Kyushu University Academic Staff Educational and Research Activities Database
List of Papers
Yoshiaki Kasahara Last modified date:2021.07.14

Assistant Professor / Section of Advanced Network and Security / Research Institute for Information Technology


Papers
1. Takao Shimayoshi, Yoshiaki Kasahara, Shiro Seike, Naomi Fujimura: A Supplementation Method for Delegation of Address Management on a Cloud Email Service, IPSJ Journal, Vol 62, No. 3, 810-817, 2021.3. DOI: http://doi.org/10.20729/00210243, [URL].
2. Takao Shimayoshi, Yoshiaki Kasahara, Naomi Fujimura, Challenge for Consolidation of Individual Email Services into a Cloud Service, ACM SIGUCCS Annual Conference (SIGUCCS '21), https://doi.org/10.1145/3419944.3441170, 26-29, 2021.03, [URL], Email is a traditional but still important global communication tool. An email address is a kind of personal identifier, and email addresses printed on publications require persistent reachability. Kyushu University provides a university-wide email service, Primary Mail Service, and assigns a Primary Mail Address for each member. Divisions of the university additionally operate individual email services for their internet subdomains and administer member email addresses. Since email is a major means of cyberattacks nowadays, the secure operation of an email server demands considerable effort and high skill. This article describes a challenge at Kyushu University for consolidating individual email services. Since 2018, the Primary Mail Service has been operated using Microsoft’s cloud service, Exchange Online, which supports multiple internet domains on a tenant. The approach employed is registering divisional subdomains to the tenant and configuring forwarding addresses from addresses of the subdomains to the Primary Mail Addresses or external addresses. A desirable scheme is for each domain administrator to manage forwarding addresses of the domain, but Exchange Online is unable to delegate administration to the domains. To overcome this, a system was designed and developed for domain administrators to create, read, update, and delete forwarding addresses. Beginning in July 2020, a new service to import divisional domains was offered. We are now planning measures for promoting the consolidation of individual email services..
3. Yoshiaki Kasahara, Takao Shimayoshi, Tadayuki Miyaguchi, Naomi Fujimura, Migrate Legacy Email Services in Kyushu University to Exchange Online, 2019 ACM SIGUCCS Annual Conference, SIGUCCS 2019 SIGUCCS 2019 Proceedings of the 2019 ACM SIGUCCS Annual Conference, 10.1145/3347709.3347817, 127-131, 2019.11, In Kyushu University, Information Infrastructure Initiative provides an email service for students and staff members, called ``Primary Mail Service''. We had operated an on-premises system for this service, and the lifetime of this system would end in early 2019. We needed to reduce costs for replacing this system because our university had just finished a major campus migration. We compared some options such as building a yet another on-premise system and migrating to a cloud-based email service and finally gave up the on-premise option because we couldn't afford replacement and operational costs of another on-premises system anymore. We selected Microsoft Exchange Online as the new service mainly because we already had a contract with Microsoft and been operating an Office 365 tenant. We had additional requirements for user provisioning and services which were not available in Exchange Online, so we had to implement and maintain additional systems on top of it. On December 18th, 2018, we successfully migrated the email service to Exchange Online. By coincidence, Kyushu University Administration Bureau decided to migrate their in-house Exchange server to Exchange Online. After some discussions, they concluded to migrate their domain to the same tenant with Primary Mail Service. Other than that, there are more than a hundred legacy email servers inside our campus network operated by various departments as subdomains of kyushu-u.ac.jp. We are designing a plan to consolidate them into our tenant of Exchange Online to reduce a budget and human resource costs, and to improve security. In this presentation, we share our experiences about migrating our campus-wide email services to Exchange Online. We also discuss why we want to consolidate other legacy email servers and how to implement the plan.
.
4. Takao Shimayoshi, Yoshiaki Kasahara, Naomi Fujimura, Renovation of the Office 365 environment in Kyushu University: Integration of Account Management and Authentication, 2019 ACM SIGUCCS Annual Conference, SIGUCCS 2019 SIGUCCS 2019 Proceedings of the 2019 ACM SIGUCCS Annual Conference, 10.1145/3347709.3347819, 135-139, 2019.11, Office 365 Education is a suite of cloud services for students and educators. Kyushu University has provided Office 365 accounts for all students and staff. The first generation of an environment for Office 365 provisioning in the university had several issues about associating between Office 365 accounts and member identifications of the university. All university members are randomly assigned unique identifiers by the central ID management system for using commonly in university-wide information services. Since the IDs are for internal use only, the first environment authenticated a user with another ID and password specific for Office 365. In addition, processes for assigning licenses and giving privilege to users of Office 365 depending on modifications to member information in the ID management system were not fully automated. This paper shows how we resolved problems integrating Office 365 into the ID management of the university by rebuilding the infrastructure. We configured a federated authentication system and developed a system for processing in events of the account life cycle..
