• Journal of KIISE
• /
• v.41 no.10
• /
• pp.799-809
• /
• 2014

In this paper, we address the problem of computing Pearson correlation coefficients and Spearman's rank correlation coefficients in a secure manner while data providers preserve privacy of their own data in distributed environment. For a data mining or data analysis in the distributed environment, data providers(data owners) need to share their original data with each other. However, the original data may often contain very sensitive information, and thus, data providers do not prefer to disclose their original data for preserving privacy. In this paper, we formally define the secure correlation computation, SCC in short, as the problem of computing correlation coefficients in the distributed computing environment while preserving the data privacy (i.e., not disclosing the sensitive data) of multiple data providers. We then present SCC solutions for Pearson and Spearman's correlation coefficients using secure scalar product. We show the correctness and secure property of the proposed solutions by presenting theorems and proving them formally. We also empirically show that the proposed solutions can be used for practical applications in the performance aspect.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1285-1303
• /
• 2019

In the current credit scoring system, the credit bureau gathers credit information from financial institutions and calculates a credit score based on it. However, because all sensitive credit information is stored in one central authority, there are possibilities of privacy violations and successful external attacks can breach large amounts of personal information. To handle this problem, we propose privacy-preserving credit scoring in which a user gathers credit information from financial institutions, calculates a credit score and proves that the score is calculated correctly using a zero-knowledge proof and a blockchain. In addition, we propose a zero-knowledge proof scheme that can efficiently prove committed inputs to check whether the inputs of a zero-knowledge proof are actually provided by financial institutions with a blockchain. This scheme provides perfect zero-knowledge unlike Agrawal et al.'s scheme, short CRSs and proofs, and fast proof and verification. We confirmed that the proposed credit scoring can be used in the real world by implementing it and experimenting with a credit score algorithm which is similar to that of the real world.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.1028-1046
• /
• 2022

Genome-wide association studies (GWAS) aim to find the significant genetic variants for common complex disease. However, genotype data has privacy information such as disease status and identity, which make data sharing and research difficult. Differential privacy is widely used in the privacy protection of data sharing. The current differential privacy approach in GWAS pays no attention to raw data but to statistical data, and doesn't achieve equilibrium between utility and privacy, so that data sharing is hindered and it hampers the development of genomics. To share data more securely, we propose a differential privacy preserving approach of data sharing for GWAS, and achieve the equilibrium between privacy and data utility. Firstly, a reasonable disturbance interval for the genotype is calculated based on the expected utility. Secondly, based on the interval, we get the Nash equilibrium point between utility and privacy. Finally, based on the equilibrium point, the original genotype matrix is perturbed with differential privacy, and the corresponding random genotype matrix is obtained. We theoretically and experimentally show that the method satisfies expected privacy protection and utility. This method provides engineering guidance for protecting GWAS data privacy.

• Journal of KIISE
• /
• v.41 no.9
• /
• pp.715-727
• /
• 2014

The number of subscribers in 4th generation mobile system has been increased rapidly. Along with that, preserving subscribers' privacy has become a hot issue. To prevent users' location from being revealed publicly is important more than ever. In this paper, we first show that the privacy-related problem exists in user authentication procedure in 4th generation mobile system, especially LTE. Then, we suggest an attack model which allows an adversary to trace a user, i.e. he has an ability to determine whether the user is in his observation area. Such collecting subscribers' location by an unauthorized third party may yield severe privacy problem. To keep users' privacy intact, we propose a modified authentication protocol in LTE. Our scheme has low computational overhead and strong secrecy so that both the security and efficiency are achieved. Finally, we prove that our scheme is secure by using the automatic verification tool ProVerif.

