• Journal of Information Processing Systems
• /
• 제13권3호
• /
• pp.573-589
• /
• 2017

Cloud computing is an attractive solution that can provide low cost storage and powerful processing capabilities for government agencies or enterprises of small and medium size. Yet the confidentiality of information should be considered by any organization migrating to cloud, which makes the research on relational database system based on encryption schemes to preserve the integrity and confidentiality of data in cloud be an interesting subject. So far there have been various solutions for realizing SQL queries on encrypted data in cloud without decryption in advance, where generally homomorphic encryption algorithm is applied to support queries with aggregate functions or numerical computation. But the existing homomorphic encryption algorithms cannot encrypt floating-point numbers. So in this paper, we present a mechanism to enable the trusted party to encrypt the floating-points by homomorphic encryption algorithm and partial trusty server to perform summation on their ciphertexts without revealing the data itself. In the first step, we encode floating-point numbers to hide the decimal points and the positive or negative signs. Then, the codes of floating-point numbers are encrypted by homomorphic encryption algorithm and stored as sequences in cloud. Finally, we use the data structure of DoubleListTree to implement the aggregate function of SUM and later do some extra processes to accomplish the summation.

• Journal of Information Processing Systems
• /
• 제20권4호
• /
• pp.432-441
• /
• 2024

To improve the security of gene information and the accuracy of matching, this paper designs a homomorphic encryption algorithm for gene matching based on cloud computing environment. Firstly, the gene sequences of cloud files entered by users are collected, which are converted into binary code by binary function, so that the encrypted text is obviously different from the original text. After that, the binary code of genes in the database is compared with the generated code to complete gene matching. Experimental analysis indicates that when the number of fragments in a 1 GB gene file is 65, the minimum encryption time of the algorithm is 80.13 ms. Aside from that, the gene matching time and energy consumption of this algorithm are the least, which are 85.69 ms and 237.89 J, respectively.

• 정보보호학회논문지
• /
• 제33권3호
• /
• pp.375-381
• /
• 2023

완전동형암호는 암호화된 데이터에 대한 대수적 연산을 지원하며, 최근에는 최대값 함수 등의 비대수적 연산도 근사하는 방법이 연구되고 있다. 그러나 아직 4개 이상의 숫자에 대한 정밀한 맥스 풀링 근사 연구는 이루어지지 않았다. 본 연구에서는 최대값 함수 근사 다항식의 합성을 활용하여 정밀한 맥스 풀링 근사 기법을 제안하였으며, 이를 이론적으로 분석하여 높은 정밀도를 증명하였다. 실험 결과, 제안하는 근사 맥스 풀링은 1ms 이내의 작은 분할 실행 시간과 이론적 분석과 일치하는 높은 정밀도를 보여주었다.

• 정보보호학회논문지
• /
• 제34권5호
• /
• pp.865-873
• /
• 2024

본 연구에서는 동형 암호를 활용한 프라이버시 보장 암호화 API 오용 탐지 프레임워크를 제안한다. 제안하는 프레임워크는 암호화된 상태에서 데이터의 기밀성을 유지하면서도 효과적으로 암호화 API 오용을 탐지할 수 있도록 설계되었다. 먼저, CNN(Convolutional Neural Network) 기반의 탐지 모델을 사용하고, 암호화된 환경에서도 높은 정확도를 유지하기 위해 모델 구조를 최적화하였다. 구체적으로, 효율적인 동형 암호 연산을 위해 깊이별 합성곱층을 활용하고, 비선형성을 확보하기 위해 세제곱 활성화 함수를 도입하여 암호화된 데이터에서도 오용 탐지를 효과적으로 수행할 수 있도록 하였다. 실험 결과, 제안된 모델은 F1 스코어 0.978의 높은 탐지 성능을 보였으며, 동형 암호를 적용한 모델의 전체 실행 시간은 11.20초로, 실시간 처리에 가까운 계산 효율성을 보여주었다. 이러한 결과는 동형 암호를 활용한 환경에서도 우수한 보안성과 정확도를 제공할 수 있음을 확인시켜준다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권3호
• /
• pp.1510-1532
• /
• 2017

In smart grid, privacy implications to individuals and their families are an important issue because of the fine-grained usage data collection. Wireless communications are utilized by many utility companies to obtain information. Network coding is exploited in smart grids, to enhance network performance in terms of throughput, delay, robustness, and energy consumption. However, random linear network coding introduces a new challenge for privacy preserving due to the encoding of data and updating of coefficients in forwarder nodes. We propose a distributed privacy preserving scheme for random linear network coding in smart grid that considers the converged flows character of the smart grid and exploits a homomorphic encryption function to decrease the complexities in the forwarder node. It offers a data confidentiality privacy preserving feature, which can efficiently thwart traffic analysis. The data of the packet is encrypted and the tag of the packet is encrypted by a homomorphic encryption function. The forwarder node random linearly codes the encrypted data and directly processes the cryptotext tags based on the homomorphism feature. Extensive security analysis and performance evaluations demonstrate the validity and efficiency of the proposed scheme.

