• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.637-645
• /
• 2022

Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.11
• /
• pp.263-270
• /
• 2019

Vehicular cloud computing is a new emerging technology that can provide drivers with cloud services to enable various vehicular applications. A vehicular cloud is defined as a set of vehicles that share their own resources. Vehicles should collaborate with each other to construct vehicular clouds through vehicle-to-vehicle communications. Since collaborating vehicles to construct the vehicular cloud have different speeds, directions and locations respectively, the vehicular cloud is constructed in multi-hop communication range. Due to intermittent wireless connectivity and low density of vehicles with the limited resources, the construction of vehicular cloud with multi-hop communications has become challenging in vehicular environments in terms of the service success ratio, the service delay, and the transmitted packet number. Thus, we propose a multi-hop vehicular cloud construction protocol that increases the service success ratio and decreases the service delay and the transmitted packet number. The proposed protocol uses a connection time-based intermediate vehicle selection scheme to reduce the cloud failure probability of multi-hop vehicular cloud. Simulation results conducted in various environments verify that the proposed protocol achieves better performance than the existing protocol.

• ETRI Journal
• /
• v.37 no.2
• /
• pp.348-358
• /
• 2015

Mobile devices have been widespread and become very popular with connectivity to the Internet, and a lot of desktop PC applications are now aggressively ported to them. Unfortunately, mobile devices are often vulnerable to malicious attacks due to their common usage and connectivity to the Internet. Therefore, the demands on the development of mobile security systems increase in accordance with advances in mobile computing. However, it is very hard to run a security program on a mobile device all of the time due the device's limited computational power and battery life. To overcome these problems, we propose a novel mobile security scheme that migrates heavy computations on mobile devices to cloud servers. An efficient data transmission scheme for reducing data traffic between devices and servers over networks is introduced. We have evaluated the proposed scheme with a mobile device in a cloud environment, whereby it achieved a maximum speedup of 13.4 compared to a traditional algorithm.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1343-1356
• /
• 2013

Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.65-74
• /
• 2021

Digital image processing and retrieving have increasingly become very popular on the Internet and getting more attention from various multimedia fields. That results in additional privacy requirements placed on efficient image matching techniques in various applications. Hence, several searching methods have been developed when confidential images are used in image matching between pairs of security agencies, most of these search methods either limited by its cost or precision. This study proposes a secure and efficient method that preserves image privacy and confidentially between two communicating parties. To retrieve an image, feature vector is extracted from the given query image, and then the similarities with the stored database images features vector are calculated to retrieve the matched images based on an indexing scheme and matching strategy. We used a secure content-based image retrieval features detector algorithm called Speeded-Up Robust Features (SURF) algorithm over public cloud to extract the features and the Honey Encryption algorithm. The purpose of using the encrypted images database is to provide an accurate searching through encrypted documents without needing decryption. Progress in this area helps protect the privacy of sensitive data stored on the cloud. The experimental results (conducted on a well-known image-set) show that the performance of the proposed methodology achieved a noticeable enhancement level in terms of precision, recall, F-Measure, and execution time.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.11
• /
• pp.275-280
• /
• 2018

The choice of a suitable distributed file system is required for loading large data and high-speed processing through subsequent applications in a cloud environment. In this paper, we propose a write performance improvement method based on GlusterFS and evaluate the performance of MapRFS, CephFS and GlusterFS among existing distributed file systems in cloud environment. The write performance improvement method proposed in this paper enhances the response time by changing the synchronization level used by the synchronous replication method from disk to memory. Experimental results show that the distributed file system to which the proposed method is applied is superior to other distributed file systems in the case of sequential write, random write and random read.

• Annual Conference of KIPS
• /
• 2020.11a
• /
• pp.80-82
• /
• 2020

전통적으로 기초 과학 분야의 대규모 워크로드 작업들은 슈퍼컴퓨터와 같은 대용량 클러스터 시스템을 이용하여 수행해왔다. 그러나 최근 빅데이터 및 머신 러닝과 같은 새로운 분야에서의 컴퓨팅 자원 요구가 증가하고 기존 사용자의 요구 사항도 다양해짐에 따라 기존의 클러스터 시스템 운영 환경에서는 많은 어려움이 나타나고 있다. 이러한 문제를 해결하기 위해 한국과학기술정보연구원(KISTI)에서는 지난 3 월부터 KI (KISTI Intelligent) Cloud 서비스를 개발하여 서비스를 제공하고 있다. KI Cloud 서비스는 다음과 같은 특징이 있다. 첫째, Jupyter 과 RStudio 와 같은 대화형 개발 환경을 웹을 통해 제공함으로써 사용자는 언제, 어디서나 손쉽게 서비스를 활용할 수 있다. 둘째, 컨테이너 기술을 활용하여 사용자가 요구하는 개발 및 실행 환경을 실시간으로 구성하여 제공한다. 셋째, 사용자의 서비스 환경을 동적으로 구성하여 제공함으로써 컴퓨팅 자원의 효율성을 높일 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.10
• /
• pp.2822-2843
• /
• 2023

All aspects of human life have become increasingly dependent on data in the last few decades. The development of several applications causes an enormous issue on data volume in current years. This information must be safeguarded and kept in safe locations. Massive volumes of data have been safely stored with cloud computing. This technology is developing rapidly because of its immense potentials. As a result, protecting data and the procedures to be handled from attackers has become a top priority in order to maintain its integrity, confidentiality, protection, and privacy. Therefore, it is important to implement the appropriate security measures in order to prevent security breaches and vulnerabilities. An improved version of Modular Encryption Standard (IMES) based on layered modelling of safety mechanisms is the major focus of this paper's research work. Key generation in IMES is done using a logistic map, which estimates the values of the input data. The performance analysis demonstrates that proposed work performs better than commonly used algorithms against cloud security in terms of higher performance and additional qualitative security features. The results prove that the proposed IMES has 0.015s of processing time, where existing models have 0.017s to 0.022s of processing time for a file size of 256KB.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.232-235
• /
• 2015

In recent years, mobile devices are equipped with functionalities comparable to those computers. However, mobile devices have limited resources due to constraints, such as low processing power, limited memory, unpredictable connectivity, and limited battery life. To enhance the capacity of mobile devices, an interesting idea is to use cloud computing and virtualization techniques to shift the workload from mobile devices to a computational infrastructure. Those techniques consist of migrating resource-intensive computations from a mobile device to the resource-rich cloud, or server (called nearby infrastructure). In order to achieve their goals, researchers designed mobile cloud applications models (examples: CloneCloud, Cloudlet, and Weblet). In this paper, we want to highlight on cloudlet architecture (nearby infrastructure with mobile device), its methodology and discuss about the impact of distance between cloudlet and mobile device in our work design.

• Journal of Digital Contents Society
• /
• v.15 no.5
• /
• pp.595-602
• /
• 2014

Cloud computing is already well known paradigm that a support computing resource flexible and scalable to users as the want in distributed computing environment. Actually, cloud computing can be implemented and provided by virtualization technology. Also, various products are released or under development. In this paper, we built the teaching practice system using cloud computing and evaluated practical environment which constructed over a virtual machine. Virtualization-based cloud computing provides optimized computing resources, as well as easy to manage practical resource and result. Therefore, we can save the time for configuration of practice environment. In the view of faculty, they can easily handle the practice result. Also, those practice condition reuse comfortably and apply to various configuration simply. And then we can increase capabilities and availabilities of limited resources. Additionally, we measure the performance requirements for educational applications through evaluation of virtual-based teaching practical system in advance.