• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.267-269
• /
• 2021

Trusted Execution Environment(TEE) is an execution environment provided by CPU hardware to gain guarantee that the execution context is as expected by the execution requester. Remote attestation of the execution context naturally arises from the concept of TEEs. Many implementations of TEEs use cryptographic remote attestation methods. Though the implementation of attestation may be simple, the implementation of verification may be very complex and heavy. By using a server delegating the verification process of attestation information, one may produce lightweight binaries that may verify peers and establish a secure channel with verified peers.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1554-1558
• /
• 2008

현대의 서비스들은 점차 온라인화 되어가고 있으며, 특히 무선 통신의 발전은 따라 현대 사회인들에게 다양한 모바일 기기들을 사용하여 여러 서비스를 제공 받을 수 있도록 하였다. 하지만 모바일 단말기의 분실 및 불법적인 복제와 점차 증가하고 있는 모바일 악성코드로 인한 모바일 환경의 보안 위협은 기존의 소프트웨어 보안으로는 감당할 수 없게 되었다. 이에 안전한 모바일 환경을 위해 하드웨어 모듈 기반의 신뢰 컴퓨팅이 제안되었다. 이는 하드웨어 보안 모듈로 하여금 보안 시스템의 중추적인 역할을 하도록 하여 전체 보안 수준을 하드웨어 수준으로 높이는 장점을 가지고 있다. 하지만 이러한 하드웨어 기반의 보안 시스템에서는 사용자의 암호 및 단말기 이동에 따른 적절한 키의 백업과 복구 방안이 필요하다. 본 논문에서는 이러한 MTM기반의 모바일 신뢰 컴퓨팅에서의 키 백업에 대한 보안 요구사항과 메커니즘에 대한 분석을 제시한다.

• Journal of Information Processing Systems
• /
• v.13 no.3
• /
• pp.573-589
• /
• 2017

Cloud computing is an attractive solution that can provide low cost storage and powerful processing capabilities for government agencies or enterprises of small and medium size. Yet the confidentiality of information should be considered by any organization migrating to cloud, which makes the research on relational database system based on encryption schemes to preserve the integrity and confidentiality of data in cloud be an interesting subject. So far there have been various solutions for realizing SQL queries on encrypted data in cloud without decryption in advance, where generally homomorphic encryption algorithm is applied to support queries with aggregate functions or numerical computation. But the existing homomorphic encryption algorithms cannot encrypt floating-point numbers. So in this paper, we present a mechanism to enable the trusted party to encrypt the floating-points by homomorphic encryption algorithm and partial trusty server to perform summation on their ciphertexts without revealing the data itself. In the first step, we encode floating-point numbers to hide the decimal points and the positive or negative signs. Then, the codes of floating-point numbers are encrypted by homomorphic encryption algorithm and stored as sequences in cloud. Finally, we use the data structure of DoubleListTree to implement the aggregate function of SUM and later do some extra processes to accomplish the summation.

• The KIPS Transactions:PartC
• /
• v.15C no.1
• /
• pp.9-18
• /
• 2008

Prevention of attacks being made through program modification in sensor nodes is one of the important security issues. The software-based attestation technology that verifies the running code by checking whether it is modified or not in sensor nodes is being used to solve the attack problem. However, the current software-based attestation techniques are not appropriate in sensor networks because not only they are targeting static networks that member nodes does not move, but also they lacks consideration on the environment that the trusted verifier may not exist. This paper proposes a mutual attestation protocol that is suitable for sensor networks by using SWATT(Software-based ATTestation) technique. In the proposed protocol, sensor nodes periodically notify its membership to neighbor nodes and carry out mutual attestation procedure with neighbor nodes by using SWATT technique. With the proposed protocol, verification device detects the sensor nodes compromised by malicious attacks in the sensor network environments without trusted verifier and the sensor networks can be composed of only the verified nodes.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.8
• /
• pp.259-268
• /
• 2022

With prosperous usage of cloud services to improve management efficiency due to the explosive increase in data volume, various cryptographic techniques are being applied in order to preserve data privacy. In spite of the vast computing resources of cloud systems, decrease in storage efficiency caused by redundancy of data outsourced from multiple users acts as a factor that significantly reduces service efficiency. Among several approaches on privacy-preserving data deduplication over encrypted data, in this paper, the research results for improving efficiency of encrypted data deduplication using trusted execution environment (TEE) published in the recent USENIX ATC are analysed in terms of security and efficiency of the participating entities. We present a way to improve the stability of a key-managing server by integrating it with individual clients, resulting in secure deduplication without independent key servers. The experimental results show that the communication efficiency of the proposed approach can be improved by about 30% with the effect of a distributed key server while providing robust security guarantees as the same level of the previous research.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.27-35
• /
• 2017

