Secure Data Utilization Team
To ensure security and privacy at each stage of data provision, collection, storage, analysis, and deployment, we conduct research and development on access control technologies such as anonymous authentication and searchable encryption, and privacy-preserving data evaluation technologies such as secure computation.
By using these technologies, we aim to promote the utilization of data, including cross-organizational collaboration, and contribute to solving social issues such as providing secure telework.
Overview of the research
- 01Balancing security and usability
- 02Meeting new social needs
- 03Research and development of the fundamentals of privacy-preserving technologies
Balancing security and usability
Searchable Encryption
End-to-end encryption (E2EE) is desirable for preventing information leakage of files/messages preserved on external storage. Typical encryption does not provide keyword search because a service provider does not obtain information on files/messages due to E2EE. We investigate E2EE storage and chat systems based on searchable encryption that provides keyword search functionality in encrypted files/messages. Our systems can reduce information leakage risks because keywords that are searched are not leaked to the service provider.
Pubic key encryption with equality test
When plaintexts are encrypted, the ciphertexts are different even if the same plaintext is encrypted. Thus, the same data might be multiply stored on a storage that squeezes the capacity of the storage. In our laboratory, we have developed a technique called public key encryption with equality test that allows the storage to check whether two ciphertexts are encryptions of the same data, without decrypting the ciphertexts. Only the user can decrypt a ciphertext, and the storage administrator is allowed to run the test procedure whether the same data has been stored or not.
Meeting new social needs
The Security Fundamentals Laboratory conducts research and development of access control and tamper-prevention technologies that guarantee the integrity and availability of data in order to meet the growing needs for security protection in business areas due to the evolution of technology and changes in the business environment.
Cryptographic technology to ensure safety of spacecrafts and protect valuable transmitted data
Research and development of secure wireless communication technology for small spacecrafts in the NewSpace era with IST* and Hosei University
Unlike conventional government-led space development, private sector-led space development, called NewSpace, is gaining momentum around the world.
In response to this trend, the Space Activities Act was enacted in Japan in November 2018, and the use of sufficiently strong encryption is now required** for wireless communication between spacecrafts and ground stations.
In our laboratory, we have conducted research and development of cryptographic technology to ensure the safety of space flight by preventing hijacking of spacecraft and to protect data transmitted from spacecraft such as flight status, and the one with academic and commercial value.
*IST:Interstellar Technologies Inc.
**"Guidelines for Type Approval of Launch Vehicles for Satellite Launches" issued by the Secretariat for Strategic Promotion of Space Development, Cabinet Office ( November 15, 2018)
Successful demonstration tests under space flight environment by installing the experimental communication system on actual sounding rockets
Our laboratory has been conducting demonstration tests using actual space rockets, and in 2021 we achieved the theoretically highest level of security in practical wireless communications for the first time in the world, using a cost-effective prototype transceiver made from consumer electronic devices.
As a countermeasure against accidental loss of communication, the system is designed so that the same encryption and authentication keys are always used at the same time on both the transmitting and receiving sides, even if communication delay fluctuates since the frequent change of keys is inevitable to guarantee the highest level of security.
Press releases
Application to Zero-Knowledge Proofs and Anonymous Authentication
What are Zero-Knowledge Proofs?
Zero-Knowledge Proofs are techniques that prove the knowledge of information without revealing itself. Application examples:
"knowing personal authentication information", and
"knowing the private key of one's cryptographic asset".
Zero-Knowledge Proofs are intended to be the low-risk technology for information leakage to the outside world and are intended to be the core technology for various applications.
We are researching the extension of the range of application of this technology and the construction method that enables a more compact proof size compared to the existing method.
Applications to anonymous authentication
We have also conducted research on zero-knowledge proofs and their applications to anonymous authentication. Zero-knowledge proofs allow a prover to prove the possession of data satisfying a statement (e.g., I am a member of a group) without revealing the data. By employing the proof system, a user can anonymously prove their membership of a group. Although such an anonymous authentication is attractive for providing a privacy-preserving authentication protocol, it is difficult to trace nonlegitimate users whose rights have expired. We study such a system providing anonymity and traceability/revocability simultaneously along with a privacy-preserving protocol on the blockchain and their application.
Application in anonymous authentication on apartment entrance
- The authentication process is needed to check whether a person is a resident, but identifying a resident might leak personal information such as when they come/leave home.
- Anonymous authentication allows us to check whether a person is resident w/o identification
- On the other hand, there are issues such as difficulty in confirming the revocation of the authority of former residents and difficulty in investigating the occurrence of fraud.
Research and development of the fundamentals of privacy-preserving technologies
Privacy-preserving federated learning system: DeepProtect
Anti-money Laundering Detection
The analysis of Big Data is expected to be an engine of growth in a variety of fields by the insights and innovation brought from it.
On the other hand, there are still challenges in analyzing cross-organizational data from the perspective of security and protection of personal information.
We propose a privacy-preserving federated learning system, DeepProtect, which employs a homomorphic encryption scheme in a symmetric key setting.
By collaborating with multiple organizations to perform deep learning, we expect to improve the accuracy of investigations and uncover previously unseen insights.
Applications of this technology include the analysis of data across multiple banks to combat money laundering, illegal money transfers, bank transfer scams, and other financial crimes.
There is also potential for use in other fields such as healthcare and marketing.
Privacy protection technology required in the healthcare sector
In the field of healthcare, a large amount of data is being generated every day due to the spread of vital data observation by wearable devices and the social development of electronic medical record system infrastructure.
However, there are various issues in collecting and analyzing healthcare data and returning the results to the individuals who provided them.
In order to protect privacy, we have studied techniques to guarantee the safety of anonymous processing prior to data analysis.
In addition, the right documents such as privacy policies that require consent when providing personal data are generally difficult to understand and are often skipped over, which can lead to unexpected data use and disadvantages for the users.
In order to make security and privacy measures at the time of personal data collection truly understandable and effectively accepted by individuals, we analyze privacy policies and compare their features, and conduct research that contributes to the improvement of usable security.
- Cybersecurity Research InstituteClick here for other organizations
- cybersecurity research institute top