DOI QR코드

DOI QR Code

하이브리드 블록체인을 이용한 데이터베이스 보안

Security of Database Based On Hybrid Blockchain

  • 배근우 (백석대학교 정보통신학부) ;
  • 이근호 (백석대학교 정보통신학부)
  • 투고 : 2020.01.21
  • 심사 : 2020.02.21
  • 발행 : 2020.03.31

초록

최근에 블록체인 기술에 대한 관심이 높아지고 있다. 본 연구에서는 하이브리드 블록체인을 이용하여 데이터를 안전하게 보관하는 솔루션을 제시하였다. 세계적으로 데이터를 이용한 산업이 점차 늘어나고 있으며 이를 대상으로 삼아 공격하는 일이 빈번히 발생하고 있다. 2017년도 OWASP는 웹 애플리케이션 보안 취약점 1위를 SQL 인젝션 공격으로 선정하였다. 그에 비해 데이터 산업에서 보안이 차지하고 있는 비중은 제일 적다. 데이터를 안전하게 보관하고 공격을 막기 위해 단순히 데이터베이스에 데이터를 저장하는 방식이 아닌 블록체인과 데이터베이스를 결합한 데이터 저장방식을 소개하였다.

Recently, interest in blockchain technology has increased. The data industry is increasingly growing around the world. In addition, databases which obtain important information such as personal data are targeted by hackers. Data exposed by attackers happen frequently. In 2017, OWASP announced SQL injection is a top 1 threat to web applications. However, the proportion of data security is the smallest in the data industry. To prevent data exposure, this paper proposes a method that can protect databases by using hybrid blockchain.

키워드

참고문헌

  1. Korea Data Agency(Kdata), "Data Industry White Paper", 2019.
  2. H.K.Park, Y.S.Kang, C.Y.Park, J.Cho, S.W.Shin, Y.G.Kim, S.Y.Park, M.W.Lee, C.A.Jung, K.Y.Cho, H.D.Choi, "OWASP Top-10 -2017", 2017.
  3. I.Y.Lee, J.I.Cho, K.H.Cho and J.S.Moon, "A Method for SQL Injection Attack Detection using the Removal of SQL Query Attribute Values", Journal of the Korea Institute of Information Security & Cryptology Vol.18, No.5, pp.135-147, 2008.
  4. Ministry of the Interior and Safety, "JAVA Secure Coding Guide", 2012.
  5. S.H.Choi, "HDefence method SQL injection attack using by hacking tools", 2011.
  6. KISA, "Building Web Server and Security Guide Line", 2010.
  7. J.W.Oh and K.G.Doh, "Implementation and Experiment of An Automated Penetration Testing Tool for SQL/NoSQL Injection Vulnerabilities", The Korean Institute of Information Scientists and Engineers, pp.727-729, 2014.
  8. B.K.Kim, "Open Source Software Security Issues and Applying a Secure Coding Scheme", KIISE Transactions on Computing Practices Vol.23, No.8, pp.487-491, 2017. https://doi.org/10.5626/KTCP.2017.23.8.487
  9. Ministry of the Interior and Safety, "C Secure Coding Guide", 2012.
  10. D.Y.Lee, J.W.Park, J.H.Lee, S.R.Lee and S.Y.Park, "Core Technologies of Blockchain and Trends at Home/Abroad", Communications of the Korean Institute of Information Scientists and Engineers Vol.35, No.6, pp22-28, 2017.
  11. S.Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System", 2008.
  12. T.H.Kim, "Blockchain Concept and Activities by Sector", Journal of Electrical World Monthly Magazine Vol.487, pp.58-65, 2017.
  13. J.H.Hong, K.H.Lee and S.H.Yun, "A Scheme for ECU Application Technique using Blockchain", The Korea Internet of Things Society Comprehensive Conference 2019, Vol.4, No.1, pp.34-35, 2019.
  14. K.H.Kim, "Understanding of Blockchain Technology and applied status", Industrial Engineering Magazine Vol.25, No.1, pp13-19, 2018.
  15. W.S.Shin and K.H.Kim, "Hybrid Blockchain System for Public Institutions", Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.630-631, 2019.
  16. K.W.Bae, K.H.Lee and D.H.Kim, "A Scheme for IoT Authentication Using BlockchainForgery/Tamper Protection", The Korea Internet of Things Society Comprehensive Conference 2019, Vol.4, No.1, pp.46-48, 2019.
  17. B.Sana and H.S.Lim, "Hybrid Blockchain: An Approach for Combining Public and Private Blockchain", Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.956-958, 2018.