• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1523-1545
• /
• 2019

Cloud computing is now a widespread and economical option when data owners need to outsource or share their data. Designing secure and efficient data access control mechanism is one of the most challenging issues in cloud storage service. Anonymous broadcast encryption is a promising solution for its advantages in the respects of computation cost and communication overload. We bring forward an efficient anonymous identity-based broadcast encryption construction combined its application to the data access control mechanism in cloud storage service. The lengths for public parameters, user private key and ciphertext in the proposed scheme are all constant. Compared with the existing schemes, in terms of encrypting and decrypting computation cost, the construction of our scheme is more efficient. Furthermore, the proposed scheme is proved to achieve adaptive security against chosen-ciphertext attack adversaries in the standard model. Therefore, the proposed scheme is feasible for the system of data access control in cloud storage service.

• Annual Conference of KIPS
• /
• 2013.05a
• /
• pp.636-639
• /
• 2013

With the development and rapid growth of cloud computing, lots of application services based on cloud computing have been developed. In addition, cloud-based DRM systems have been developed to support those services' copyright and privacy protection. In this paper, we propose a new cloud-based user-friendly DRM system, which allows users to execute the same contents bought at most n times at any devices with license enforcement, which checks the validation of licenses before every execution, having no smart card, which has to carry a smart card reader that seems troublesome to a user, and providing the copyright and privacy protection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1343-1356
• /
• 2013

Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

• Journal of Information Processing Systems
• /
• v.15 no.2
• /
• pp.440-448
• /
• 2019

The Internet of Things (IoT) is one of the main enablers for situation awareness needed in accomplishing smart cities. IoT devices, especially for monitoring purposes, have stringent timing requirements which may not be met by cloud computing. This deficiency of cloud computing can be overcome by fog computing for which fog nodes are placed close to IoT devices. Because of low capabilities of fog nodes compared to cloud data centers, fog nodes may not be deployed with all the services required by IoT devices. Thus, in this article, we focus on the issue of fog service placement and present the recent research trends in this issue. Most of the literature on fog service placement deals with determining an appropriate fog node satisfying the various requirements like delay from the perspective of one or more service requests. In this article, we aim to effectively place fog services in accordance with the pre-obtained service demands, which may have been collected during the prior time interval, instead of on-demand service placement for one or more service requests. The concept of the logical fog network is newly presented for the sake of the scalability of fog service placement in a large-scale smart city. The logical fog network is formed in a tree topology rooted at the cloud data center. Based on the logical fog network, a service placement approach is proposed so that services can be placed on fog nodes in a resource-effective way.

• Journal of Internet Computing and Services
• /
• v.19 no.3
• /
• pp.25-33
• /
• 2018

This paper proposes a cloud workflow model theoretically supported by the information control net modeling methodology as a cloud workflow modeling methodology that is mandatory in implementing realtime enterprise workflow management systems running with cloud computing environments. The eventual goal of the cloud workflow model proposed in this paper is to support those cloud workflow architectures reflecting the types of cloud deployment models such as private, community, public, and hybrid cloud deployment models. Moreover, the proposed model is a mathematical graph model that is extended from the information control net modeling methodology used in conventional enterprise workflow modeling, and it aims to theoretically couple this methodology with the cloud deployment models. Finally, this paper tries to verify the feasibility of the proposed model by building a possible cloud workflow architecture and its cloud workflow services on a realtime enterpeise cloud workflow management system.

• Journal of Information Processing Systems
• /
• v.9 no.2
• /
• pp.189-204
• /
• 2013

The confinement problem was first noted four decades ago. Since then, a huge amount of efforts have been spent on defining and mitigating the problem. The evolution of technologies from traditional operating systems to mobile and cloud computing brings about new security challenges. It is perhaps timely that we review the work that has been done. We discuss the foundational principles from classical works, as well as the efforts towards solving the confinement problem in three domains: operating systems, mobile computing, and cloud computing. While common issues exist across all three domains, unique challenges arise for each of them, which we discuss.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06b
• /
• pp.41-43
• /
• 2011

Cyber-Physical Systems are tight integration of computation, networking and physical objects to sense, monitor, and control the physical world. This paper presents a novel architecture that combines two next generation technologies i.e. cyber-physical systems and Cloud computing to develop a ubiquitous healthcare based infrastructure. Through this infrastructure, patients and elderly people get remote assistance, monitoring of their health conditions and medication while living in proximity of home. Consequently, this leads to major cost savings. However, there are various challenges that need to be overcome before building such systems. These challenges include making system real-time responsive, reliability, stability and privacy. Therefore, in this paper, we propose an architecture that deals with these challenges.

• Journal of Korea Society of Industrial Information Systems
• /
• v.19 no.5
• /
• pp.117-128
• /
• 2014

In this paper, we proposed the necessary government policies for the SME's informatization as the computing environment evolves towards cloud computing. We started with the review of the current SME's computing environment and limitations of current policies, and then addressed the new roles, visions, and missions of the government for the SME informatization. Based upon these arguments, we proposed the mid-term vision and designed the architecture for the cloud computing-based services for SMEs. The major contribution of this paper is to extend the enterprise-based informatization strategies to the context of the government policies so that the government can adopt our arguments as guidelines for the future policies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.