정보처리학회논문지:소프트웨어 및 데이터공학 (KIPS Transactions on Software and Data Engineering)

  • 제9권11호
  • /
  • Pages.351-356
  • /
  • 2020
  • /
  • 2287-5905(pISSN)
  • /
  • 2734-0503(eISSN)
한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

차세대학습관리를 위한 블록체인 기반의 접근제어 감사시스템

Blockchain-Based Access Control Audit System for Next Generation Learning Management

  • 천지영 (이화여자대학교 컴퓨터공학전공) ;
  • 노건태 (서울사이버대학교 빅데이터.정보보호학과)
  • 투고 : 2020.10.14
  • 심사 : 2020.10.28
  • 발행 : 2020.11.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

COVID-19 감염증의 확산으로 언택트 교육을 위한 차세대학습관리시스템의 필요성이 빠르게 증가하고 있으며, 교육부는 4세대 나이스 구축을 통해 미래 교육을 계획하고 있다. 4세대 나이스 시스템이 잘 활용되었을 경우, 맞춤형 교육 서비스 제공, 교육데이터 이용 활성화 등의 장점이 존재하나, 사용자의 권한이 다양하여 엄격한 권한부여가 힘든 접근제어 환경에서 불법적인 접근 문제를 해결할 수 있는 방안이 필요하다. 본 논문에서 우리는 차세대학습관리를 위한 블록체인 기반의 접근제어 감사시스템을 제안한다. 제안하는 시스템을 통해 민감한 개인정보는 암호화하여 저장하고, 추후 감사자가 감사를 수행할 때 복호화에 필요한 비밀키를 발급함으로써 원활한 감사가 이루어지도록 한다. 또한, 저장된 로그정보의 위·변조 및 삭제 등을 방지하기 위해 로그 정보를 블록체인에 저장하여 안정성을 확보하였다. 이를 위해 계층적 ID 기반 암호와 프라이빗 블록체인을 사용하여 교육부와 같은 상위 기관에서 각 기관의 접근권한을 총괄적으로 관리할 수 있도록 구성한다.

With the spread of COVID-19 infections, the need for next-generation learning management system for undact education is rapidly increasing, and the Ministry of Education is planning future education through the establishment of fourth-generation NEIS. If the fourth-generation NEIS System is well utilized, there are advantages such as providing personalized education services and activating the use of educational data, but a solution to the illegal access problem in an access control environment where strict authorization is difficult due to various user rights. In this paper, we propose a blockchain-based access control audit system for next-generation learning management. Sensitive personal information is encrypted and stored using the proposed system, and when the auditor performs an audit later, a secret key for decryption is issued to ensure auditing. In addition, in order to prevent modification and deletion of stored log information, log information was stored in the blockchain to ensure stability. In this paper, a hierarchical ID-based encryption and a private blockchain are used so that higher-level institutions such as the Ministry of Education can hierarchically manage the access rights of each institution.

키워드

참고문헌

  1. "2020 Education Information Service Implementation Plan," Ministry of Education, Education Safety Information Office, 2020.
  2. "2018 NEIS School Manager Training Textbook," Ministry of Education, KERIS(Korea Education & Research Information Service), 2018.
  3. M. H. Yu, "Ministry of Education Strengthens Security System for Fourth Generation 'NEIS System' of Education Administration Information System," 2019.
  4. "Leaked Test Papers, Manipulated Life Records... "How do you Believe in High School?," The Korea Economic Daily, 2018.
  5. "Personal Information Specification for Security Assurance Measures," Ministry of the Interior and Safety, KISA(Korea Information Security Agency), 2009.
  6. S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," 2008.
  7. A. Shamir, "Identity-based Cryptosystems and Signature Schemes," Advances in Cryptology - CRYPTO 1984, LNCS 196, pp.47-53, 1985.
  8. D. Boneh and M. Franklin, "Identity-based Encryption from the Weil Pairing," Advances in Cryptology - CRYPTO 2001, LNCS 2139, pp.213-229, 2001.
  9. J. Horwitz and B. Lynn, "Toward Hierarchical Identity-based Encryption," Advances in Cryptology - EUROCRYPT 2002, LNCS 2332, pp.466-481, 2002.
  10. C. Gentry and A. Silverberg, "Hierarchical Id-based Cryptography," Advances in Cryptology - ASIACRYPT 2002. LNCS 2501, pp.548-566, 2002.
  11. G. Yu, X. Zha, X. Wang, W. Ni, K. Yu, P. Yu, J. A. Zhang, R. P. Liu, and Y. J. Guo, "Enabling Attribute Revocation for Fine-Grained Access Control in Blockchain-IoT Systems," IEEE Transactions on Engineering Management, pp.1-18, 2020.
  12. G. Ateniese, B. Magri, D. Venturi, and E. R. Andrade, "Redactable Blockchain - or - Rewriting History in Bitcoin and Friends," in Proceedings of 2017 IEEE European Symposium on Security and Privacy, pp.111-126, 2017.
  13. H. Kim and N. Park, "Design and Implementation of Blockchain for Securing Data of National Education Information System School Life Records," Journal of the Korea Convergence Society, Vol.11, No.3, pp.27-35, 2020. https://doi.org/10.15207/JKCS.2020.11.3.027
  14. "Education Information System Authorization Handbook (NEIS, K-Edufine)," Gyeongsangbuk-do Office of Education Information Center, 2020.