• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.266-269
• /
• 2017

최근, 기업 및 사용자들은 클라우드 서비스의 필요성에 대한 인식이 확산되고 있다. 반면에 클라우드 보안 기술에 대한 관심의 부재는 클라우드 서비스를 도입하는데 어려움으로 작용하고 있다. 클라우드 컴퓨팅 환경에서는 기존의 컴퓨터 네트워크 환경과 다르게 서버 가상화, 네트워크 가상화, 스토리지 가상화와 같은 부분들이 가상화되어 서비스 및 자원을 공유하여 활용한다. 따라서 가상화 기반 취약점이 발생할 수 있으며 기존 보안장비의 한계점으로 인한 새로운 보안위협이 발생하고 있다. 특히, 방대한 양의 데이터를 클라우드 컴퓨팅 중 하나인 클라우드 스토리지를 통해 저장을 하게 되고 이러한 데이터를 겨냥한 공격이 이루어질 경우, 데이터 손실 및 유출 등 심각한 위험이 발생할 수 있다. 본 논문에서는 클라우드 스토리지 환경에서 문제점들에 대한 대응을 위해 ISO/IEC에서 제시한 스토리지 보안위협과 ITU-T, ENISA, CSA에서 제시한 클라우드 컴퓨팅 보안위협을 이용하여 클라우드 스토리지 관련 보안위협 유형 분석을 수행하고 이에 대응하는 보안 아키텍처를 설계하며 이에 대한 안전성 분석을 수행한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.901-909
• /
• 2021

Since mobile devices have limited computational resources, it tends to use the cloud to compute or store data. As real-time becomes more important due to 5G, many studies have been conducted on edge clouds that computes at locations closer to users than central clouds. The farther the user's physical distance from the edge cloud connected to base station is, the slower the network transmits. So applications should be migrated and re-run to nearby edge cloud for smooth service use. We run applications in docker containers, which is independent of the host operating system and has a relatively light images size compared to the virtual machine. Existing migration studies have been experimented by using network simulators. It uses fixed values, so it is different from the results in the real-world environment. In addition, the method of migrating images through shared storage was used, which poses a risk of packet content exposure. In this paper, Containers are migrated with Secure CoPy(SCP) method, a data encryption transmission, by establishing an edge computing environment in a real-world environment. It compares migration time with Network File System, one of the shared storage methods, and analyzes network packets to verify safety.

• Korean Journal of Agricultural and Forest Meteorology
• /
• v.21 no.4
• /
• pp.347-357
• /
• 2019

The usefulness of processing and analysis systems of GIS-based agricultural climate data is affected by the reliability and availability of computing infrastructures such as cloud, on-premises, and hybrid. Cloud technology has grown in popularity. However, various reference cases accumulated over the years of operational experiences point out important features that make on-premises technology compatible with cloud technology. Both cloud and on-premises technologies have their advantages and disadvantages in terms of operational time and cost, reliability, and security depending on cases of applications. In this study, we have described characteristics of four general computing platforms including cloud, on-premises with hardware-level virtualization, on-premises with operating system-level virtualization and hybrid environments, and compared them in terms of advantages and disadvantages when a huge amount of GIS-based agricultural climate data were stored and processed to provide public services of agro-meteorological and climate information at high spatial and temporal resolutions. It was found that migrating high-resolution agricultural climate data to public cloud would not be reasonable due to high cost for storing a large amount data that may be of no use in the future. Therefore, we recommended hybrid systems that the on-premises and the cloud environments are combined for data storage and backup systems that incur a major cost, and data analysis, processing and presentation that need operational flexibility, respectively.

