Mathematics / Matematik

Permanent URI for this collectionhttps://hdl.handle.net/11147/8

Browse

Filters

2008 - 200952010 - 20192

Settings

Author: search.filters.author.Ustaoğlu, BerkantScopus Q: search.filters.scopusQuartile.N/A

Search Results

Now showing 1 - 7 of 7
  • Research Project
    Yürüme verisi ve konum mahremiyeti
    (2019) Ustaoğlu, Berkant
    Akıllı giysiler, giydirilebilir sensörler ve benzeri küçük cihazlar askeri, sağlık ve kişisel uygulamaların geliştirilmesinde çok değerli geri bildirimler sağlar. Bu bildirimler, toplanan bilgilerin basit kullanımlarının ötesinde, istenmeyen sonuçlarda çıkarılabilir. Temel konular insanlar olduğunda, bu tür çıkarımlar, bireylerin yasal gizliliğiyle beklenen ve korunanları kolayca ihlal edebilir. Bu tür veri analizi hakkında bir fikir edinmek için projemiz yürüyüş verileri ve yer gizliliği konusunda seçildi. Yürüme verileri genellikle koşma, yürüme, merdiven çıkma, düşme gibi aktivite tanımlama veya osteoartrit gibi tıbbi durumların izlenmesi ile ilgilidir. Buna rağmen; bireylerin günlük fiziksel aktivitelerini (adım sayısı vb.) izlemek için çeşitli mobil uygulama formunda çeşitli kişisel asistanlar var. Tartıştığımız bu veriler, küresel konumlandırma (GPS) verilerine başvurmadan bir bireyin konumunu belirlemek için kullanılabilir. Bu proje bu sorunu ele aldı. Gönüllü bireyler üzerinden pil ile beslenen IMU sensor ve kablosuz WiFi modüller kullanılarak 3-eksen ivme verileri toplandı. Bu amaçla tasarlanan elektronik devre kişinin her bir ayağı için dizüstü ve dizaltına bölgelerine yerleştirildi (toplam 4 adet). Kablosuz tasarım birden fazla bireyden veri toplamaya izin verdi. Veri toplama işlemi eğimli yolda yukarı çıkma, eğimli yolda aşağı inme, merdiven inme, merdiven çıkma ve düz yolda gerçekleştirildi. Toplanan veriler eğitim, validasyon ve test verisi olarak 3'e ayrıldı. Şu aşamada veriler kullanıcı konumunu belirlemek için graf algoritmalarının yanısıra çeşitli makine öğrenmesi algoritmaları ile sınıflandırma için kullanılmaktadır. Abstract Smart garments, wearable sensors and similar small devices provide invaluable feedback in development, be it military, health or personal satisfaction. Beyond the straightforward use of collected information one can infer unintended knowledge. When the underlying subjects are people such deductions can easily violate the expected and protected by law privacy of individuals. To get an insight of what seemingly unrelated information can be extracted our project selected gait data and location privacy. Gait data is usually associated with activity recognition, such as running, walking, climbing stairs, falling; or with monitoring certain medical conditions such as osteoarthritis. However, there are various personal assistants in the form of say mobile applications that keep track of daily physical activity of individuals (such as steps count). Such data we argue can be used to locate the position of an individual without resorting to global positioning (GPS) data. This project takes on that problem. Using battery powered wireless modules with soldered accelerometers we collected the sensor data in a central processing unit (also battery powered). The wireless modules were attached to human subjects four units per person one below the knee one above the knee on each leg. Data was gathered on different terrains: slope going up and down, stairs going up and down, and level surface. The wireless nature allowed as to collect gait data by more than on subject at a time usually two. During collection the data is recorded based on the terrain the data is gathered and is treated as learning, validation and test data. At the current stage we have moved on on developing various Machine Learning algorithms to classify data as well as graph algorithms to deduce user location.
  • Article
    Citation - WoS: 89
    Obtaining a Secure and Efficient Key Agreement Protocol From (h)mqv and Naxos (extended Version)
    (International Association for Cryptologic Research, 2009) Ustaoğlu, Berkant
    LaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition. They also described a protocol, called NAXOS, that enjoys a simple security proof in the new model. Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol. On the other hand MQV does not have a security proof, and the HMQV security proof is extremely complicated. This paper proposes a new authenticated key agreement protocol, called CMQV (`Combined' MQV), which incorporates design principles from MQV, HMQV and NAXOS. The new protocol achieves the efficiency of HMQV and admits a natural one-pass variant. Moreover, we present a simple and intuitive proof that CMQV is secure in the LaMacchia-Lauter-Mityagin model.
  • Article
    Efficient Key Exchange With Tight Security Reduction
    (International Association for Cryptologic Research, 2009) Wu, Jiang; Ustaoğlu, Berkant
    In this paper, we propose two authenticated key exchange (AKE) protocols, SMEN and SMEN−, which have efficient online computation and tight security proof in the extended Canetti-Krawczyk (eCK) model. SMEN takes 1.25 exponentiations in online computation, close to that (1.17 exponentiations) of the most efficient AKEs MQV and its variants HMQV and CMQV. SMEN has a security reduction as tight as that of NAXOS, which is the first AKE having a tight security reduction in the eCK model. As a comparison, MQV does not have a security proof; both HMQV and CMQV have a highly non-tight security reduction, and HMQV needs a non-standard assumption; NAXOS takes 2.17 exponentiations in online computation; NETS, a NAXOS variant, takes two online exponentiations in online computation. SMEN simultaneously achieves online efficiency and a tight security proof at a cost of 0.17 more exponentiations in offline computation and the restriction that one party is not allowed to establish a key with itself. SMEN− takes 1.29 exponentiations in online computation, but SMEN− does not use the static private key to compute the ephemeral public key (as does in SMEN, NAXOS, CMQV, and NETS), and hence reduces the risk of leaking the static private key.
