• Journal of KIISE
• /
• v.43 no.12
• /
• pp.1437-1457
• /
• 2016

In outsourced databases, the cloud provides an authorized user with querying services on the outsourced database. However, sensitive data, such as financial or medical records, should be encrypted before being outsourced to the cloud. Meanwhile, k-Nearest Neighbor (kNN) query is the typical query type which is widely used in many fields and the result of the kNN query is closely related to the interest and preference of the user. Therefore, studies on secure kNN query processing algorithms that preserve both the data privacy and the query privacy have been proposed. However, existing algorithms either suffer from high computation cost or leak data access patterns because retrieved index nodes and query results are disclosed. To solve these problems, in this paper we propose a new kNN query processing algorithm on the encrypted database. Our algorithm preserves both data privacy and query privacy. It also hides data access patterns while supporting efficient query processing. To achieve this, we devise an encrypted index search scheme which can perform data filtering without revealing data access patterns. Through the performance analysis, we verify that our proposed algorithm shows better performance than the existing algorithms in terms of query processing times.

• Journal of KIISE
• /
• v.44 no.10
• /
• pp.1112-1123
• /
• 2017

As content providers further offload content-centric services to the cloud, data retrieval over the cloud typically results in many redundant items because there is a prevalent near-duplication of content on the Internet. Simply fetching all data from the cloud severely degrades efficiency in terms of resource utilization and bandwidth, and data can be encrypted by multiple content providers under different keys to preserve privacy. Thus, locating near-duplicate data in a privacy-preserving way is highly dependent on the ability to deduplicate redundant search results and returns best matches without decrypting data. To this end, we propose an efficient near-duplicate detection scheme for encrypted data in the cloud. Our scheme has the following benefits. First, a single query is enough to locate near-duplicate data even if they are encrypted under different keys of multiple content providers. Second, storage, computation and communication costs are alleviated compared to existing schemes, while achieving the same level of search accuracy. Third, scalability is significantly improved as a result of a novel and efficient two-round detection to locate near-duplicate candidates over large quantities of data in the cloud. An experimental analysis with real-world data demonstrates the applicability of the proposed scheme to a practical cloud system. Last, the proposed scheme is an average of 70.6% faster than an existing scheme.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.1-13
• /
• 2008

Trusted Computing is a hardware-based technology that aims to guarantee security for machines beyond their users' control by providing security on computing hardware and software. TPM(Trusted Platform Module), the trusted platform specified by the Trusted Computing Group, acts as the roots for the trusted data storage and the trusted reporting of platform configuration. Data sealing encrypts secret data with a key and the platform's configuration at the time of encryption. In contrast to the traditional data sealing based on binary hash values of the platform configuration, a new approach called property-based data sealing was recently suggested. In this paper, we propose and analyze a new property-based data sealing protocol using the weakest precondition concept by Dijkstra. The proposed protocol resolves the problem of system updates by allowing sealed data to be unsealed at any configuration providing the required property. It assumes practically implementable trusted third parties only and protects platform's privacy when communicating. We demonstrate the proposed protocol's operability with any TPM chip by implementing and running the protocol on a software TPM emulator by Strasser. The proposed scheme can be deployed in PDAs and smart phones over wireless mobile networks as well as desktop PCs.

• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.567-584
• /
• 2004

As XML becomes popular as the way of presenting information on the web, how to secure XML data becomes an important issue. So far study on XML security has focused on security of data communications by using digital sign or encryption technology. But, it now requires not just to communicate secure XML data on communication but also to manage query process to access XML data since XML data becomes more complicated and bigger. We can manage XML data queries by access control technique. Right now current XML data access control only deals with read operation. This approach has no option to process update XML queries. In this paper, we present XML access control model and technique that can support both read and update operations. In this paper, we will propose the operation for XML document update. Also, We will define action type as a new concept to manage authorization information and process update queries. It results in both minimizing access control steps and reducing memory cost. In addition, we can filter queries that have no access rights at the XML data, which it can reduce unnecessary tasks for processing unauthorized query. As a result of the performance evaluation, we show our access control model is proved to be better than other access control model in update query. But it has a little overhead to decide action type in select query.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.7
• /
• pp.1237-1245
• /
• 2006

This paper presented a hardware implementation of ARIA, which is a Korean standard l28-bit block cryptography algorithm. In this work, ARIA was designed technology-independently for application such as ASIC or core-based designs. ARIA algorithm was fitted in FPGA without additional components of hardware or software. It was confirmed that the rate of resource usage is about 19% in Altera EPXAl0F1020CI and the resulting design operates stably in a clock frequency of 36.35MHz, whose encryption/decryption rate was 310.3Mbps. Consequently, the proposed hardware implementation of ARIA is expected to have a lot of application fields which need high speed process such as electronic commerce, mobile communication, network security and the fields requiring lots of data storing where many users need processing large amount of data simultaneously.

• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.837-844
• /
• 2018

Recently, the cloud technology has made dynamical network changes by enabling the construction of a logical network without building a physical network. Despite recent research on the cloud, it is necessary to study security functions for the identification of fake virtual network functions and the encryption of communication between entities. Because the VNFs are open to subscribers and able to implement service directly, which can make them an attack target. In this paper, we propose a virtual public key infrastructure mechanism that detects a fake VNFs and guarantees data security through mutual authentication between VNFs. To evaluate the virtual PKI, we built a management and orchestration environment to test the performance of authentication and key generation for data security. And we test the detection of a distributed denial of service by using several AI algorithms to enhance the security in NFV.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.4
• /
• pp.89-96
• /
• 2013

The graphic processor unit (GPU) has been developed to process not only graphic data but also general system data. It shows a better performance than CPU in algorithm for 3D graphics and parallel program. In order to execute algorithm for CPU on GPU, we should understand about GPU architectures and rewrite program considering parallel processing capability and new memory model of GPU. For this reasons, a performance prediction model for the algorithm and its predicted performance through GPU system are required. These can predict problems in GPU application development or construct a performance evaluation standard for GPU. In this paper, we applied the AES encryption algorithms on our performance model and accomplished performance prediction with high accuracy under a heavy workload.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.42 no.4 s.334
• /
• pp.29-36
• /
• 2005

This paper presents the first hardware design of ARIA that KSA(Korea Standards Association) decided as the block encryption standard at Dec. 2004. The ARIA cryptographic algorithm has an efficient involution SPN (Substitution Permutation Network) and is immune to known attacks. The proposed ARIA design based on 1 cycle/round include a dual port ROM to reduce a size of circuit md a high speed round key generator with barrel rotator. ARIA design proposed is implemented with Xilinx VirtexE-1600 FPGA. Throughput is 437 Mbps using 1,491 slices and 16 RAM blocks. To demonstrate the ARIA system operation, we developed a security system cyphering video data of communication though Internet. ARIA addresses applications with high-throughput like data storage and internet security protocol (IPSec and TLS) as well as IC cards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.781-792
• /
• 2015

This paper proposes a virtual and invisible private disk (VIPDISK) technology equipped with the secure storage devices. As a software based security technology, it can create hidden partitions on any data storage device which can not be identified by the windows OS, so the program running on it, does not have any evidence of the existence of the hidden storage space. Under inactive state, it maintains an unexposed secure partition which can only be activated with a matching combination of a unique digital key and a user password to open the decryption tool. In addition, VIPDISK can store data to secure storage device with real-time encryption, it is worry-free even in the case of lost or theft. Simulation results show that VIPDISK provides a much higher level of security compared to other existing schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.69-79
• /
• 2016

Biometric authentication is considered as being an efficient authentication method, since a user is not required to possess or memorize any other information other than biometrics. However, since biometric information is sensitive and could be permanently unavailable in case of revealing that information just once, it is essential to preserve privacy of biometrics. In addition, since noise is inherent in the user of biometric recognition technologies, the biometric authentication needs to handle the noise. Recently, biometric authentication protocols using fuzzy extractor have been actively researched, but the fuzzy extractor-based authentication has a problem that a user should memorize an additional information, called helper data, to deal with their noisy biometric information. In this paper, we propose a novel biometric authentication protocol using Hidden Vector Key Encapsulation Mechanism(HV-KEM) which is one of functional encryption schemes. A primary advantage of our protocol is that a user does not need to possess or memorize any additional information. We propose security requirements of HV-KEM necessary for constructing biometric authentication protocols, and analyze our proposed protocol in terms of correctness, security, and efficiency.