5. A Study on Confidential Information Protection in Kyushu University.
6. Yoshiaki Kasahara, Takao Shimayoshi, Eisuke Ito, Naomi Fujimura, The Past, Current, and Future of our Email Services in Kyushu University, 2018 ACM SIGUCCS Annual User Services Conference, SIGUCCS 2018 SIGUCCS 2018 Proceedings of the 2018 ACM SIGUCCS Annual Conference, 10.1145/3235715.3235737, 103-106, 2018.09, In Kyushu University, Information Infrastructure Initiative provides email service for students and staff members. Email services for students and staff members were started separately. For students, an email service was started as Unix accounts of "Computer System for Education" in 1995. On the other hand, an email service for staff members was started in 2009, and eventually the two mail services were merged into the current "Kyushu University Primary Mail Service" in 2014. The designs of these mail systems were affected by various operational issues and political decisions at their times. We think that running an in-house mail system is becoming less feasible due to the initial/operational cost, security issues, and our dwindling budget. For the current system, the planned 5-year lifetime ends in this fiscal year. Therefore, we are forced to migrate to a cloud-based mail service. In this presentation, we want to share our past experiences and future plans about our university email services..
7. Yoshiaki Kasahara, Takao Shimayoshi, Masahiro Obana, Naomi Fujimura, Our experience with introducing microsoft office 365 in Kyushu University, 45th ACM Annual SIGUCCS Conference, SIGUCCS 2017 SIGUCCS 2017 - Proceedings of the 2017 ACM Annual Conference on SIGUCCS, 10.1145/3123458.3123491, Part F131713, 109-112, 2017.10, Information Infrastructure Initiative of Kyushu University started serving Office 365 Education for all students and staff members at Kyushu University in November 2016. Since 2007, the university had signed Microsoft EES (Enrollment for Education Solutions) including licenses for the latest Microsoft Windows and Office suite. The EES agreement includes an advantage to provide Office 365 Education to the university members with minimum investments, and there was a demand for Skype for Business which is included in Office 365. To deploy Office 365 for our users, we first needed to configure our on-premises user authentication infrastructure to coordinate with Office 365. During trials, we had a couple of difficulties attributed to some disagreements between Microsoft's and our policy on whether the user identifier, namely the user principal name in Active Directory, was open or private. Additionally, we had to consider which services should be applied to the users, because we have been operating an on-premises email service which is competing with Microsoft Exchange mail service. In this presentation, we share our experiences in Office 365 deployment..
8. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, An Analysis of Relationship between Storage Usage Distribution and Per-User Quota Value, SIGUCCS '16 (Proceedings of the 2016 ACM SIGUCCS Annual Conference on User Services Conference), 10.1145/2974927.2974936, 153-158, 2016.11, To prevent resource (especially storage) shortage, information systems such as storage services and email services usually impose an upper bound of resource consumption (quota) per user. In a conservative way, an administrator tends to set a quota value such as the storage capacity divided by the expected maximum number of users for safety and fairness, but it tends to leave large unused storage space, because the users’ storage usage pattern shows a long-tailed distribution. In this paper, we analyzed storage usage distribution of some email services to approximate the distribution using a power-law distribution, and proposed a method to calculate an optimal quota value from a target size of storage consumption to increase storage utilization. We applied an optimal quota value we calculated to a real email service and analyzed the effect of quota change. Then, we analyzed actual distributions further to find a better model to approximate the distribution, and found that a log-normal distribution explained the distribution better than power-law. We also analyzed two other universities’ email service to find similar distribution in these systems..
9. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Masahiro Obana, Introduction of Unchanging Student User ID for Intra-Institutional Information Service, SIGUCCS '15 (Proceedings of the 2015 ACM SIGUCCS Annual Conference on User Services Conference), 10.1145/2815546.2815578, 141-144, 2015.11, In Kyushu University, a traditional "Student ID" based on student number assigned by Student Affairs Department had been used as the user ID of various IT services for a long time. There were some security and usability concerns using Student ID as a user ID. Since Student ID was used as the e-mail address of the student, it was easy to leak outside. Student ID is constructed based on a department code and a serial number, so guessing other ID strings from one ID is easy. Student ID is issued at the day of the entrance ceremony, so it is not usable for pre-entrance education. Student ID will change when the student moves to another department or proceeds from undergraduate to graduate school, so he/she loses personal data when Student ID changes. To solve these problems, Kyushu University decided to introduce another unchanging user ID independent from Student ID. This paper reports the design of new user ID, ID management system we are using, and the effect of introduction of new user ID..