• Journal of Internet Technology
• /
• 제22권6호
• /
• pp.1287-1297
• /
• 2021

Data aggregation is the significant process in which the information is gathered and combines data to decrease the amount of data transmission in the WSN. The sensor devices are susceptible to node attacks and security issues such as data confidentiality and data privacy are extremely important. A novel technique called Ruzicka Index Regressive Homomorphic Ephemeral Key Benaloh Cryptography (RIRHEKBC) technique is introduced for enhancing the security of data aggregation and data privacy in WSN. By applying the Ruzicka Index Regressive Homomorphic Ephemeral Key Benaloh Cryptography, Ephemeral private and public keys are generated for each sensor node in the network. After the key generation, the sender node performs the encryption using the receiver public key and sends it to the data aggregator. After receiving the encrypted data, the receiver node uses the private key for decrypting the ciphertext. The key matching is performed during the data decryption using Ruzicka Indexive regression function. Once the key is matched, then the receiver collects the original data with higher security. The simulation result proves that the proposed RIRHEKBC technique increases the security of data aggregation and minimizes the packet drop, and delay than the state-of-the- art methods.

• International Journal of Internet, Broadcasting and Communication
• /
• 제13권2호
• /
• pp.60-66
• /
• 2021

Blockchain is a technology that enables trust-based consensus and verification based on a decentralized network. Distributed ID (DID) is based on a decentralized structure, and users have the right to manage their own ID. Recently, interest in self-sovereign identity authentication is increasing. In this paper, as a method for transparent and safe sovereignty management of data, among data pseudonymization techniques for blockchain use, various methods for data encryption processing are examined. The public key technique (homomorphic encryption) has high flexibility and security because different algorithms are applied to the entire sentence for encryption and decryption. As a result, the computational efficiency decreases. The hash function method (MD5) can maintain flexibility and is higher than the security-related two-way encryption method, but there is a threat of collision. Zero-knowledge proof is based on public key encryption based on a mutual proof method, and complex formulas are applied to processes such as personal identification, key distribution, and digital signature. It requires consensus and verification process, so the operation efficiency is lowered to the level of O (log_eN) ~ O(N²). In this paper, data encryption processing for blockchain DID, based on zero-knowledge proof, was proposed and a one-way encryption method considering data use range and frequency of use was proposed. Based on the content presented in the thesis, it is possible to process corrected zero-knowledge proof and to process data efficiently.

• 정보보호학회논문지
• /
• 제27권3호
• /
• pp.413-426
• /
• 2017

본 연구에서는 완전동형암호로 암호화된 데이터에 적용할 수 있는 가산기 및 다수개의 데이터를 가산할 때 적용할 수 있는 성능이 향상된 가산 방법을 제안한다. 제안 산술 가산기는 기존의 하드웨어 기반의 산술 가산기 중 최적 회로단계(level)를 가지는 Kogge-Stone Adder 방법을 기반으로 하며, 완전동형암호가 제공하는 암호학적 SIMD(Single Instruction for Multiple Data) 기법을 적용하기에 적합하게 설계되었다. 제안한 다수 가산 방법은 완벽한 가산 결과를 보장하는 Kogge-Stone Adder를 반복적으로 사용하여 다수개의 데이터를 가산하지 않고, 3개 이상의 수를 더해야 할 경우, Full-Adder를 이용하여 3개의 수를 최종 C(Carry-out)과 논리합의 결과인 S(Sum) 의 두 개로 줄인다. 이러한 과정을 반복하여 최종적으로 두 개의 수를 더할 경우에만 Kogge-Stone Adder를 사용하여 가산하는 방법이다. 제안 방법은 더하고자 하는 데이터의 개수가 많아질수록 성능이 비약적으로 향상되었고, 이를 실험을 통해 검증한다.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2023년도 춘계학술발표대회
• /
• pp.123-125
• /
• 2023

As deep learning has become an essential part of human lives, the requirement for Deep Learning as a Service (DLaaS) is growing. Since using remote cloud servers induces privacy concerns for users, a Fully Homomorphic Encryption (FHE) arises to protect users' sensitive data from a malicious attack in the cloud environment. However, the FHE cannot support several computations, including the most popular activation function, Rectified Linear Unit (ReLU). This paper analyzes several polynomial approximation methods for ReLU to utilize FHE in DLaaS.

• Journal of Information Processing Systems
• /
• 제20권1호
• /
• pp.116-130
• /
• 2024

In the Internet-of-Things (IoT) or blockchain-based network systems, secure keys may be stored in individual devices; thus, individual devices should protect data by performing secure operations on the data transmitted and received over networks. Typically, secure functions, such as a physical unclonable function (PUF) and fully homomorphic encryption (FHE), are useful for generating safe keys and distributing data in a network. However, to provide these functions in embedded devices for IoT or blockchain systems, proper inspection is required for designing and implementing embedded system-on-chip (SoC) modules through overhead and performance analysis. In this paper, a virtual platform (SoC VP) was developed that includes a secure key generation module with a PUF and FHE. The SoC VP platform was implemented using SystemC, which enables the execution and verification of various aspects of the secure key generation module at the electronic system level and analyzes the system-level execution time, memory footprint, and performance, such as randomness and uniqueness. We experimentally verified the secure key generation module, and estimated the execution of the PUF key and FHE encryption based on the unit time of each module.