• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.5654-5668
• /
• 2018

Driven by security and real-time demands of Internet of Things (IoT), the timing of fog computing and edge computing have gradually come into place. Gateways bear more nearby computing, storage, analysis and as an intelligent broker of the whole computing lifecycle in between local devices and the remote cloud. In fog computing, the edge broker requires X-aware capabilities that combines software programmability, stream processing, hardware optimization and various connectivity to deal with such as security, data abstraction, network latency, service classification and workload allocation strategy. The prosperous of Field Programmable Gate Array (FPGA) pushes the possibility of gateway capabilities further landed. In this paper, we propose a software-defined gateway (SDG) scheme for fog computing paradigm termed as Fog Computing Zero-Knowledge Gateway that strengthens data protection and resilience merits designed for industrial internet of things or highly privacy concerned hybrid cloud scenarios. It is a proxy for fog nodes and able to integrate with existing commodity gateways. The contribution is that it converts Privacy-Enhancing Technologies rules into provable statements without knowing original sensitive data and guarantees privacy rules applied to the sensitive data before being propagated while preventing potential leakage threats. Some logical functions can be offloaded to any programmable micro-controller embedded to achieve higher computing efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.491-500
• /
• 2013

With the advent of big data and increased costs of SSD(HDD), domestic and foreign Internet cafes and organizations have adopted NDS(No Disk System) solution recently. NDS is a storage virtualization solution based on a kind of cloud computing. It manages Operating System and applications in the central server, which were originally managed by individual computers. This research will illustrate the way to analyze user's behaviors under NDS circumstance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.75-82
• /
• 2015

Recently, many public auditing schemes have been proposed to support public auditability that enables a third party auditor to verify the integrity of data stored in the remote cloud server. To improve the performance of the auditor, several public auditing schemes support batch auditing which allows the auditor to handle simultaneously multiple auditing delegations from different users. However, when even one data is corrupted, the batch auditing will fail and individual and repeated auditing processes will be required. It is difficult to identify the corrupted data from the proof in which distinct data blocks and authenticators of distinct users are intricately aggregated. In this paper, we extend a public auditing scheme of Wang et al. to support batch auditing for multi-cloud and multi-user. We propose an identification scheme of the corrupted cloud when the data of a single cloud is corrupted in the batch auditing of multi-cloud and multi-user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.357-367
• /
• 2018

As information technology of modern society develops, various malicious codes with the purpose of seizing or destroying important system information are developing together. Among them, ransomware is a typical malicious code that prevents access to user's resources. Although researches on detecting ransomware performing encryption have been conducted a lot in recent years, no additional methods have been proposed to recover damaged files after an attack. Also, because the similarity comparison technique was used without considering the repeated encryption, it is highly likely to be recognized as a normal behavior. Therefore, this paper implements a filter driver to control the file system and performs a similarity comparison method that is verified based on the analysis of the encryption pattern of the ransomware. We propose a system to detect the malicious process of the accessed process and recover the damaged file based on the cloud storage.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.12
• /
• pp.4042-4061
• /
• 2022

Recently, various security threats such as data leakage and data forgery have been possible in the communication and storage of data shared in the cloud environment. This paper conducted a study on the CP-ABSC scheme to solve these security threats. In the existing CP-ABSC scheme, if the data is obtained by the unsigncryption of the data user incorrectly, the identity of the data owner who uploaded the ciphertext cannot be known. Also, when verifying the leaked secret key, the identity information of the data user who leaked the secret key cannot be known. In terms of efficiency, the number of attributes can affect the ciphertext. In addition, a large amount of computation is required for the user to unsigncrypt the ciphertext. In this paper, we propose ECP-ABSC that provides data user traceability, and use it in a cloud environment to provide an efficient and secure data sharing scheme. The proposed ECP-ABSC scheme can trace and verify the identity of the data owner who uploaded the ciphertext incorrectly and the data user who leaked the secret key for the first time. In addition, the ciphertext of a constant size is output and the efficiency of the user's unsigncryption computation were improved.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1303-1310
• /
• 2011

This paper proposes the design of 3-party negotiation protocol for the security of self_organized storage which consists of the owner node possessing data, the holder node holding the owner's data and the verification node verifying the data of the holder node on infra-cloud environment. The proposed security technique delegating the data verification of the holder node to the verification node increases the efficiency of the self-organized storage. In addition, the encrypt key and certification of the storage created by EC-DH algorithm enhances the security much more. Also, when the self-organized storage is composed, the security technique not only prevents external flooding attack by setting a certification key among three parties, but also prevents internal flooding attack by restricting the number of verification nodes. And The replay attack which can occur in the step of verification is automatically detected by using the created seed value whenever the verification is requested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.737-751
• /
• 2023

The importance of digital forensics in the cloud environment is increasing as businesses and individuals move their data from On-premise to the cloud. Cloud data can be stored on various devices, including mobile devices and desktops, and encompasses a variety of user behavior artifacts, such as information generated from linked accounts and cloud services. However, there are limitations in securing and analyzing digital evidence due to environmental constraints of the cloud, such as distributed storage of data and lack of artifact linkage. One solution to address this is archiving services, and Google's Takeout is prime example. In this paper, user behavior data is analyzed for cloud forensics based on archiving data and necessary items are selected from an investigation perspective. Additionally, we propose the process of analyzing selectively collected data based on time information and utilizing web-based visualization to meaningfully assess artifact associations and multi-behaviors. Through this, we aim to demonstrate the value of utilizing archiving data in response to the increasing significance of evidence collection for cloud data.

• Electronics and Telecommunications Trends
• /
• v.35 no.4
• /
• pp.135-148
• /
• 2020

Virtualisation in cloud computing is vital for maintaining maximum resource utilization and easy access to operation and storage management of components. Platform virtualisation technology has the potential to be easily implemented with the support of scalability and security, which are the most important components for cloud-based services. Virtual resources must be allocated to a centralized pool called the cloud, and it is considered as cloud computing only when the virtual resources are orchestrated through management and automation software. Therefore, research and development on the latest technology for such a virtualisation platform provides both academia and industry the scope to deploy the fastest and most reliable technology in limited hardware resource. In this research, we reviewed and compared the popular current technologies for network and service management and automation technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1600-1619
• /
• 2023

Organizations and other institutions have recently started using cloud service providers to store and share information in light of the Internet of Things (IoT). The major issues with this storage are preventing unauthorized access and data theft from outside parties. The Block chain based Security Sharing scheme with Data Access Control (BSSDAC) was implemented to improve access control and secure data transaction operations. The goal of this research is to strengthen Data Access Control (DAC) and security in IoT applications. To improve the security of personal data, cypher text-Policy Attribute-Based Encryption (CP-ABE) can be developed. The Aquila Optimization Algorithm (AOA) generates keys in the CP-ABE. DAC based on a block chain can be created to maintain the owner's security. The block chain based CP-ABE was developed to maintain secures data storage to sharing. With block chain technology, the data owner is enhancing data security and access management. Finally, a block chain-based solution can be used to secure data and restrict who has access to it. Performance of the suggested method is evaluated after it has been implemented in MATLAB. To compare the proposed method with current practices, Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) are both used.