• Journal of KIISE
• /
• v.43 no.8
• /
• pp.933-945
• /
• 2016

Sharing data by multiple users on the public storage, e.g., the cloud, is considered to be efficient because the cloud provides on-demand computing service at anytime and anywhere. Secure data sharing is achieved by fine-grained access control. Existing symmetric and public key encryption schemes are not suitable for secure data sharing because they support 1-to-1 relationship between a ciphertext and a secret key. Attribute based encryption supports fine-grained access control, however it incurs linearly increasing ciphertexts as the number of attributes increases. Additionally, the decryption process has high computational cost so that it is not applicable in case of resource-constrained environments. In this study, we propose an efficient attribute-based secure data sharing scheme with outsourceable decryption. The proposed scheme guarantees constant-size ciphertexts irrespective of the number of attributes. In case of static attributes, the computation cost to the user is reduced by delegating approximately 95.3% of decryption operations to the more powerful storage systems, whereas 72.3% of decryption operations are outsourced in terms of dynamic attributes.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.119-127
• /
• 2019

This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.

• Journal of Internet Computing and Services
• /
• v.20 no.4
• /
• pp.1-11
• /
• 2019

A Blockchain-based access control technology is one of the various use cases of blockchain and is used in many areas to transparently transfer and manage ownership of data between users without the trusted third party. The characteristics of transparency, Irreversibility, and decentralization provided by the public blockchain help to offer new benefits that existing access control technologies did not offer. However, various security issues facing the current blockchain are raising the issue of the safety of the technology. Therefore, in this paper, we analyze an overview of the blockchain-based access control technology and solutions of the security challenges faced. Moreover, we further present solutions that are not affected by the blockchain trilemma and models of access control technology based on them.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.290-292
• /
• 2019

Since the advent of blockchain and bitcoin, decentralization has been accelerating around the world as a public blockchain ethereum with smartcontract has begun. Developers can use Ethereum's blockchain development platform to develop "distributed applications" (DApp) running on a decentralized P2P network, and various types of devices from IoT to mobile can participate in a block-chain distributed environment have. Using Ethereum's blockchain development platform, developers can develop "Decentralized Application (DApp)" that run on a decentralized P2P network and various types of devices from IOT to mobile can participate in distributed blockchain environments. There are many ways to interact with the blockchain and the smart contract, but users tend to prefer the mobile methods due to their convenience and accessibility advantages. Therefore, the author developed an Android based voting DApp and researched related issues. Since the current development methods of DApp are not adequately researched and standardized, efficient methods for developing user-friendly DApp were studied. Because DApp has to spend a certain amount of fees to interact with blockchain, it has intensively investigated the gas problem of Smart Contract code and the security problem of code, and author would like to introduce it in this paper.

• Journal of Convergence for Information Technology
• /
• v.11 no.4
• /
• pp.46-54
• /
• 2021

As the realization of the 4th industrial revolution is approaching, the paradigm of the corporate work environment is changing to digital, from the traditional work environment. In particular, technologies like RPA(robotic process automation) and chatbot reduce the need for human labor or task by automating simple repetitive tasks, enabling humans to focus on more valuable tasks. In this study, corporates operating expense management services in public cloud computing environments develop a cloud module that simplifies expense report management by grafting robotic process automation and chatbot technology. According to the result of the expert evaluation, the developed system marked 80.3% of satisfaction levels and the highest satisfaction level 94% was confirmed in terms of easy of use. Based on the research result, future research can be suggested to expand the works occurring inside and outside the company to a single RPA environment by additionally linking the work system related to expense management.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.2
• /
• pp.271-277
• /
• 2022

