Journal of IKEEE (전기전자학회논문지)

Institute of Korean Electrical and Electronics Engineers (한국전기전자학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on IAM-Based Personal Data Protection Techniques in BaaS

BaaS에서 IAM을 이용한 개인정보 보호 기법에 관한 연구

  • Mi-Hui Kim (School. of Computer Engineering & Applied Mathematics, Computer System Institute, Hankyong National University) ;
  • Myung-Joe Kang (School. of Computer Engineering & Applied Mathematics, Computer System Institute, Hankyong National University)
  • Received : 2023.10.18
  • Accepted : 2023.12.26
  • Published : 2023.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the advancement of the internet, the use of personal information in online interactions has increased, underscoring the significance of data protection. Breaches of personal data due to unauthorized access can result in psychological and financial damage to individuals, and may even enable wide-ranging societal attacks aimed at those associated with the victims. In response to such threats, there is active research into security measures using blockchain to safeguard personal information. This study proposes a system that uses middleware and IAM (Identity and Access Management) services to protect personal information in a BaaS (Blockchain as a Service) environment where blockchain is provided via the Internet. The middleware operates on servers where IAM roles and policies are applied, authenticates users, and performs access control to allow only legitimate users to access blockchain data existing in the cloud. Additionally, to understand the impact of the proposed personal information protection method on the system, we measure the response time according to the time taken and the number of users under three assumed scenarios, and compare the proposed method and research related to personal information protection using blockchain in terms of security characteristics such as idea, type of blockchain, authentication, and confidentiality.

인터넷의 발전에 따라 개인정보를 활용한 온라인 상호작용이 활발해지며 개인정보를 보호하는 것이 중요해졌다. 허가되지 않은 접근으로부터 발생한 개인정보 침해는 개인에게 정신적, 재산적 피해를 불러올 수 있으며, 침해 피해자의 주변인을 대상으로 한 사회적 공격도 가능하다. 이러한 공격으로부터 개인정보를 보호하기 위해 블록체인을 활용한 보안 기법이 활발히 연구되고 있다. 본 논문에서는 블록체인을 인터넷으로 제공하는 BaaS(Blockchain as a Service) 환경에서 개인정보 보호를 위해 미들웨어와 IAM(Identity and Access Management) 서비스를 활용한 시스템을 제안했다. 미들웨어는 IAM 역할 및 정책이 적용된 서버에서 운영되며 사용자를 인증하고, 접근 권한을 파악하여 정상 사용자인 경우에만 클라우드에 존재하는 블록체인 데이터에 접근할 수 있도록 접근 제어를 수행한다. 또한, 제안한 개인정보 보호 기법이 시스템에 주는 영향을 파악하기 위해 세 가지 시나리오를 가정하여 소요 시간과 사용자 수별 응답 시간을 측정하고, 제안 기법과 블록체인을 활용한 개인정보 보호 관련 연구를 아이디어, 블록체인 유형, 인증, 기밀성 등과 같은 보안 특성 기준으로 비교한다.

Keywords

References

  1. B. S. R, A. Enes, L. Yang and L. Shujun, "A systematic literature review on the tension between the GDPR and public blockchain systems," Blockchain: Research and Applications, vol.4, no.2, 2023. DOI: 10.1016/j.bcra.2023.100129 
  2. J. H. Lee, J. W. Kim, C. S. Kim and J. H. Yang, "Research and Implementation of Mutual Trust System for Consent to User Personal Information Based on Blockchain," The Journal of Korean Institute of Communications and Information Sciences, vol.45, no.8 pp.1342-1354, 2020. DOI: 10.7840/kics.2020.45.8.1342 
  3. M. M. H. Onik, C. S. Kim, N. Y. Lee and J. H. Yang, "Privacy-aware blockchain for personal data sharing and tracking," Open Computer Science, vol.9, no.1, pp.80-91, Apr. 2019. DOI: 10.1515/comp-2019-0005 
  4. H. K. Bella and S. Vasundra, "A study of Security Threats and Attacks in Cloud Computing," 2022 4th International Conference on Smart Systems and Inventive Technology (ICSSIT), 2022, pp.658-666. DOI: 10.1109/ICSSIT53264.2022.9716317 
  5. M. J. Kang and M. H. Kim, "A study on non-fungible token platform for usability and privacy improvement," KIPS Transactions on Computer and Communication Systems, vol.11, no.11, pp.403-410, 2022. DOI: 10.3745/KTCCS.2022.11.11.403 
  6. Amazon aws-documentation, "AWS Identity and Access Management," https://docs.aws.amazon.com/ko_kr/IAM/latest/UserGuide/introduction.html/ 
  7. H. B. Kang, H. C. Jang and C. S. Jang, "A Study on the Application Method of Multi-User Encryption Keys for Personal Information Protection in Blockchain," Jounal of KIIT, vol.18, no.1, pp. 135-141, Jan.
  8. A. Srivastava, P. Bhattacharya, A. Singh, A. Mathur, O. Prakash and R. Pradhan, "A Distributed Credit Transfer Educational Framework based on Blockchain," 2018 Second International Conference on Advances in Computing, Control and Communication Technology (IAC3T), 2018, pp.54-59. DOI: 10.1109/IAC3T.2018.8674023 
  9. H. S. Jennath, S. Anoop and S. Asharaf, "Blockchain for Healthcare: Securing Patient Data and Enabling Trusted Artificial Intelligence", International Journal of Interactive Multimedia and Artificial Intelligence, In Press, Sep. 2020. DOI: 10.9781/ijimai.2020.07.002,