• KIISE Transactions on Computing Practices
• /
• v.22 no.12
• /
• pp.675-680
• /
• 2016

The development of various mobile devices and mobile platform technology has led to a steady increase in the number of online social network (OSN) users. OSN users are free to communicate and share information through activities such as social networking, but this causes a new, user privacy issue. Various distributed OSN architectures are introduced to address the user privacy concern, however, users do not obtain technically perfect control over their data. In this study, the control rights of OSN user are maintained by using personal data storage (PDS). We propose a technique to improve data privacy protection that involves making a group with the user's friend by generating and providing fake text data based on user's real text data. Fake text data is generated based on the user's word sensitivity value, so that the user's friends can receive the user's differential data. As a result, we propose a system architecture that solves possible problems in the tradeoff between service utility and user privacy in OSN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.35-44
• /
• 2009

To protect sensitive personal information, data will be stored in encrypted form. However in order to retrieve these encrypted data without decryption, there need efficient search methods to enable the retrieval of the encrypted data. Until now, a number of searchable encryption schemes have been proposed but these schemes are not suitable when dynamic users who have the permission to access the data share the encrypted data. Since, in previous searchable encryption schemes, only specific user who is the data owner in symmetric key settings or has the secret key corresponding to the public key for the encrypted data in asymmetric key settings can access to the encrypted data. To solve this problem, Stephen S. Yau et al. firstly proposed the controlled privacy preserving keyword search scheme which can control the search capabilities of users according to access policies of the data provider. However, this scheme has the problem that the privacy of the data retrievers can be breached. In this paper, we firstly analyze the weakness of Stephen S. Yau et al.'s scheme and propose privacy preserving keyword search with access control. Our proposed scheme preserves the privacy of data retrievers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2708-2730
• /
• 2012

The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.2
• /
• pp.87-94
• /
• 2013

In this paper, we analyse the weaknesses of authentication scheme preserving user anonymity proposed by Khan et al in 2011 and we propose a new authentication schemes preserving user anonymity that improved these weaknesses. Khan et al's authentication scheme is vulnerable to insider attack and doesn't provide user anonymity to the server. Also, this scheme is still a weakness of wrong password input by mistake in spite of proposing the password change phase. In this paper, we will show that Khan et al's scheme is vulnerable to the stolen smart card attack and the strong server/user masquerade attack. The proposed authentication scheme propose the improved user anonymity, which can provide more secure privacy to user by improving these weaknesses.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.229-230
• /
• 2024

최근 드론으로 극한 환경에서 범죄 수배자 및 실종자를 탐색하는 시도가 활발하다. 이때 생체 인증 기술인 얼굴 인증 기술을 사용하면 탐색 효율이 높아지지만, 암호화되지 않은 인증 프로토콜 적용 시 생체 정보 유출의 위험이 있다. 본 논문에서는 드론이 수집한 얼굴 이미지 템플릿을 암호화하여 안전하게 인증할 수 있는 효율적인 생체 인증 프레임워크인 DF-PPHDM(Privacy-Preserving Hamming Distance biometric Matching for Drone-collected Facial images)을 제안한다. 수집된 얼굴 이미지는 암호문 형태로 서버에 전달되며 서버는 기존 등록된 암호화된 템플릿과의 Hamming distance 분석을 통해 검증한다. 제안한 DF-PPHDM을 RaspberryPI 4B 환경에서 직접 실험하여 분석한 결과, 한정된 리소스를 소유한 드론에서 효율적인 구현이 가능하며, 인증 단계에서 7.83~155.03 ㎲ (microseconds)가 소요된다는 것을 입증하였다. 더불어 서버는 드론이 전송한 암호문으로부터 생체 정보를 복구할 수 없으므로 프라이버시 침해 문제를 예방할 수 있다. 향후 DF-PPHDM에 AI(Artificial Intelligence)를 결합하여 자동화 기능을 추가하고 코드 최적화를 통해 성능을 향상시킬 예정이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.1
• /
• pp.147-169
• /
• 2024

In pace with the development of network technology at lightning speed, social networks have been extensively applied in our lives. However, as social networks retain a large number of users' sensitive information, the openness of this information makes social networks vulnerable to attacks by malicious attackers. To preserve the link privacy of individuals in social networks, an uncertain graph method based on node random response is devised, which satisfies differential privacy while maintaining expected data utility. In this method, to achieve privacy preserving, the random response is applied on nodes to achieve edge modification on an original graph and node differential privacy is introduced to inject uncertainty on the edges. Simultaneously, to keep data utility, a divide and conquer strategy is adopted to decompose the original graph into many sub-graphs and each sub-graph is dealt with separately. In particular, only some larger sub-graphs selected by the exponent mechanism are modified, which further reduces the perturbation to the original graph. The presented method is proven to satisfy differential privacy. The performances of experiments demonstrate that this uncertain graph method can effectively provide a strict privacy guarantee and maintain data utility.