In near future, IoT data is expected to be a major portion of Big Data. Moreover, sensor data is expected to be major portion of IoT data, and its' research is actively carried out currently. However, processed results may not be trusted and used if outlier data is included in the processing of sensor data. Therefore, method for detection and deletion of those outlier data before processing is studied in this paper. Moreover, we used Spark which is memory based distributed processing environment for fast processing of big sensor data. The detection and deletion of outlier data consist of four stages, and each stage is implemented with Mapper and Reducer operation. The proposed method is compared in three different processing environments, and it is expected that the outlier detection and deletion performance is best in the distributed Spark environment as data volume is increasing.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.3
• /
• pp.9-18
• /
• 2008

Mobile devices do not need the fixed network infrastructure in ad-hoc network, these devices communicate each other through the distributed control. Accordingly, mobile devices can discover several services using dynamic searching method and provide safely public ownership of these services. Ad-hoc network needs the distributed control and topology of dynamic network because the limited power for processing and network communication. This paper is devoted to provide the secure protocol that provides efficient services discovery using SDP(Service Discovery Protocol) and considers the security requirements. Proposed protocol provides the distributed control based on PKI without central server, the discovery of trusted service, secure telecommunication, the identification among mobile devices, and service access control by user authority.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1113-1116
• /
• 2006

Security in wireless sensor networks is very pressing especially when sensor nodes are deployed in hostile environments. To obtain security purposes, it is essential to be able to encrypt and authenticate messages sent amongst sensor nodes. Keys for encryption and authentication must be agreed upon by communicating nodes. Due to resource limitations and other unique features, obtaining such key agreement in wireless sensor network is extremely complex. Many key agreement schemes used in general networks, such as trusted server, Diffie-Hellman and public-key based schemes, are not suitable for wireless sensor networks [1], [2], [5], [7], [8]. In that situation, key pre-distribution scheme has been emerged and considered as the most appropriate scheme [2], [5], [7]. Based on that sense, we propose a new resource-optimal key pre-distribution scheme utilizing merits of the two existing key pre-distribution schemes [3], [4]. Our scheme exhibits the fascinating properties: substantial improvement in sensors' resource usage, rigorous guarantee of successfully deriving pairwise keys between any pair of nodes, greatly improved network resiliency against node capture attack. We also present a detailed analysis in terms of security and resource usage of the scheme.

• Journal of Information Processing Systems
• /
• v.7 no.1
• /
• pp.121-136
• /
• 2011

With the rapid growth of GPS-enable Smartphones, the interest on using Location Based Services (LBSs) has increased significantly. The evolution in the functionalities provided by those smartphones has enabled them to accurately pinpoint the location of a user. Because location information is what all LBSs depend on to process user's request, it should be properly protected from attackers or malicious service providers (SP). Additionally, maintaining user's privacy and confidentiality are imperative challenges to be overcome. A possible solution for these challenges is to provide user anonymity, which means to ensure that a user initiating a request to the SP should be indistinguishable from a group of people by any adversary who had access to the request. Most of the proposals that maintain user's anonymity are based on location obfuscation. It mainly focuses on adjusting the resolution of the user's location information. In this paper, we present a new protocol that is focused on using cryptographic techniques to provide anonymity for LBSs users in the smartphone environment. This protocol makes use of a trusted third party called the Anonymity Server (AS) that ensures anonymous communication between the user and the service provider.

• Journal of Information Processing Systems
• /
• v.10 no.4
• /
• pp.618-627
• /
• 2014

Nowadays mobile users are using a popular service called Location-Based Services (LBS). LBS is very helpful for a mobile user in finding various Point of Interests (POIs) in their vicinity. To get these services, users must provide their personal information, such as user identity or current location, which severely risks the location privacy of the user. Many researchers are developing schemes that enable a user to use these LBS services anonymously, but these approaches have some limitations (i.e., either the privacy prevention mechanism is weak or the cost of the solution is too much). As such, we are presenting a robust scheme for mobile users that allows them to use LBS anonymously. Our scheme involves a client side application that interacts with an untrusted LBS server to find the nearest POI for a service required by a user. The scheme is not only efficient in its approach, but is also very practical with respect to the computations that are done on a client's resource constrained device. With our scheme, not only can a client anonymously use LBS without any use of a trusted third party, but also a server's database is completely secure from the client. We performed experiments by developing and testing an Android-based client side smartphone application to support our argument.