10. Yoshiaki Kasahara, Takuya Kawatani, Eisuke Ito, Koichi Shimozono, Naomi Fujimura, Optimization of Storage Quota Based on User's Usage Distribution, Proceedings of the 2015 IEEE 39th Annual Computer Software and Applications Conference Workshops (COMPSACW 2015), 10.1109/COMPSAC.2015.221, 149-154, 2015.07, To prevent shortage of storage space in a service
system, an administrator usually set per-user quota as an upper
limit of usable space for each user. To avoid service failure
caused by resource exhaustion, the administrator tends to set
a conservative quota value such as the storage capacity divided
by the expected maximum number of users. In this research, we
analyzed long-term storage usage history of our email system
and file sharing system in Kyushu University. Mostly through
the analyzed period, the usage pattern showed a long-tailed
distribution similar to log-normal distribution. Also the overall
storage consumption slowly increased during the analyzed period.
Based on these analysis, we defined “storage utilization ratio” to
evaluate how the storage was effectively used. By approximating
a storage utilization pattern as a power-law distribution, we
proposed a method to calculate the optimal quota value to
maximize the utilization ratio..
11. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Introduction of New Kyushu University Primary Mail Service for Staff Members and Students, SIGUCCS '14 (Proceedings of the 2014 ACM SIGUCCS Annual Conference on User Services Conference), 10.1145/2661172.2662965, 103-106, 2014.11, In the end of fiscal year 2013 (March 2014), Kyushu University Information Infrastructure Initiative introduced new Primary Mail Service for Staff Members and Students. The previous service for staff members had been built using proprietary mail and LDAP appliance, but tight user license and the nature of proprietary system caused several troubles. The previous service for students had been built using open source software (Postfix and Dovecot), but there were some issues with the old implementation of LDAP authentication. With these experiences, we decided to design a new system by merging both system using open source software including Postfix, Dovecot, OpenLDAP, and Squirrelmail. We also extended alias address setting service (previously available for students only) to all the members including staff members. In this paper, we explain the design and implementation, user migration, current status and future works of our new mail service. .
12. Yoshiaki Kasahara, Eisuke Ito, Naomi Fujimura, Gulliver's Toss: Google's Chronic Big Load to University Mail Server and Its Sudden Resolution, Proceedings of the 2013 ACM annual conference on Special interest group on university and college computing services, 10.1145/2504776.2504815, 169-174, 2013.11, Traditionally, Kyushu University has been providing email service internally using its own domain name for staff members and students of the university. Around January 2012, we noticed that the high load of the university authentication server, and we realized that one of causes was the access from the mail server for students (called Student Primary Mail Service). Detailed analysis showed that there was chronic big load produced by Gmail's Mail Fetcher, especially toward nonexistent accounts removed due to graduation. In this paper, we explain the situation and reasons of the big load induced by Google, its possible countermeasures, and its sudden resolution by Google's silent change. .
13. Eisuke Ito, Yoshiaki Kasahara, Naomi Fujimura, Implementation and operation of the Kyushu university authentication system, Proceedings of the 2013 ACM annual conference on Special interest group on university and college computing services, 10.1145/2504776.2504788, 137-142, 2013.11, Nowadays, a university needs to build and maintain a central ID database and authentication system for better ICT (information and communication technology) services. In 2008, the headquarters of Kyushu University had defined medium-range policy of ICT infrastructure preparation, and the policy had indicated construction of a central authentication system. According to the policy, the authors elaborated an installation plan of the Kyu(Q)shu University authentication system (QUAS, for short). Since 2009, Information Infrastructure Initiative of Kyushu University, to which the authors belong, has been issuing ID cards to all employees, and also operating LDAP servers. This paper introduces the action plan and outline of QUAS. This paper also describes two recent topics of QUAS. One is high load of LDAP servers because of rapid increase of mobile devices, and the other one is development of a multifactor authentication Shibboleth Identity Provider (IdP). .
14. Yoshiaki Kasahara, Eisuke Ito, A study of network issues for implementing large-scale academic cloud service, IEICE Technical Report, 113, 240, 35-40, 2013.10, The virtualization technology of computer resources has matured enough for production services, and cloud services became popular in various fields. Cloud services are also gradually incorporated in universities' research and education activities. There is a demand for cloud infrastructure suitable for academic activities. To implement practical and user-friendly services on private, community, or public cloud services, we need to consider about network design. This paper tries to clarify network issues for implementing cloud services considering use cases, the number of instances, utilization of IP addresses, virtual private network, client access networks, and so on..
