WO2023101399A1 - Système de gestion de la sécurité d'une grande quantité de données - Google Patents

Système de gestion de la sécurité d'une grande quantité de données Download PDF

Info

Publication number
WO2023101399A1
WO2023101399A1 PCT/KR2022/019175 KR2022019175W WO2023101399A1 WO 2023101399 A1 WO2023101399 A1 WO 2023101399A1 KR 2022019175 W KR2022019175 W KR 2022019175W WO 2023101399 A1 WO2023101399 A1 WO 2023101399A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
communication channel
secure communication
secure
received
Prior art date
Application number
PCT/KR2022/019175
Other languages
English (en)
Korean (ko)
Inventor
박한나
정해일
조성민
Original Assignee
주식회사 시옷
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 시옷 filed Critical 주식회사 시옷
Publication of WO2023101399A1 publication Critical patent/WO2023101399A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to a security processing system for large-capacity data, and more particularly, to an IoT security system capable of encrypting large-capacity data transmitted and received between devices constituting the Internet of Things at high speed.
  • IoT Internet of Things
  • open source-based software such as Python, PHP, and OpenSSL
  • hardware platform that provides various functions and services between users and objects through Internet access.
  • IoT devices are difficult to apply security in the form of software due to lack of resources, and in the case of software security products that have been deployed and installed, they must be provided in accordance with the device development environment, so there is a limit to supporting various IoT device development environments.
  • One aspect of the present invention provides an IoT security system capable of encrypting data transmitted and received through a secure communication channel by forming a secure communication channel between devices constituting the IoT.
  • a security processing system for large-capacity data forms a secure communication channel between IoT devices constituting the Internet of Things and encrypts data transmitted and received through the secure communication channel in different ways according to the size of the data. contains the module
  • the secure hub module includes
  • An encryption unit for encrypting data transmitted to and received from the IoT device through a secure communication channel through a preset encryption algorithm is included.
  • the encryption unit The encryption unit,
  • the reception time of the data received through the secure hub module is converted into a binary number, the converted binary number is divided into two sections, and the binary number included in the first section is divided into two sections.
  • a first variable converted into a decimal number and a second variable obtained by converting the binary number included in the second interval into a decimal number are generated, and a first prime number closest to the first variable and a second prime number closest to the second variable are generated. setting, generating a private key and a public key using the set first and second prime numbers, and encrypting the data using the generated private key and public key.
  • a secure communication channel is formed between devices constituting the Internet of Things, and data transmitted and received through the secure communication channel may be encrypted.
  • FIG. 1 is a block diagram showing a schematic configuration of a large data security processing system according to an embodiment of the present invention.
  • FIG. 2 and 3 are flowcharts illustrating specific functions of the secure hub module shown in FIG. 1 .
  • FIG. 4 is a diagram illustrating a specific example of encrypting low-capacity data.
  • FIG. 5 is a diagram illustrating a specific example of encrypting large-capacity data.
  • FIG. 1 is a conceptual diagram showing a schematic configuration of a large data security processing system according to an embodiment of the present invention.
  • the IoT security system 1000 includes at least one IoT device 100, a gateway connected to the IoT device 100 to form an internal network, and connected to the IoT platform 300 to build an external network. 200 and a secure hub module 400 that is connected to the gateway and encrypts data transmitted through the internal network and the external network.
  • the security hub module 400 is a gateway 200 to improve the security of data transmitted and received through the Internet of Things in an already built IoT environment such as the IoT device 100, the gateway 200, and the IoT platform 300. As a device installed on the ) side, it can be physically connected to the gateway 200.
  • FIGS. 2 and 3 are diagrams illustrating a detailed configuration of the secure hub module 400 .
  • the secure hub module 400 transmits and receives data to and from IoT devices through a secure communication channel through a channel setting unit 410 that establishes a secure communication channel between IoT devices requiring communication and a preset encryption algorithm. It includes an encryption unit 420 that encrypts data.
  • the encryption unit 420 includes a data classification unit 421 that classifies data transmitted and received through the secure communication channel as either low-capacity data or large-capacity data, and encrypts the data classified as low-capacity data by the data classification unit. It includes a low-capacity data encryption unit 422 and a large-capacity data encryption unit 423 that encrypts data classified as large-capacity data by the data classification unit.
