ETRI develops next-generation security technology to enhance data sovereignty

Korean researchers have succeeded in developing key technologies to strengthen personal data sovereignty, and research on security technologies for the era of quantum computer commercialization is in full swing. This is expected to open a new chapter in the information security and data industry.

Electronics and Telecommunications Research Institute (ETRI) announced that it has developed a ‘personal data trust distribution platform (Trust Data Connectome Technology)’ to ensure personal data sovereignty, breaking away from the existing data industry environment centered on big tech companies.

While data has been managed by companies so far, a foundation has now been established for individuals to manage their own data securely and efficiently.

The research team has dramatically improved the efficiency and security of neural network-based cryptography. It developed a technology that allows data encryption keys to be exchanged without the need for a trusted authority.

The technology can complete cryptographic key exchanges in less than 320 milliseconds (ms), demonstrating its practical utility. In addition, the research team developed a “trust data validation model” using zero-knowledge proofs to validate without data leakage when transacting data between individuals. (Ref. 1)

This model allows you to choose the level of validation based on the importance of your data. It is now possible to ensure the authenticity of data transactions without the need for a trusted authority. This allows you to apply levels of validation based on the sensitivity and scope of use of the data when trading personally generated data, such as healthcare data and driving data, to make data transactions more secure while still being efficient.

ETRI researchers improved the vulnerabilities of blockchain networks to enhance the security of decentralized structures to strengthen personal data sovereignty, confirmed the possibility of partitioning attacks on the Ethereum network, and completed network patches in cooperation with Ethereum developers.

The research was presented and recognized at the Network and Distributed Systems Security Symposium (NDSS), the premier international conference on security. They have also developed a network security protocol (TTP-Free TLS) technology that is suitable for decentralized structures, implementing permission delegation and revocation features not provided by traditional TLS protocols.

The technology has been recognized by the international conference ACSAC with the Artifact Functional/Reusable Badge Award.

ETRI’s Cybersecurity Research Center has achieved excellent academic results with 32 SCIE papers published through this assignment. In addition, the center verified the practicality of the technology in collaboration with the Korea Minting and Security Printing Corporation. Based on these achievements, the research team is now pursuing research in earnest to prepare for the era of quantum computing as the commercialization of quantum computers becomes a reality.

Unlike existing post-quantum cryptography (PQC) and quantum key distribution (QKD) technologies, which either perceive quantum computers as a threat or only utilize some quantum properties, the research team sets out to develop a new cryptosystem that actively exploits quantum properties. (Ref. 2)

This technology aims to revolutionize information security by leveraging the non-replicability and superposition properties of quantum computers. It is expected to become an essential basic technology for the safe utilization of quantum computers.

Kim Jeong Nyeo, the assistant vice president at ETRI’s Cyber Security Research Division, said, “Beyond the digital computing era, we will develop safe information security technology in the quantum computing era to lead personal data protection and quantum security innovation. In addition, we will provide a core foundation for the development of the future data industry by contributing to the establishment of a sustainable data ecosystem.”

1) Personal data trust distribution platform (Trust Data Connectome Technology): Data transaction/utilization trust infrastructure that provides data sovereignty and secure exchanges for data generated by people, objects (space, biological, information, business), etc., through organic interaction in a hyper-connected intelligent society, enabling data transaction/utilization without the intervention of trusted third-parties (companies, etc.)

2) Cryptographic key exchange: The process by which two parties agree on a symmetric key (or session key) or exchange public keys in order to communicate securely

3) Zero-knowledge proof: A technique for proving that a statement (or proposition) is true without revealing specific information; used in security technology to prove that a cryptographic problem can be solved but not reveal the specific solution

4) Possible partitioning attacks on the Ethereum network: An attack technique that artificially divides the Ethereum network into multiple fragmented groups to limit or delay communication, causing transactions or block production in one group to not propagate to other groups in a timely manner, leading to network fragmentation and disruption

5) Network and distributed systems security symposium (NDSS): An acronym for Network and Distributed System Security; one of the world’s leading conferences in the field of network and distributed system security, organized by the Privacy and Security Research Group of the Internet Research Task Force (IRTF) and first held in San Diego, California in 1993 Since then, the Internet Society has held the conference.

6-1) Network security protocol (TTP-Free TLS): An acronym for Trusted Third-Party-Free TLS; a form of TLS that minimizes the reliance on a separate certificate authority (CA) or trusted third party (TTP) for password signing or certificate verification in TLS

6-2) Network security protocol (TLS): A protocol that provides an encrypted channel for internet-based communications, such as web browser or server, and is essential to many services, including HTTPS

7) Conference ACSAC: An acronym for the Annual Computer Security Applications Conference, an international conference for sharing the latest research results and practices in computer and network security, which began in 1985 and is in its 40th year, making it the second oldest conference in the security field after the IEEE Symposium on Security and Privacy

8) Post-quantum cryptography (PQC): As the advent of quantum computers raises the risk that classical cryptographic algorithms such as RSA and ECC will be quickly cracked, this is a cryptographic technique designed based on problems that cannot be efficiently solved even by quantum computers

9) Quantum key distribution (QKD): A technology that distributes encryption keys using the attributes of quantum mechanics, the great advantage of which is that wiretapping is impossible (wiretapping is detected in real time)

###

This achievement was made possible through ETRI’s basic project “Creating Innovative Growth Drivers by Developing Convergence Technologies for National Intelligence.”

About Electronics and Telecommunications Research Institute (ETRI)

ETRI is a non-profit government-funded research institute. Since its foundation in 1976, ETRI, a global ICT research institute, has been making its immense effort to provide Korea a remarkable growth in the field of ICT industry. ETRI delivers Korea as one of the top ICT nations in the World, by unceasingly developing world’s first and best technologies.