• Title/Summary/Keyword: Security As A Service

Search Result 2,117, Processing Time 0.03 seconds

Comparative Analysis of ViSCa Platform-based Mobile Payment Service with other Cases (스마트카드 가상화(ViSCa) 플랫폼 기반 모바일 결제 서비스 제안 및 타 사례와의 비교분석)

  • Lee, June-Yeop;Lee, Kyoung-Jun
    • Journal of Intelligence and Information Systems
    • /
    • v.20 no.2
    • /
    • pp.163-178
    • /
    • 2014
  • Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

Intergrating Security Model for Mobile-Grid (Mobile-Grid 환경에서의 통합 보안 모델)

  • Kang, Su-Youen;Lee, Sung-Young
    • Proceedings of the KIEE Conference
    • /
    • 2002.11c
    • /
    • pp.585-588
    • /
    • 2002
  • Grid provides integral ing system that enables to use distributed computing resource and services as adapts traditional infrastructures to overcome the distributed computing environments. But, computing today is moving away from a restriction of the desktop, becoming diffused into our surrounding and onto our personal digital devices. In such mobile computing environments, users expects to access resource and services at any time from anywhere in such Mobile-Grid computing. This expectation results security issues, since the computing environments is expanded. This paper describes the security challenges in Mobile-Grid computing, explaining why traditional security mechanism fail to meet the demands of these environments. This paper describes policy driven security mechanism enabled entity to use service and data in trust Mobile-Grid environments and a set of security service module that need to be realized in the Mobile-Grid security architecture presents a set of use pattern that show hew these modules can be used for billing service in a secure Mobile-Grid environments.

  • PDF

A Study of Security QoS(Quality of Service) Measurement Methodology for Network Security Efficiency (네트워크 보안 효율성 제고를 위한 보안 QoS(Quality of Service) 측정방법론 연구)

  • Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.11 no.1
    • /
    • pp.39-48
    • /
    • 2011
  • QoS(Quality of Service) is defined "The collective effect of service performance which determines the degree of satisfaction of a user of the service" by ITU-T Rec. E.800. The final goal of information system is to secure the performance efficiency within the required time. The security QoS framework is the modeling of the QoS measurement metrics, the measurement time schedule, instrument, method of measurement and the series of methodology about analysis of the result of measurement. This paper relates to implementing issue and performance measuring about blended mechanism between networking technology and security technology. We got more effectiveness in overall network security, when applying and composing amalgamated security mechanism between network technology and security technology. In this paper, we suggest techniques being used on infrastructure system and also offers a security QoS methodology as a model of more effective way. Methodology proposed in this research has proven that it is possible to measure response time through the scheduled method.

Security as a Service 동향

  • Lee, Jonghoon;Jung, Seungwook;Jung, Souhwan
    • Review of KIISC
    • /
    • v.22 no.7
    • /
    • pp.54-61
    • /
    • 2012
  • 본고에서는 최근 클라우드 컴퓨팅이 갖고 있는 보안 기술 동향에 대하여 살펴본다. 특히 클라우드 컴퓨팅이 갖는 보안 위협들을 해결하기 위한 대응책으로 SecaaS(Security as a Service)에 관심이 집중되고 있다. SecaaS는 클라우드 컴퓨팅의 보안 솔루션을 클라우드 컴퓨팅 서비스의 한 형태로 제공하여 안전성과 신뢰성을 보장한다. CSA(Cloud Security Alliance)에서는 클라우드 컴퓨팅 환경의 보안 위협들에 대해 분석하여 클라우드 보안 가이드를 제시했으며, 최근 SecaaS 워킹그룹에서는 10개의 카테고리로 구분하여 보안 솔루션을 구현하기 위한 구체적인 가이드 제시하고 있다. 먼저 전반적인 클라우드 컴퓨팅의 보안 위협에 대해 살펴보고, 이에 대한 해결방안으로 제시되는 SecaaS 기술에 대해 살펴본다.

The tasks and prospect of introducing the pravite investigation servicesystem in korea (한국민간조사제도 도입전망과 과제)

  • Park, Jun-seok;Jeong, Youn-min;Lee, Young-seok
    • Journal of the Society of Disaster Information
    • /
    • v.3 no.2
    • /
    • pp.95-117
    • /
    • 2007
  • With rapid changes taking place in every field, the expansion and specialization of various social service activities are one of the characteristics of the modem society. However, the increase of crimes and inefficiency of public police service to cope with this situation have caused discontent and distrust on the service among the public, making people more inclined to solve safety-related problems by themselves. Private Security Service(PSS) and Private Investigation Service(PIS) were introduced to satisfy these needs. In the area of PIS, Public Investigation Service System(PISS) has been established for a quite long time in foreign countries. However in Korea, PIS is being provided by unregulated service providers such as errand service center due to the lack of legal system, causing many problems related with illegal practices by the service providers. This paper is the result of the research on how to adopt a relevant PISS in Korea and develop it in the future. This kind of research is much needed to curb the rising illegal practices of the errand service centers, complement the insufficient operation of public police service, and strengthen the competitiveness of our country by taking more efficient actions in the changing public security environment. Based on the research, this paper also examines positively the possibility of introduction of PIS in Korea. This paper also recommends a prompt enactment of PIS regulation and improvement on the legal environment for such introduction of the relevant and suitable PISS in Korea.

