한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

  • 제42권1호
  • /
  • Pages.257-267
  • /
  • 2017
  • /
  • 1226-4717(pISSN)
  • /
  • 2287-3880(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

포그 컴퓨팅 환경에서의 보안 및 프라이버시 이슈에 대한 연구

Security and Privacy Issues of Fog Computing

  • 투고 : 2016.11.14
  • 심사 : 2017.01.12
  • 발행 : 2017.01.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

IoT(사물인터넷) 기술이 발전하여 적용 분야가 다양해지고 이에 따라 서비스를 이용하는 사용자 수도 크게 증가하였다. 수많은 IoT 디바이스들에 의해 발생되는 실시간 대용량 데이터를 클라우드 컴퓨팅 환경에서 처리하는 것은 더 이상 적합하지 않다. 이러한 문제를 해결하기 위해서 응답시간을 최소화 하고 실시간 처리가 적합하도록 하는 포그 컴퓨팅이 제안되었다. 하지만 포그 컴퓨팅이라는 새로운 패러다임에 대한 보안 요구사항이 아직 정립되지 않았다. 이 논문에서는 포그 컴퓨팅에 대한 모델 정의와 정의된 모델에 대한 보안 요구사항을 정리하였다.

With the development of IoT (Internet of Things) technology, the application area has been diversified and the number of users using this service also has increased greatly. Real time big data generated by many IoT devices is no longer suitable for processing in a cloud computing environment. To solve this issue, fog computing is suggested which minimizes response time and makes real time processing suitable. However, security requirement for new paradigm called fog computing is not established until now. In this paper, we define models for fog computing, and the security requirements for the defined model.

