• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.19-22
• /
• 2005

본 논문에서는 대용량 네트워크 트래픽 데이터를 대상으로 사이트의 프라이버시를 보호하면서 마이닝 결과의 정확성, 실용성 등을 보장할 수 있는 효율적인 순차 패턴 마이닝 기법을 제안한다. 네트워크가 발달함에 따라 네트워크 트래픽 데이터에 대한 마이닝은 네트워크를 통한 통신의 패턴을 찾아내고, 이를 사용하여 침입 탐지, 인터넷 웜의 탐지 등으로 유용하게 쓰이게 되었다. 그러나 네트워크 트래픽 데이터는 네트워크 사용자 개개인의 인터넷 접속 형태, IP 주소 등의 정보를 포함하는 데이터로 네트워크 사용자의 프라이버시를 해칠 수 있다는 문제점이 존재한다. 따라서 이들 네트워크 트래픽 데이터를 대상으로 하는 마이닝 기법에서는 프라이버시 보호를 위하여 각 사이트에 저장되어 있는 네트워크 트래픽 데이터를 공개하지 않으면서도, 의미있는 패턴을 찾을 수 있어야 한다. 본 논문에서는 프라이버시 보호를 위하여 N-저장소 서버 모델을 제안한다. 제안된 모델에서는 데이터를 분할하여 암호화한 후, 이를 복호화할 수 없는 서버에서 집계하는 방식을 사용하여 실제 데이터가 저장되어 있는 각 사이트의 출처 정보를 감추는 방식을 사용한다. 또한, 효율적인 빈번 패턴 생성을 위하여 빈번 항목에 대한 인덱스 구조를 제안하고, 이를 기반으로 한 순차 패턴 마이닝 기법을 보인다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.370-378
• /
• 2014

It is well known that data mining plays a crucial role in varities of real-world applications, by which extracts knowledge from large volume of datasets. Among functionalties provided by data mining, frequency mining over given multisets is a basic and essential one. However, most of users would like to obtain the frequency over their multisets without revealing their own multisets. In this work, we come up with a novel way to achive this goal and prove its security rigorously. Our scheme has several advantages over existing work as follows: Firstly, our scheme has the most efficient computational complexity in the cardinality of multisets. Further our security proof is rigorously in the simulation paradigm. Lastly our system assumption is general.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.826-845
• /
• 2017

Outsourcing computation is one of the most important applications in cloud computing, and it has a huge ability to satisfy the demand of data centers. Modular exponentiation computation, broadly used in the cryptographic protocols, has been recognized as one of the most time-consuming calculation operations in cryptosystems. Previously, modular exponentiations can be securely outsourced by using two untrusted cloud servers. In this paper, we present two practical and secure outsourcing modular exponentiations schemes that support only one untrusted cloud server. Explicitly, we make the base and the index blind by putting them into a matrix before send to the cloud server. Our schemes provide better performance in higher efficiency and flexible checkability which support single cloud server. Additionally, there exists another advantage of our schemes that the schemes are proved to be secure and effective without any cryptographic assumptions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.924-944
• /
• 2017

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.161-164
• /
• 2022

Homomorphic Encryption (HE) schemes have been recently growing as a reliable solution to preserve users' information owe to maintaining and operating the user data in the encrypted state. In addition to that, several Neural Networks models merged with HE schemes have been developed as a prospective tool for privacy-preserving machine learning. Those mentioned works demonstrated that it is possible to match the accuracy of non-encrypted models but there is always a trade-off in the computation time. In this work, we evaluate the implementation of CKKS HE scheme operations over the layers of a LeNet5 convolutional inference model, however, owing to the limitations of the evaluation environment, the scope of this work is not to develop a complete LeNet5 encrypted model. The evaluation was performed using the MNIST dataset with Microsoft SEAL (MSEAL) open-source homomorphic encryption library ported version on Python (PyFhel). The behavior of the encrypted model, the limitations faced and a small description of related and future work is also provided.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.189-192
• /
• 2021