  • the data classification unit 421 may classify data into either low-capacity data or large-capacity data based on a preset reference data size value (eg, 10mb).
  • FIG. 4 is a diagram showing a specific example of encrypting data in the low-capacity data encryption unit 422 .
  • the low-capacity data encryption unit 422 converts the reception time of the data received through the secure hub module into a binary number, and converts the converted binary number into a binary number. Divide into two sections.
  • the low-capacity data encryption unit 422 causes the first four binary numbers to be included in the first section, and then allows the four binary numbers to be included in the second section. If all of the converted binary numbers are odd, it may be configured to include one more binary number in the first interval. For example, when the converted binary number is a 9-digit number, 5 binary numbers from the beginning are included in the first section, and then 4 binary numbers are included in the second section.
  • the low-capacity data encryption unit 422 generates a first variable obtained by converting the binary number included in the first section into a decimal number and a second variable obtained by converting the binary number included in the second section into a decimal number, and A first prime number closest to a second prime number and a second prime number closest to a second variable are set, a private key and a public key are generated using the set first prime number and the second prime number, and the generated private key and public key are use to encrypt the data.
  • the mass data encryption unit 422 encrypts relatively large amounts of data such as images and videos.
  • the bulk data encryption unit 422 may divide the bulk data into a plurality of seed blocks and encrypt each of the divided seed blocks through a preset block cipher algorithm.
  • the preset block cipher algorithm may be the SEED standardization algorithm, which is a block cipher algorithm in which the input/output processing basic unit (block size) is 128 bits, the size of the input key is 128 bits, and the number of rounds is 16 rounds, but is not limited thereto.
  • Various block encryption algorithms that have been widely used may be applied.
  • the bulk data encryption unit 422 encrypts the bulk data with another encryption method.
  • the mass data encryption unit 422 includes a region of interest setting unit and a conversion unit.
  • the region of interest setting unit sets a region to be encrypted among the entire regions of the captured image as the region of interest.
  • the region-of-interest setting unit performs image analysis on large-volume data in the form of an image, and detects a characteristic part requiring encryption among the entire region of the original image, so that the conversion unit to be described later partially encrypts only the set region and requests data processing. It is possible to reduce the amount of computation and time to be performed.
  • the region of interest setting unit extracts a plurality of objects constituting the original image, sets an object corresponding to a pre-learned object among the plurality of extracted objects as a feature object, and sets the feature object It is characterized in that the region of interest is set to be included.
  • the region of interest setting unit extracts a feature vector from the captured image, inputs the extracted feature vector as an input value of an artificial neural network that has been trained in advance, and selects a plurality of objects included in the captured image based on the output value. can be distinguished. Since the object detection method using such an artificial neural network is a technique widely used in the image processing field, a detailed description thereof will be omitted.
  • the ROI setting unit may set the ROI using a histogram of image data.
  • the histogram is information representing the distribution of contrast values for pixels of an image.
  • the ROI setting unit may generate an entire histogram of pixels constituting the captured image and a partial histogram of a predetermined region of the captured image.
  • the region of interest setting unit separates the original image into R, G, and B channels, and for each of the separated channels, the horizontal axis represents the contrast value of a 256 gray level image with a brightness deviation of 256, and the vertical axis represents the frequency of each contrast value.
  • a histogram representing can be created. Since a specific method for generating a histogram is a known technique, further detailed description will be omitted.
  • the ROI setting unit may select a convolution filter for extracting the ROI using the full histogram and partial histogram of the original image.
  • a convolution filter is a matrix composed of arbitrary pixel sizes used to process a reference image, which is an image corresponding to a region of interest in a reference frame, with various effects, and is also called an image kernel or a convolution kernel.
  • the region of interest setting unit stores various types of convolution filters, and may include, for example, blurring, sharpening, outlining, and embossing convolution filters.
  • the image processing device 100 may further include various types of convolution filters set by the user or collected from external devices.
  • the ROI setting unit may generate an output image by applying a convolution filter to the photographed image.
  • the region of interest setting unit may store convolution filters composed of a 3X3 matrix, and a numerical value may be set for each convolution filter for each matrix element. For example, values of 1, 0, 1, 0, 1, 0, 1, 0, 1 may be sequentially set from the top left of the convolution filter.