15. A Bot Detection Method Using Hierarchical Clustering Based on Mechanical Communication Behavior Model .
16. Naomi Fujimura, Tadatsugu Togawa, Yoshiaki Kasahara, Eisuke Ito, Introduction and Experience with the Primary Mail Service based on their Names for Students, ACM SIGUCCS'12, 10.1145/2382456.2382460, 11-14, 2012.10, Kyushu University provided mail service based on student IDs such as "1AB10123X" to the university students for many years. Using this model, we had problems communicating with the students who graduated from the University and enrolled in the graduate school. The students received new mail addresses based on their new student IDs such as "2AB12789Y". Faculty members were forced to change the student mail addresses in the mailing lists and in their mail client address book. Furthermore, students were forced to notify the e-mail address change to all of their existing contacts. We introduced a new mail system to provide addresses based on the student name, as well as student ID in April 2011. The new naming convention uses the following format: lastname.firstname.999 where 999 is a random number of 3 digits. Students can select some combination patterns of their first and last names for Japanese. We also consider the middle names for foreign students. In the system implementation, we did not have the formal information of alphabetical names for students. We generated alphabetical names from Japanese Katakana names. It is not easy for us to get the appropriate name in this manner. We implemented a confirmation stage of the alphabetical name at first use, and then students can select their mail addresses for their convenience. We paid much attention to the user interface in the system. Since April 2011, the number of users who use the mail address based on their own name has been increasing gradually. This paper will detail the usage status of the new system. .
17. Seiichiro Mizoguchi, Yoshiro Fukushima, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, Darknet Monitoring on Real-Operated Networks, Proceedings of The 5th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA), 10.1109/BWCCA.2010.82, 278-285, 2010.11, Dark net monitoring is an effective method to analyze malicious activities on networks including the Internet. Since there is no legitimate host on darknets, traffic sent to such a space is considered to be malicious. There are two major issues for dark net monitoring: how to prepare unused address space and how to configure network sensors deployed on the network. Preparation of monitoring addresses is difficult, and it have not been obvious yet what an appropriate configuration is. To solve the first issue, we proposed a method for network monitoring by exploiting unused IP addresses on segments managed by DHCP server, where is a real-operated network. By assigning these addresses, we can easily obtain IP addresses for monitoring and enable network monitoring on production network. Furthermore, we conducted real dark net monitoring experiments and clarified what kind of information could be obtained. We deployed several types of sensors on real-operated network and captured dark net traffic. After analyzing the traffic, we compared the data between each sensor. We found that there were dramatic differences between the data collected by each sensor and our proposed method was useful for real network monitoring..
18. Seiichiro Mizoguchi, Yuji Kugisaki, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai, Implementation and Evaluation of Bot Detection Scheme based on Data Transmission Intervals, Proceedings of 6th IEEE ICNP Workshop on Secure Network Protocols (NPSec), 10.1109/NPSEC.2010.5634446, 73-78, 2010.11, Botnet is one of the most considerable issues in the world. A host infected with a bot is used for collecting personal information, launching DoS attacks, sending spam e-mail and so on. If such a machine exists in an organizational network, that organization will lose its reputation. We have to detect these bots existing in organizational networks immediately. Several network-based bot detection methods have been proposed; however, some traditional methods using payload analysis or signature-based detection scheme are undesirable in large amount of traffic. Also there is a privacy issue with looking into payloads, so we have to develop another scheme that is independent of payload analysis. In this paper, we propose a bot detection method which focuses on data transmission intervals. We distinguish human-operated clients and bots by their network behaviors. We assumed that a bot communicates with C&C server periodically and each interval of data transmission will be the same. We found that we can detect such behaviors by using clustering analysis to these intervals. We implemented our proposed algorithm and evaluated by testing normal IRC traffic and bot traffic captured in our campus network. We found that our method could detect IRC-based bots with low false positives..
19. M. Nakakuni, E. Ito, Y.Kasahara, S. Inoue, H. Dozono, Construction and Use Examples of Private Electronic Notary Service in Educational Institutions, WSEAS Transactions on Advances in Engineering Education, Issue 10, Vol. 5, 2008.10, [URL].
20. C.S. Hong, Y. Kasahara, D.H. Lee, DDoS Attack Defense Architecture Using Active Network Technology, International Conference on Computational Science and Its Applications - ICCSA 2004, 3043, 915-923, LNCS 3043, pp. 915-923, 2004.05.