• Journal of Convergence Society for SMB
• /
• v.6 no.4
• /
• pp.31-36
• /
• 2016

User authentication is the first step to network security. There are lots of authentication types, and more than one authentication method works together for user's authentication in the network. Except for biometric authentication, most authentication methods can be copied, or someone else can adopt and abuse someone else's credential method. Thus, more than one authentication method must be used for user authentication. However, more credential makes system degrade and inefficient as they log on the system. Therefore, without tradeoff performance with efficiency, this research proposed user's behavior based authentication for secure communication, and it will improve to establish a secure and efficient communication.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5560-5579
• /
• 2019

Searchable symmetric encryption (SSE) scheme can perform search on encrypted data directly without revealing the plain data and keywords. At present, many constructive SSE schemes were proposed. However, they cannot really resist the malicious adversary, because it (i.e., the cloud server) may delete some important data. As a result, it is very likely that the returned search results are incorrect. In order to better guarantee the integrity of outsourcing data, and ensure the correction of returned search results at the same time, in this paper, we combine SSE with blockchain (BC), and propose a SSE-on-BC framework model. We then construct two concrete schemes based on the size of the data, which can better provide privacy protection and integrity verification for data. Lastly, we present their security and performance analyses, which show that they are secure and feasible.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.33-38
• /
• 2015

Cloud storage server do not detect duplication of conventionally encrypted data. To solve this problem, Convergent Encryption has been proposed. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.

• Journal of Digital Convergence
• /
• v.14 no.2
• /
• pp.175-181
• /
• 2016

Cloud storage servers do not detect duplication of conventionally encrypted data. To solve this problem, convergent encryption has been proposed. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.1-7
• /
• 2019

The objective of this study is to examine the trends in big data. Research abstracts were extracted from 4,019 articles, published between 1995 and 2018, on Web of Science and were analyzed using topic modeling and time series analysis. The 20 single-term topics that appeared most frequently were as follows: model, technology, algorithm, problem, performance, network, framework, analytics, management, process, value, user, knowledge, dataset, resource, service, cloud, storage, business, and health. The 20 multi-term topics were as follows: sense technology architecture (T10), decision system (T18), classification algorithm (T03), data analytics (T17), system performance (T09), data science (T06), distribution method (T20), service dataset (T19), network communication (T05), customer & business (T16), cloud computing (T02), health care (T14), smart city (T11), patient & disease (T04), privacy & security (T08), research design (T01), social media (T12), student & education (T13), energy consumption (T07), supply chain management (T15). The time series data indicated that the 40 single-term topics and multi-term topics were hot topics. This study provides suggestions for future research.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.3
• /
• pp.148-154
• /
• 2021

We propose the AI Smart Factory Model for integrated management of production processes in this paper .It is an integrated platform system for the production of food packaging containers, consisting of a platform system for the main producer, one or more production partner platform systems, and one or more raw material partner platform systems while each subsystem of the three systems consists of an integrated storage server platform that can be expanded infinitely with flexible systems that can extend client PCs and main servers according to size and integrated management of overall raw materials and production-related information. The hardware collects production site information in real time by using various equipment such as PLCs, on-site PCs, barcode printers, and wireless APs at the production site. MES and e-SCM data are stored in the cloud database server to ensure security and high availability of data, and accumulated as big data. It was built based on the project focused on dissemination and diffusion of the smart factory construction, advancement, and easy maintenance system promoted by the Ministry of SMEs and Startups to enhance the competitiveness of small and medium-sized enterprises (SMEs) manufacturing sites while we plan to propose this model in the paper to state funding projects for SMEs.

• Journal of Digital Convergence
• /
• v.12 no.10
• /
• pp.299-308
• /
• 2014

Today, a number of users using smartphone is very rapidly increasing by development of smartphone performance and providing various services. Also, they are using it for enjoying various services(cloud service, game, banking service, mobile office, etc.). today's mobile security solution is simply to detect malicious code or stay on the level of mobile device management. In particular, the services which use sensitive information, such as certificate, corporation document, personal credit card number, need the technology which are prevented from hacking and leaking it. Recently, interest of these mobile security problems are increasing, as the damage cases been occurred. To solve the problem, there is various security research such as mobile virtualization, ARM trustzone, GlobalPlatform for mobile device. Therefore, in this paper, I suggested efficient method that uses the mobile virtualization techniques of certification, security policy and access control, password/key management, safe storage, etc. and Trustzone of ARM for preventing information leakage and hacking.