• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권2호
• /
• pp.565-586
• /
• 2022

Cloud storage's elastic expansibility not only provides flexible services for data owners to store their data remotely, but also reduces storage operation and management costs of their data sharing. The data outsourced remotely in the storage space of cloud service provider also brings data security concerns about data integrity. Data integrity verification has become an important technology for detecting the integrity of remote shared data. However, users without data access rights to verify the data integrity will cause unnecessary overhead to data owner and cloud service provider. Especially malicious users who constantly launch data integrity verification will greatly waste service resources. Since data owner is a consumer purchasing cloud services, he needs to bear both the cost of data storage and that of data verification. This paper proposes a verification control algorithm in data integrity verification for remotely outsourced data. It designs an attribute-based encryption verification control algorithm for multiple verifiers. Moreover, data owner and cloud service provider construct a common access structure together and generate a verification sentinel to verify the authority of verifiers according to the access structure. Finally, since cloud service provider cannot know the access structure and the sentry generation operation, it can only authenticate verifiers with satisfying access policy to verify the data integrity for the corresponding outsourced data. Theoretical analysis and experimental results show that the proposed algorithm achieves fine-grained access control to multiple verifiers for the data integrity verification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권10호
• /
• pp.4703-4723
• /
• 2016

The verification of data integrity is an urgent topic in remote data storage environments with the wide deployment of cloud data storage services. Many traditional verification algorithms focus on the block-oriented verification to resolve the dispute of dynamic data integrity between the data owners and the storage service providers. However, these algorithms scarcely pay attention to the data verification charge and the users' verification experience. The users more concern about the availability of accessed files rather than data blocks. Moreover, the data verification charge limits the number of checked data in each verification. Therefore, we propose a mixed verification protocol to verify the data integrity, which rapidly locates the corrupted files by the file-oriented verification, and then identifies the corrupted blocks in these files by the block-oriented verification. Theoretical analysis and simulation results demonstrate that the protocol reduces the cost of the metadata computation and transmission relative to the traditional block-oriented verification at the expense of little cost of additional file-oriented metadata computation and storage at the data owner. Both the opportunity of data extracted and the scope of suspicious data are optimized to improve the verification efficiency under the same verification cost.

• Journal of Communications and Networks
• /
• 제16권6호
• /
• pp.592-599
• /
• 2014

Cloud computing enables users to easily store their data and simply share data with others. Due to the security threats in an untrusted cloud, users are recommended to compute verification metadata, such as signatures, on their data to protect the integrity. Many mechanisms have been proposed to allow a public verifier to efficiently audit cloud data integrity without receiving the entire data from the cloud. However, to the best of our knowledge, none of them has considered about the efficiency of public verification on multi-owner data, where each block in data is signed by multiple owners. In this paper, we propose a novel public verification mechanism to audit the integrity of multi-owner data in an untrusted cloud by taking the advantage of multisignatures. With our mechanism, the verification time and storage overhead of signatures on multi-owner data in the cloud are independent with the number of owners. In addition, we demonstrate the security of our scheme with rigorous proofs. Compared to the straightforward extension of previous mechanisms, our mechanism shows a better performance in experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권2호
• /
• pp.558-579
• /
• 2021

The cloud storage provides flexible data storage services for data owners to remotely outsource their data, and reduces data storage operations and management costs for data owners. These outsourced data bring data security concerns to the data owner due to malicious deletion or corruption by the cloud service provider. Data integrity verification is an important way to check outsourced data integrity. However, the existing data verification schemes only consider the case that a verifier launches multiple data verification challenges, and neglect the verification overhead of multiple data verification challenges launched by multiple verifiers at a similar time. In this case, the duplicate data in multiple challenges are verified repeatedly so that verification resources are consumed in vain. We propose a duplicate data verification algorithm based on multiple verifiers and multiple challenges to reduce the verification overhead. The algorithm dynamically schedules the multiple verifiers' challenges based on verification time and the frequent itemsets of duplicate verification data in challenge sets by applying FP-Growth algorithm, and computes the batch proofs of frequent itemsets. Then the challenges are split into two parts, i.e., duplicate data and unique data according to the results of data extraction. Finally, the proofs of duplicate data and unique data are computed and combined to generate a complete proof of every original challenge. Theoretical analysis and experiment evaluation show that the algorithm reduces the verification cost and ensures the correctness of the data integrity verification by flexible batch data verification.

