• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• 한국HCI학회:학술대회논문집
• /
• 2007.02a
• /
• pp.1051-1056
• /
• 2007

In current web-based systems, it is generally recognized that one way flow of information from providers to users can cause the static problem of document structure. Therefore, information update frequency and interaction between providers and users are quiet slow. Monopolized information can obstruct the free user's access and heterogeneous format and different protocols also make users difficult to retrieve and to collect information. To resolve these problems, in this study, we introduce the Web 2.0 to move toward the user's participation and share based on the social network and the OAI protocol to improve the free access and the interoperability on bibliographic information for Life Science and then design the bibliographic information network for life science. This network has four main functions such as: 1) Open Repository function that can make up user community for sharing and data exchange. Data such as article, seminar material, research note and research report are considered in design. 2) Open Collection function that can collect and store the metadata on distributed bibliographic information networks, 3) Open Access function that can manage the metadata in the open access environment, and 4) Administration function that can monitor the user activity and statistics and can inspect the registered data.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.12
• /
• pp.45-51
• /
• 2010

The main issue in mobile cloud computing is how to support a seamless service to a mobile mode. Mobile IPv6 (MIPv6) is a mobility supporting protocol which is standardized by the Internet Engineering Task Force (IETF). Mobile IPv6 fast handovers (FMIPv6) is the extension of MIPv6 which is proposed to overcome shortcomings of MIPv6. Recently, fast handovers for Mobile IPv6 over IEEE 802.16e which is one of broadband wireless access systems has been proposed by the IETF. It was designed for supporting cross-layer fast handover. In this paper, we propose an enhanced cross-layering mobile IPv6 fast handover over IEEE 802.16e networks. In our scheme, a new access router generates a new address for the mobile node by using a layer 2 trigger. We utilize a layer 2 message which is sent from a new base station to the new access router in order to inform the new access router of information of the mobile node. A previous access router sends a binding update message to the mobile node's home agent when it acquires the new address of the mobile node. We evaluate the performance of the proposed scheme compared with the existing schemes in terms of the signaling cost and the handover latency. From the results, we observe that the proposed scheme can support fast handover effectively over IEEE 802.16e networks than existing schemes.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.12
• /
• pp.2293-2300
• /
• 2008

In ad-hoc sensor network, AODV routing information is disclosed to other nodes because AODV protocol doesn't have any security mechanisms. The problem of AODV is that an attacker can falsify the routing information in RREQ packet. If an attacker broadcasts the falsified packet, other nodes will update routing table based on the falsified one so that the path passing through the attacker itself can be considered as a shortest path. In this paper, we design the routing-information-spoofing attack such as falsifying source sequence number and hop count fields in RREQ packet. And we suggest an efficient scheme for detecting the attackers and isolating those nodes from the network without extra security modules. The proposed scheme doesn't employ cryptographic algorithm and authentication to reduce network overhead. We used NS-2 simulation to evaluate the network performance. And we analyzed the simulation results on three cases such as an existing normal AODV, AODV under the attack and proposed AODV. Simulation results using NS2 show that the AODV using proposed scheme can protect the routing-information-spoofing attack and the total n umber of received packets for destination node is almost same as the existing norm at AODV.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.5
• /
• pp.79-91
• /
• 2011

In this paper, a DS (Data Synchronization) server for mobile communication environments is constructed and the suitability and the performance of its operations are validated. The DS server provides a way to update the newest data and keep data consistency for clients (mobile devices). In addition, the DS server constructed in this paper supports various synchronization types, and detects all changes and conflicts. In case of data conflicts, the DS server resolves the conflicts according to the several policies implemented in this work. The DS server conforms to the OMA(Open Mobile Alliance) DS standard protocol for interoperability with other mobile devices and servers. In addition to the transmission-by record scheme proposed by the OMA DS standard protocol, the DS server constructed in this paper also provides the transmission-by field scheme for the enhancement transmission performance between the server and clients. In order to validate its operations, data synchronization between the DS server and the SCTS (SyncML Conformance Test Suit), the suitability validation tool provided by the OMA, is performed. The validation results show that the DS server constructed in this paper satisfies all of the test cases except the Large Object function. The Large Object function will be implemented later because the function is not needed for the personal information synchronization process which this paper aims for. Also, synchronization times of the DS server are measured while increasing the number of data and clients. The results of the performance evaluations demonstrate that the DS server is scalable, in the sense that it has not suffered from any serious bottlenecks with respect to the number of data and clients. We expect that this work will provide a framework for various studies in the future for improving mobile DS operations.