  • Article
    Citation - WoS: 25
    Comparing Sessionstatereveal and Ephemeralkeyreveal for Diffie-Hellman Protocols (extended Version)
    (International Association for Cryptologic Research, 2009) Ustaoğlu, Berkant
    Both the ``eCK'' model, by LaMacchia, Lauter and Mityagin, and the ``CK01'' model, by Canetti and Krawczyk, address the effect of leaking session specific ephemeral data on the security of key establishment schemes. The CK01-adversary is given a \SessionStateReveal{} query to learn session specific private data defined by the protocol specification, whereas the eCK-adversary is equipped with an \RevealEphemeralKey{} query to access all ephemeral private input required to carry session computations. \SessionStateReveal{} \emph{cannot} be issued against the test session; by contrast \RevealEphemeralKey{} \emph{can} be used against the test session under certain conditions. On the other hand, it is not obvious how \RevealEphemeralKey{} compares to \SessionStateReveal{}. Thus it is natural to ask which model is more useful and practically relevant. While formally the models are not comparable, we show that recent analysis utilizing \SessionStateReveal{} and \RevealEphemeralKey{} have a similar approach to ephemeral data leakage. First we pinpoint the features that determine the approach. Then by examining common motives for ephemeral data leakage we conclude that the approach is meaningful, but does not take into account timing, which turns out to be critical for security. Lastly, for Diffie-Hellman protocols we argue that it is important to consider security when discrete logarithm values of the outgoing ephemeral public keys are leaked and offer a method to achieve security even if the values are exposed.
  • Article
    Utilizing Postponed Ephemeral and Pseudo-Static Keys in Tripartite and Identity-Based Key Agreement Protocols
    (International Association for Cryptologic Research, 2009) Fujioka, Atsushi; Suzuki, Koutarou; Ustaoğlu, Berkant
    We propose an new one-round implicitly authenticated three-party protocol that extends Joux's protocol as well as a two-party identity-based protocol. Our protocols have a single communication round that consists of ephemeral (one-time) public keys along with certificates in the tripartite protocol, and identities in the identity-based setting. As such our protocols are communication efficient and furthermore do not require enhanced message format.
  • Conference Object
    Citation - Scopus: 1
    Privacy-Preserving Targeted Advertising Scheme for Iptv Using the Cloud
    (SciTePress, 2012) Khayati, Leyli Javid; Savaş, Erkay; Ustaoğlu, Berkant; Örencik, Cengiz
    In this paper, we present a privacy-preserving scheme for targeted advertising via the Internet Protocol TV (IPTV). The scheme uses a communication model involving a collection of viewers/subscribers, a content provider (IPTV), an advertiser, and a cloud server. To provide high quality directed advertising service, the advertiser can utilize not only demographic information of subscribers, but also their watching habits. The latter includes watching history, preferences for IPTV content and watching rate, which are published on the cloud server periodically (e.g. weekly) along with anonymized demographics. Since the published data may leak sensitive information about subscribers, it is safeguarded using cryptographic techniques in addition to the anonymization of demographics. The techniques used by the advertiser, which can be manifested in its queries to the cloud, are considered (trade) secrets and therefore are protected as well. The cloud is oblivious to the published data, the queries of the advertiser as well as its own responses to these queries. Only a legitimate advertiser, endorsed with a so-called trapdoor by the IPTV, can query the cloud and utilize the query results. The performance of the proposed scheme is evaluated with experiments, which show that the scheme is suitable for practical usage.
  • Conference Object
    Security Arguments for the Um Key Agreement Protocol in the Nist Sp 800-56a Standard
    (Association for Computing Machinery (ACM), 2008) Menezes, Alfred; Ustaoğlu, Berkant
    The Unified Model (UM) key agreement protocol is an efficient Diffie-Hellman scheme that has been included in many cryptographic standards, most recently in the NIST SP 800-56A standard. The UM protocol is believed to possess all important security attributes including key authentication and secrecy, resistance to unknown key-share attacks, forward secrecy, resistance to known-session key attacks, and resistance to leakage of ephemeral private keys, but is known to succumb to key-compromise impersonation attacks. In this paper we present a strengthening of the Canetti-Krawczyk security definition for key agreement that captures resistance to all important attacks that have been identified in the literature with the exception of key-compromise impersonation attacks. We then present a reductionist security proof that the UM protocol satisfies this new definition in the random oracle model under the Gap Diffie-Hellman assumption. Copyright 2008 ACM.