  • the region-of-interest setting unit calculates an output value of the corresponding pixel by performing a convolution operation with a convolution filter with any one pixel constituting the reference image and pixels adjacent to the corresponding pixel, and may set the region of interest using the calculated output value.
  • the ROI setting unit may compare a previously stored reference value with an output value calculated for each pixel, select a pixel having an output value most similar to the reference value, and set an area within a predetermined radius based on the selected pixel as the ROI.
  • the conversion unit rearranges all pixels included in the ROI set by the ROI setting unit, and encrypts the original and changed locations of the rearranged pixels using a blockchain.
  • the conversion unit may move the pixels in the region of interest to a position different from the original position by using a predetermined jigsaw pattern.
  • the conversion unit may rearrange each pixel in an arbitrary position other than a predetermined pattern.
  • the conversion unit generates a private key based on the pixel size of the region of interest, generates a public key based on the generated private key, and transaction information indicating a changed position of a pixel included in the region of interest from the original position. Converts to a hash value using a hash function, and generates a digital signature for the transaction information by encrypting the hash value using the private key. A specific function of the conversion unit will be described later.
  • the conversion unit generates a third variable by counting the number of pixels on the horizontal axis of the region of interest, and generates a fourth variable by counting the number of pixels on the vertical axis of the region of interest.
  • the conversion unit sets a prime number closest to the third variable as a third prime number, sets a prime number closest to the fourth variable as a fourth prime number, and uses the set third and fourth prime numbers to generate the private key. and generating the public key.
  • the conversion unit may encrypt the region of interest in which positions of pixels are rearranged through an asymmetric encryption method.
  • This private key-public key generation method uses the RSA encryption algorithm, and since the RSA encryption algorithm is a widely publicized technology, a detailed public key generation process will be omitted.
  • the conversion unit transmits the generated public key to other IoT devices through a secure channel, and when the IoT devices receive the encrypted data, they can decrypt it using the public key received from the conversion unit.
  • the conversion unit generates a first histogram for the captured image and a second histogram for the region of interest, analyzes the first histogram, sets a brightness value with the highest frequency as a first variable, and sets the first histogram to the first histogram. 2 The histogram is analyzed, the brightness value having the highest frequency is set as a second variable, and the private key and the public key are generated using the set first and second prime numbers.
  • the conversion unit 300 resets a brightness value having a higher next-order frequency in the second histogram as a second variable.
  • the conversion unit holds the transmission process of the data until the number of image data to be encrypted is accumulated and stored by a predetermined number, and then confirms that the number of encrypted image data is accumulated and stored by a predetermined number.
  • variable data representing characteristics of the accumulated and stored data group is set, and the image data is encrypted based on the set variable data.
  • the conversion unit bundles the accumulated and stored collected data into data groups, extracts data groups to be transmitted, sets variable data according to the characteristics of the extracted data groups, and creates transformed data that connects the set variable data to each collected data.
  • the generated transformed data is converted into a hash value through a hash function and registered in the blockchain network.
  • the conversion unit generates variable data based on the reference value received from the manager terminal, and converts the image data into a hash value based on the variable data, so that security of the image data can be improved.
  • Such technology may be implemented as an application or implemented in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium.
  • the computer readable recording medium may include program instructions, data files, data structures, etc. alone or in combination.
  • Program instructions recorded on the computer-readable recording medium may be those specially designed and configured for the present invention, or those known and usable to those skilled in the art of computer software.
  • Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical recording media such as CD-ROMs and DVDs, and magneto-optical media such as floptical disks. media), and hardware devices specially configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like.
  • Examples of program instructions include high-level language codes that can be executed by a computer using an interpreter or the like as well as machine language codes such as those produced by a compiler.
  • the hardware device may be configured to act as one or more software modules to perform processing according to the present invention and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)

