus, focusing on the technical requirements and solutions can enhance mutual recognition processes. The purpose of our approach is to develop a testbed that can verify technical aspects of mutual recognition. This paper describes the concept of the testbed “Hakoniwa” which includes analyzing the requirements, simulating and testing mutual recognition trust services across US, UK, EU and JP.

  • Using secret sharing to improve FIDO attack resistance for multi-device credentials

    Luke K., Kondo T., Kai S., Mayes K., Tezuka S.

    Proceedings - 2023 8th International Conference on Information and Network Technologies, ICINT 2023 (Proceedings - 2023 8th International Conference on Information and Network Technologies, ICINT 2023)     49 - 56 2023年

     概要を見る

    Public key cryptography-based authentication methods such as FIDO/WebAuthn can provide a number of security improvements over passwords. However, the need to register every device the user wishes to use reduces its usability for consumer applications. In 2022, the FIDO Alliance introduced a multi-device credential model, which claims to offer numerous convenience and usability enhancements for end users; however, the fact that the WebAuthn credential can leave the protection of a hardware security module undermines the security guarantees previously provided by the FIDO/WebAuthn framework. This limits FIDO's usefulness for applications which require more rigorous protection. Furthermore, FIDO does not specify key management aspects, instead, end users and relying parties are left responsible for credential management. These trade-offs force a difficult compromise between overall security and convenience. In this paper, we propose a protocol for a split-key FIDO mechanism, in which each user device maintains a portion of the user's credential instead of a fully-usable private key. By proving access to multiple devices, the user can use a cloud provider to reassemble their private key in an HSM-protected environment, then use the cloud provider to authenticate on their behalf. Service providers can preserve many of the benefits of multi-device credentials, while still providing relatively strong private key protections. In addition, our proposal adds a key management overlay to the existing FIDO/WebAuthn framework. Our approach uses a user's existing cloud provider to reduce access to a user's private key, thus reducing the potential for credential theft, even if one of the user's devices is fully compromised.

  • KANVAS: A Network Information Sharing Framework Based on Network Ontology Bonsai

    Kuchii K., Kondo T., Teraoka F.

    ACM International Conference Proceeding Series (ACM International Conference Proceeding Series)     79 - 87 2022年12月

     概要を見る

    Demands for acquiring Internet behavior are increasing for Internet-scale network understanding such as inter-AS path management and traffic engineering. Although there are several efforts to make Internet behavior public, most of the public information is not structured and it is hard for applications to use such information. This paper proposes a network information sharing framework called KANVAS. It defines a network ontology called Bonsai which models network structure from viewpoints of physical, logical, service, and operation network structures. Bonsai can express network virtualization technologies such as link aggregation (LAG), VLAN, L2 over L3 tunneling, and virtual routing and forwarding (VRF). Applications can access network information via useful API. As a first step of development of KANVAS and Bonsai, this paper describes network information sharing within a single domain focusing on failure localization and throughput monitoring as examples. Evaluation results on a PoC system show that the time for failure localization is short enough and a throughput monitoring tool can choose appropriate monitoring points.

全件表示 >>

このページの先頭へ▲

KOARA(リポジトリ)収録論文等 【 表示 / 非表示

このページの先頭へ▲
 

担当授業科目 【 表示 / 非表示

  • インシデントレスポンス・フォレンジック

    2024年度

  • インシデントレスポンス・フォレンジック

    2023年度

  • インシデントレスポンス・フォレンジック

    2022年度

  • インシデントレスポンス・フォレンジック

    2021年度

  • データセキュリティ

    2021年度

全件表示 >>

このページの先頭へ▲
 

委員歴 【 表示 / 非表示

  • 2018年03月
    -
    継続中

    運営協議会委員, WIDEプロジェクト

このページの先頭へ▲