키워드

참고문헌

  1. Postscapes, Best Internet of Things Definition (2015), http://postscapes.com/internet-of-things-definition.
  2. P. Mell and T. Grace, "The NIST Definition of Cloud Computing," NIST Special Publication, 800-145, 2011.
  3. F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, "Fog computing and its role in the internet of things," MCC Wksp. Mob. Cloud Comput., pp. 13-16, Helsinki, Finland, Aug. 2012.
  4. I. Dacosta, M. Ahamad, and P. Traynor, "Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties," ESORICS 2012, Pisa, Italy, Sept. 2012.
  5. N. Karapanos and S. Capkun, "On the effective prevention of TLS man-in-the-middle attacks in web applications," USENIX Security Symp. 2014, San Diego, CA, Aug. 2014.
  6. P. Hoffman and J. Schlyter, The dns-based authentication of named entities (DANE) transport layer security (TLS) Protocol: TLSA, RFC 6698 (2012), https://www.rfc-editor.org/rfc/rfc6698.txt.
  7. D. K. Smetters, D. Balfanz, P. Stewart, and H. C. Wong, "Talking to strangers: authentication in Ad-Hoc wireless networks," NDSS 2002, San Diego, CA, Feb. 2002.
  8. T. Dierks, The transport layer security (TLS) protocol version 1.2, RFC 5246 (2008), https://www.ietf.org/rfc/rfc5246.txt.
  9. C. Modi, et al., "A survey of intrusion detection techniques in cloud," J. Netw. and Comput. Appl., vol. 36, no. 1, pp. 42-57. Jan. 2013. https://doi.org/10.1016/j.jnca.2012.05.003
  10. S. Mun, M. Kim, and T. Kwon, "Lightweight cryptographic technology trends for IoT communication environment" J. KICS, vol. 33, no. 3, pp. 80-86, Mar. 2016.
  11. S. Halevi, et al., "Proofs of ownership in remote storage systems," 18th ACM Conf. Comput. and Commun. Security, pp. 491-500, Oct. 2011.
  12. F. Armknecht, et al., "Mirror: Enabling proofs of data replication and retrievability in the cloud," USENIX Security Symp. 2016, Austin, Texas, Aug. 2016.
  13. M. Etemad and A. Kupcu, "Generic efficient dynamic proofs of retrievability," in Proc. 2016 ACM on Cloud Computing Security Workshop, ACM, 2016.
  14. Q. Zheng and S. Xu, "Secure and efficient proof of storage with deduplication," in Proc. 2nd ACM Conf. Data and Appl. Security and Privacy, pp. 1-12, San Antonio, Texas, USA, Feb. 2012.
  15. K. M. Ramokapane, A. Rashid, J. M. Such, "Assured deletion in the cloud: requirements, challenges and future directions," in Proc. 2016 ACM on Cloud Comput. Security Wksp., pp. 97-108, Vienna, Austria, Oct. 2016.
  16. JR. Douceur, et al., "Reclaiming space from duplicate files in a serverless distributed file system," IEEE Distrib. Comput. Syst., pp 617-624, 2002.
  17. S. Keelveedhi, M. Bellare, and T. Ristenpart. "DupLESS: server-aided encryption for deduplicated storage," USENIX Security 13, 2013.
  18. P. Puzio, et al., "ClouDedup: secure deduplication with encrypted data for cloud storage," IEEE CloudCom, vol. 1, 2013.
  19. S. M. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks," 1992 IEEE Comput. Soc. Symp. Security and Privacy, May 1992.
  20. B. Parno, et al., "Pinocchio: Nearly practical verifiable computation", 2013 IEEE Symp. Security and Privacy, 2013.
  21. C. Gentry, "A fully homomorphic encryption scheme," Ph.D dissertation, Stanford Univ., 2009.
  22. D. Boneh, A. Sahai, and B. Waters, "Functional encryption: Definitions and challenges," Theory of Cryptography Conf. vol. 6597, pp. 253-273, 2011.
  23. DX. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data," in Proc. 2000 IEEE Symp. Security and Privacy, pp. 44-55, 2000.
  24. R. Lu, et al., "Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications," IEEE Trans. Parall. and Distrib. Syst., vol. 23, no. 9, pp. 1621-1631, 2012. https://doi.org/10.1109/TPDS.2012.86
  25. B. Gedik and L. Liu, "Protecting location privacy with personalized k-anonymity: Architecture and algorithms," IEEE Trans. Mob. Comput. vol. 7, no. 1, pp. 1-18, 2008. https://doi.org/10.1109/TMC.2007.1062
  26. X. Liu, et al., "Traffic-aware multiple mix zone placement for protecting location privacy," IEEE INFOCOM, pp. 972-980, 2012.
  27. M. Gruteser and D. Grunwald, "Anonymous usage of location-based services through spatial and temporal cloaking," in Proc. 1st Int. Conf. Mob. Syst. Appl. and Serv., pp. 31-42, San Francisco, California, May 2003.
  28. V. Bindschaedler and R. Shokri, "Synthesizing plausible privacy-preserving location traces," IEEE Symp. Security and Privacy, May 2016.
  29. B. Niu, et al., "Protection of location privacy in continuous LBSs against adversaries with background information," IEEE ICNC, pp. 1-6, 2016.
  30. H. Wang, et al., "Comparing symmetric-key and public-key based security schemes in sensor networks: A case study of user access control," IEEE ICDCS'08, pp. 1-6, 2008.
  31. B. Jiang and X. Hu, "A survey of group key management," IEEE Comput. Sci. and Softw. Eng. 2008, vol. 3, pp. 994-1002, 2008.
  32. S. J. Moon, V. Sekar, and M. K. Reiter, "Nomad: Mitigating arbitrary cloud side channels via provider-assisted migration," in Proc. 22nd ACM SIGSAC Conf. Comput. and Commun. Security, pp. 1595-1606, Denver, United States, 2015.
  33. Z. Zhou, M. K. Reiter, and Y. Zhang, "A software approach to defeating side channels in last-level caches", arXiv preprint arXiv: 1603.05615, 2016.
  34. Y. Kim and S. Lee, "Analysis and comprehension of cloud computing," J. KICS, vol. 32, no. 4, pp. 87-92, Mar. 2015.
  35. D. Kim, S. Yun, and Y. Lee, "Security for IoT service," J. KICS, vol. 30, no. 8, pp. 53-59, Jul. 2013.
  36. G. Irazoqui, T. Eisenbarth, and B. Sunar, "S $ A: A shared cache attack that works across cores and defies VM sandboxing--and its application to AES," 2015 IEEE Symp. Security and Privacy, pp 591-604, May 2015.
  37. Y. Yarom and K. Falkner, "Flush+ reload: a high resolution, low noise, L3 cache side-channel attack," 23rd USENIX Security Symp., pp. 719-732, San Diego, CA, Aug. 2014.

피인용 문헌

  1. A Design of Secure Communication Protocol Using RLWE-Based Homomorphic Encryption in IoT Convergence Cloud Environment pp.1572-834X, 2019, https://doi.org/10.1007/s11277-018-6083-9
  2. A Blockchain-Based Trusted Edge Platform in Edge Computing Environment vol.21, pp.6, 2021, https://doi.org/10.3390/s21062126