Abstract

La présente invention concerne un système de gestion de la sécurité d'une grande quantité de données, le procédé établissant un canal de communication sécurisé entre des dispositifs de l'Internet des objets (IdO) dans l'IdO, classifiant les données qui sont transmises et reçues au moyen du canal de communication sécurisé en tant que petite quantité de données ou grande quantité de données, et, sur la base de la taille, utilisant différents procédés de chiffrement.
PCT/KR2022/019175 2021-11-30 2022-11-30 Système de gestion de la sécurité d'une grande quantité de données WO2023101399A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2021-0169399 2021-11-30
KR1020210169399A KR102376435B1 (ko) 2021-11-30 2021-11-30 사물 인터넷 보안 시스템

Publications (1)

Publication Number Publication Date
WO2023101399A1 true WO2023101399A1 (fr) 2023-06-08

Family

ID=80936792

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/019175 WO2023101399A1 (fr) 2021-11-30 2022-11-30 Système de gestion de la sécurité d'une grande quantité de données

Country Status (2)

Country Link
KR (1) KR102376435B1 (fr)
WO (1) WO2023101399A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102376435B1 (ko) * 2021-11-30 2022-03-18 주식회사 시옷 사물 인터넷 보안 시스템

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011186631A (ja) * 2010-03-05 2011-09-22 Mitsubishi Electric Corp ファイル転送システムおよびファイル転送方法
US9325723B2 (en) * 2014-04-16 2016-04-26 Daegu Gyeongbuk Institute Of Science And Technology Proximity service security system and method using beacon
KR20180130203A (ko) * 2017-05-29 2018-12-07 한국전자통신연구원 사물인터넷 디바이스 인증 장치 및 방법
KR102303689B1 (ko) * 2016-05-27 2021-09-17 어페로, 인크. 사물 인터넷(IoT) 디바이스와 보안 통신 채널을 설정하기 위한 시스템 및 방법
KR102376435B1 (ko) * 2021-11-30 2022-03-18 주식회사 시옷 사물 인터넷 보안 시스템
KR102433640B1 (ko) * 2021-11-30 2022-08-18 주식회사 시옷 대용량 데이터의 보안 처리 시스템

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011186631A (ja) * 2010-03-05 2011-09-22 Mitsubishi Electric Corp ファイル転送システムおよびファイル転送方法
US9325723B2 (en) * 2014-04-16 2016-04-26 Daegu Gyeongbuk Institute Of Science And Technology Proximity service security system and method using beacon
KR102303689B1 (ko) * 2016-05-27 2021-09-17 어페로, 인크. 사물 인터넷(IoT) 디바이스와 보안 통신 채널을 설정하기 위한 시스템 및 방법
KR20180130203A (ko) * 2017-05-29 2018-12-07 한국전자통신연구원 사물인터넷 디바이스 인증 장치 및 방법
KR102376435B1 (ko) * 2021-11-30 2022-03-18 주식회사 시옷 사물 인터넷 보안 시스템
KR102433640B1 (ko) * 2021-11-30 2022-08-18 주식회사 시옷 대용량 데이터의 보안 처리 시스템

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHANG, HYE-YOUNG ET AL.: "A Study on Adaptive Cryptography Methods based on Context Information under Mobile Environment", PROCEEDINGS OF THE 27TH KOREA INFORMATION PROCESSING SOCIETY SPRING CONFERENCE, vol. 14, no. 1, May 2007 (2007-05-01), pages 1001 - 1004 *

Also Published As

Publication number Publication date
KR102376435B1 (ko) 2022-03-18

Similar Documents

Publication Publication Date Title
WO2023101399A1 (fr) Système de gestion de la sécurité d'une grande quantité de données
Chen et al. Generalized optical encryption framework based on Shearlets for medical image
CN113949531B (zh) 一种恶意加密流量检测方法及装置
CN113452688B (zh) 一种基于sm4与sm2算法的图像加密与解密方法及装置
WO2023101401A1 (fr) Système de gestion de logiciel de véhicule utilisant une liaison radio (ota)
WO2023101069A1 (fr) Système de traitement de sécurité pour grande quantité de données
Lai et al. Practical encrypted network traffic pattern matching for secure middleboxes
CN113408707A (zh) 一种基于深度学习的网络加密流量识别方法
WO2023101400A1 (fr) Dispositif de collecte d'informations de véhicule
CN112561770A (zh) 一种基于脆弱水印的对抗样本防御方法
CN114362988B (zh) 网络流量的识别方法及装置
Wang et al. TPE-ISE: approximate thumbnail preserving encryption based on multilevel DWT information self-embedding
Roselinkiruba et al. Performance evaluation of encryption algorithm using fruit fly optimization improved hybridized seeker and PVD algorithm
WO2024106789A1 (fr) Dispositif et procédé de détermination d'un paquet malveillant dans un trafic de chiffrement sur la base d'une intelligence artificielle
KR102328106B1 (ko) 이미지 암호화 저장 시스템 및 방법
Tong et al. BFSN: a novel method of encrypted traffic classification based on bidirectional flow sequence network
CN115865534B (zh) 一种基于恶意加密流量检测方法、系统、装置及介质
Jin et al. Video Sensor Security System in IoT Based on Edge Computing
WO2019066319A1 (fr) Procédé de provisionnement d'informations de clé et appareil utilisant le procédé
Lakshmi et al. Image encryption algorithms using machine learning and deep learning techniques—A Survey
kumar Singh et al. A robust color image encryption algorithm in dual domain using chaotic map
WO2024117297A1 (fr) Collecte de données de véhicule de masse et procédé de traitement de transmission sécurisé
Swain Advanced Digital Image Steganography Using LSB, PVD, and EMD: Emerging Research and Opportunities: Emerging Research and Opportunities
Wang et al. A novel image shift encryption algorithm based on the dynamic Joseph ring problem
Alhelal et al. Systematic Analysis on the Effectiveness of Covert Channel Data Transmission

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22901757

Country of ref document: EP

Kind code of ref document: A1