• 한국컴퓨터정보학회논문지
• /
• 제27권12호
• /
• pp.209-217
• /
• 2022

함정 전투관리체계는 다양한 센서, 무장 장비들이 연동 노드를 통해 연결되며 체계내 노드간 효율적인 통신을 위해 DDS(Data Distribution Service) 통신을 활용한다. DDS를 사용하기 위해 체계내 응용소프트웨어 사이에는 DDS토픽을 기본으로 하는 PUB/SUB(Publication/Subscribe)방식으로 통신한다. 이 PUB/SUB방식으로 통신하는 DDS 메시지 구조가 일치하지 않으면 송수신 응용소프트웨어에서 잘못된 명령처리 및 정보전달 등 문제가 발생한다. 이를 개선하기 위해 본 논문에서는 해시트리를 활용한 DDS 메시지 구조 무결성 검증 방법을 제안한다. 제안하는 방법의 전투관리체계에 적용가능성을 확인하기 위해, 제안하는 방법의 메시지 구조 무결성 검증률을 측정하고 전투관리체계의 운용과 개발과정에 미치는 영향을 확인하기 위해 전투관리체계 초기화 시간 비교, 메시지 해시트리의 생성시간 측정을 하였다. 이 시험을 통해 본 논문에서 제안하는 체계 안정성을 위한 메시지 구조 검증 방법이 함정 전투관리체계에 적용 가능함을 확인하였다.

• 한국컴퓨터정보학회논문지
• /
• 제19권12호
• /
• pp.123-132
• /
• 2014

본 논문에서는 보안의 문제가 발생 할 경우 앱보다 치명적일 수 있는 운영체제 무결성에 대한 검증 기법에 대해 연구하였다.최근 스마트폰의 보급은 급속도로 발전하고 있으며, PC와 유사한 서비스를 제공하는 단계까지 왔다. 그리고 그에 따르는 보안 위협도 PC와 유사한 부분이 많다. 최근의 모바일 네트워크 환경에서 단말기의 루트 권한 탈취 및 운영체제 위변조 등에 의한 피해가 날로 늘어나고 있는 추세이며 이를 종합적으로 대응할 수 있는 시스템에 대한 연구가 필요하다. 모바일 위협에 대한 피해를 막기 위한 방법으로 운영체제의 무결성을 검사하는 방법이 사용되기도 한다. 무결성 검증 알고리즘은 운영체제 부팅 이전 레벨에서의 검증과 제어권이 운영체제로 넘어간 시점에서의 검증으로 구분될 수 있다. 무결성 검증은 앱 무결성과 운영체제 무결성으로 나뉘어 볼 수 있는데, 본 논문에서는 부트로더와 단말기 내부의 물리적으로 독립된 저장장치를 이용하여 운영체제의 무결성을 검증하는 기법을 제안하였다.

• 한국통신학회논문지
• /
• 제42권1호
• /
• pp.241-249
• /
• 2017

최근 차량용 블랙박스의 보급이 확산됨에 따라 이를 법적 증거로 사용하는 경우가 증가하고 있으며, 이에 따라 영상데이터의 무결성 검증에 대한 필요성이 대두되고 있다. 그러나 임베디드 시스템으로 분류되는 블랙박스는 적은 용량과 낮은 처리속도를 가지므로 영상파일 저장과 무결성 검증 처리의 한계점을 가진다. 본 논문에서는 제한된 자원을 가진 블랙박스 환경에서 고속경량 해시함수 LSH와 HMAC의 안전성을 이용하여 영상파일의 무결성을 보장하는 기법을 제안한다. 또한 이 기법을 구현하여 블랙박스 기기에서 무결성 검증 시의 CPU Idle Rate를 측정한 실험 결과를 제시하고, 제안한 기법의 효과성과 실용 가능성에 대해 검증한다.

• Journal of Multimedia Information System
• /
• 제4권4호
• /
• pp.205-210
• /
• 2017

This paper presents a verification watermarking applied to healthcare information management. The proposed method uses the whole region based on the public-key cryptograph, which is transformed by the DWT transform to integrity verification. Furthermore, the public-key cryptograph algorithm is used for the embedded watermark image. We adaptively select the upper bit-plane including the LSB parts of each block when the watermark is inserted.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권8호
• /
• pp.3943-3957
• /
• 2016

As digital evidence has a highly influential role in proving the innocence of suspects, methods for integrity verification of such digital evidence have become essential in the digital forensic field. Most surveillance camera systems are not equipped with proper built-in integrity protection functions. Because digital forgery techniques are becoming increasingly sophisticated, manually determining whether digital content has been falsified is becoming extremely difficult for investigators. Hence, systematic approaches to forensic integrity verification are essential for ascertaining truth or falsehood. We propose an integrity determination method that utilizes the structure of the video content in a Video Event Data Recorder (VEDR). The proposed method identifies the difference in frame index fields between a forged file and an original file. Experiments conducted using real VEDRs in the market and video files forged by a video editing tool demonstrate that the proposed integrity verification scheme can detect broken integrity in video content.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권10호
• /
• pp.3607-3623
• /
• 2014

The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.