  • PDF

Design of User Access Authentication and Authorization System for VoIP Service (사용자 접근권한 인증을 이용한 안전한 VoIP 시스템 설계)

  • Yang, Ho-Kyung;Kim, Jin-Mook;Ryou, Hwang-Bin;Park, Choon-Sik
    • Convergence Security Journal
    • /
    • v.8 no.4
    • /
    • pp.41-49
    • /
    • 2008
  • VoIP is a service that changes the analogue audio signal into a digital signal and then transfers the audio information to the users after configuring it as a packet; and it has an advantage of lower price than the existing voice call service and better extensibility. However, VoIP service has a system structure that, compared to the existing PSTN (Public Switched Telephone Network), has poor call quality and is vulnerable in the security aspect. To make up these problems, TLS service was introduced to enhance the security. In practical system, however, since QoS problem occurs, it is necessary to develop the VoIP security system that can satisfy QoS at the same time in the security aspect. In this paper, a user authentication VoIP system that can provide a service according to the security and the user through providing a differential service according to the approach of the users by adding AA server at the step of configuring the existing VoIP session is suggested. It was found that the proposed system of this study provides a quicker QoS than the TLS-added system at a similar level of security. Also, it is able to provide a variety of additional services by the different users.

  • PDF

Cloud Security and Privacy: SAAS, PAAS, and IAAS

  • Bokhari Nabil;Jose Javier Martinez Herraiz
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.3
    • /
    • pp.23-28
    • /
    • 2024
  • The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

A Study on Acceptance Factors of Financial Mydata Service from Information Security Perspectives (정보보호 관점의 금융 마이데이터 서비스 수용 요인에 관한 연구)

  • Lee, Seok Ho;Bae, Chang Hang
    • The Journal of Society for e-Business Studies
    • /
    • v.27 no.2
    • /
    • pp.137-152
    • /
    • 2022
  • Consumers' enhanced intention to adopt the Mydata service or their voluntary provision of personal information is a very essential element in the stable growth of the Mydata industry along with the creation of corporate values. The growing leakage of customer information according to the rising value of data can have negative impacts on the use of Mydata service and shrink quality custom service needs based on the personal information provided by financial consumers. This study set out to identify security risks that financial consumers could recognize and security factors that could supplement them and investigate the effects of these security factors on consumers' intention to adopt the Mydata service, thus providing useful implications for increasing the acceptance of financial consumers and finding a strategy to expand safe utilization. The findings raise a need to guarantee the stability and transparency of information provided by customers as information subjects, and they should be essential requirements for the Mydata service. The security factors applied to guarantee them should include convenience in terms of financial service.

Implementation and Evaluation of IoT Service System for Security Enhancement (보안성 향상을 위한 IoT 서비스 시스템 구현 및 평가)

  • Kim, Jin-bo;Kim, Mi-sun;Seo, Jae-hyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.2
    • /
    • pp.181-192
    • /
    • 2017
  • Internet of Things includes the whole process of collected information generated from a variety of objects, as well as analyzing and sharing it, and providing useful information services to people. This study seeks ways to improve security and safety in the areas of service security technology, ID management technology and service access control, all of which take place in the IoT environment. We have implemented the services that can design and issue C&C (Certificate and Capability) service token authentication, which is based on a public key, to improve the service security. In addition, we suggest LCRS (Left Child-Right Sibling) resource model management for the efficient control of resources when generating the resource services from the data collected from node devices. We also implemented an IoT services platform to manage URL security of the resource services and perform access control for services.

Intention to Use of Personal Cloud Services: Focusing on the Security Factors (보안요인을 중심으로 한 개인용 클라우드 서비스 사용의도)

  • Lee, Jae Seok;Kim, Kyoung-jae
    • Knowledge Management Research
    • /
    • v.18 no.4
    • /
    • pp.237-260
    • /
    • 2017
  • Recently, with the proliferation of smart phones and mobile devices and the increase in the speed of mobile Internet, IT services are increasingly used in smart phones and mobile devices in a different way from the past. That is, a cloud service that downloads and uses data stored in the server in real time is expanding, and as a result, the security due to the continuous Internet connection of the user becomes a problem. In this study, we analyzed the relationship between factors affecting the continuous use of personal cloud service by using technology acceptance model. In addition to the technology acceptance model, confidentiality, privacy, accessibility, innovation, and self-efficacy were extracted from the existing research with emphasis on the characteristics of the cloud service and security factors. Moreover, the difference of intention to use among genders was verified through structural equation modeling with survey data from 262 personal cloud service users.