5G와 사물인터넷(IoT) 시대에 데이터의 크로스컴퓨팅은 연구, 의료, 금융, 민생 분야 등에 더 많은 지원을 할 수 있고 프라이버시 안전성이 중요해지고 있다. SMPC (Secure Multi-party Computation)은 서로 믿지 않는 참여자 간의 프라이버시 보호 시너지 컴퓨팅 문제를 해결하고, 데이터 수요자에게 원본 데이터를 누설하지 않는 범위 하에서의 다자간 컴퓨팅 능력을 제공한다. IoT 장치는 전력 소모와 지연에 제한을 받기 때문에 대부분의 장치가 여전히 경량화 보안 메커니즘에 속하고 IoT에서 트래픽의 데이터 통합관리가 어렵기 때문에 통신 중 신원인식과 데이터를 주고받는 단계에서 프라이버시 유출의 문제가 발생할 수 있고 심지어 DDOS공격, RelayAttack공격 등 사이버의 목적이 될 수도 있다. 본 논문에서 IoT 네트워크 데이터 통신 특징을 분석하고 동형 암호에 기반의 SMPC 연산 아키텍처를 제안한다. 제안하는 이키텍처에서 동형 암호를 사용함으로써 장치 데이터의 안전을 보장하는 동시에 전체 네트워크 안전성도 확보한다. SMPC 및 동형암호 기술의 지속적 발전에 따라 제안하는 아키텍처가 계속 개선할 잠재력이 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.861-868
• /
• 2023

One of the key technologies in providing data analysis in the deep learning while maintaining security is fully homomorphic encryption. Due to constraints in operations on fully homomorphically encrypted data, non-arithmetic functions used in deep learning must be approximated by polynomials. Until now, the degrees of approximation polynomials with composite minimax polynomials have been uniformly set across layers, which poses challenges for effective network designs on fully homomorphic encryption. This study theoretically proves that setting different degrees of approximation polynomials constructed by composite minimax polynomial in each layer does not pose any issues in the inference on convolutional neural networks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.408-411
• /
• 2024

원격 환경에서의 안전한 데이터 처리를 위한 기술 중 동형암호는 암호화된 데이터 간의 연산을 통한 프라이버시 보존형 연산이 가능하여 최근 딥러닝 연산을 동형암호로 수행하고자 하는 연구가 활발히 진행되고 있다. 그러나 동형암호는 신경망에 존재하는 비산술 활성화함수를 직접적으로 연산할 수 없어 다항함수로 대체하여 연산해야만 하는데, 이로 인해 모델의 정확도가 하락하거나 과도한 연산 부하가 발생하는 등의 비효율성 문제가 발생한다. 본 연구에서는 모델 내의 활성화함수를 서로 다르게 근사하는 접근을 순환신경망(Recurrent Neural Network, RNN)에 적용하여 효율적인 동형암호 연산을 수행하는 방법을 제안하고자 한다.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.331-340
• /
• 2007

Mobile network environments are the environments where mobile devices are distributed invisible in our daily lives so that we can conventionally use mobile services at my time and place. The fact that we can work with mobile devices regardless of time and place, however, means that we are also in security threat of leaking or forging the information. In particular, without solving privacy concern, the mobile network environments which serve convenience to use, harmonized without daily lives, on the contrary, will cause a serious malfunction of establishing mobile network surveillance infrastructure. On the other hand, as the mobile devices with various sizes and figures, public key cryptography techniques requiring heavy computation are difficult to be applied to the computational constrained mobile devices. In this paper, we propose efficient PKI-based user authentication and java-based cryptography module for the privacy-preserving in mobile network environments. Proposed system is support a authentication and digital signature to minimize encrypting and decrypting operation by compounding session key and public key based on Korean standard cryptography algorithm(SEED, KCDSA, HAS160) and certificate in mobile network environment. Also, it has been found that session key distribution and user authentication is safety done on PDA.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.1-11
• /
• 2020

As an important basic building block of the smart grid environment, smart meter provides real-time electricity consumption information to the utility. However, ensuring information security and privacy in the smart meter data aggregation process is a non-trivial task. Even though the secure data aggregation for the smart meter has been a lot of attention from both academic and industry researchers in recent years, most of these studies are not secure against internal attackers or cannot provide data integrity. Besides, their computation costs are not satisfactory because the bilinear pairing operation or the hash-to-point operation is performed at the smart meter system. Recently, blockchains or distributed ledgers are an emerging technology that has drawn considerable interest from energy supply firms, startups, technology developers, financial institutions, national governments and the academic community. In particular, blockchains are identified as having the potential to bring significant benefits and innovation for the electricity consumption network. This study suggests a distributed, privacy-preserving, and simple secure smart meter data aggregation system, backed up by Blockchain technology. Smart meter data are aggregated and verified by a hierarchical Merkle tree, in which the consensus protocol is supported by the practical Byzantine fault tolerance algorithm.