PBFT (Practical Byzantine Fault Tolerant) is a consensus algorithm that can achieve consensus by resolving unintentional and intentional faults in a distributed network environment and can guarantee high performance and absolute finality. However, as the size of the network increases, the network load also increases due to message broadcasting that repeatedly occurs during the consensus process. Due to the characteristics of the PBFT algorithm, it is suitable for small/private blockchain, but there is a limit to its application to large/public blockchain. Because PBFT affects the performance of blockchain networks, the industry should test whether PBFT is suitable for products and services, and academia needs a unified evaluation metric and technology for PBFT performance improvement research. In this paper, quantitative evaluation metrics and evaluation frameworks that can evaluate PBFT family consensus algorithms are studied. In addition, the throughput, latency, and fault tolerance of PBFT are evaluated using the proposed PBFT evaluation framework.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.4
• /
• pp.135-142
• /
• 2023

Recently, many companies are using public cloud services or building their own data center because digital transformation is expanding. The software-defined storage is a key solution for storing data on the cloud platform and its use is expanding worldwide. Software-defined storage has the advantage of being able to virtualize and use all storage resources as a single storage device and supporting flexible scale-out. On the other hand, since the size of an object is variable, an imbalance occurs in the use of the disk and may cause a failure. In this study, a method of redistributing objects by optimizing disk weights based on storage state information was proposed to solve the imbalance problem of disk use, and the experimental results were presented. As a result of the experiment, it was confirmed that the maximum utilization rate of the disk decreased by 10% from 89% to 79%. Failures can be prevented, and more data can be stored by optimizing the use of disk.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.5
• /
• pp.80-92
• /
• 2017

The popularity of cloud computing has led to the emergence of various types of cloud services, and the hybrid cloud, a deployment model that integrates public cloud and private cloud and offset their shortcomings, is in the spotlight recently. However, the complexity of different clouds integration and the lack of related integration solutions have delayed the adoption of hybrid cloud and cloud strategy by companies and organizations. Therefore, in this paper, we propose a cloud integration mechanism to solve the integration complexity problem. The cloud integration mechanism proposed in this paper consists of integration script that solves the cloud integration by the script based on the hybrid cloud function, a process of creating and executing it, and a script creation model applying the software design pattern. By integrating the various cloud services, we can quickly generate scripts that meet the user's needs. It is expected that the introduction of hybrid cloud and the acquisition of cloud strategy can be accelerated through this proposed integration mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.487-498
• /
• 2023

Security incidents using vulnerabilities in cloud services occur, but it is difficult to collect and analyze traces of incidents in cloud environments with complex and diverse service models. As a result, the importance of cloud forensics research has emerged, and infringement response scenarios must be designed from the perspective of cloud service users (CSUs) and cloud service providers (CSPs) based on representative security threat cases in the public cloud service model. This simulated hacking-based proactive cloud infringement response framework can be used to respond to the cloud service critical resource attack process from the viewpoint of vulnerability detection before cyberattacks occur on the cloud, and can also be expected for data acquisition. Therefore, in this paper, we propose a framework for preventive cloud infringement based on simulated hacking by analyzing and utilizing Cloudfox, a cloud penetration test tool.

• The Journal of the Korea Contents Association
• /
• v.17 no.2
• /
• pp.415-428
• /
• 2017

This article is a socio-cultural research on the fitness members by employing an original synthesis of the work of Elias and Bourdieu. The purpose of this research is to provide a multidimensional and in-depth analysis of fitness members, by researching the relationship between body groups with differing economic and cultural capital (e.g. Gangnam and Gangbuk, private and public center). Through interviews and participant observation, the established and outsider relations of fitness members in both Gangnam and Gangbuk are examined (Gangnam 12: Gangbuk 12). Participants in social space differentiated by fitness capital and socio-economic positions gather in certain spaces that identify them as members of the same class location: the established body in Gangnam (Gangnam E), the outsider body in Gangnam (Gangnam O), the established body in Gangbuk (Gangbuk E), and the outsider body in Gangbuk (Gangbuk O). The E-O figuration of the body in fitness clubs shows differences in their body tastes and habitus (selecting a fitness centre, body ostentation, social assessment, making muscles, participation in other sports) and civilizing process (fitness manners and etiquette). The fitness centers in Gangnam and Gangbuk were not simply spaces for exercise but symbolic spaces that both recreate and perpetuate socio-cultural hierarchies between members.