Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Protocol Analysis and Evaluation of the Transport Layer to Improve Security in a Public Cloud Environment

공공 클라우드 환경에서 보안성 향상을 위한 전송계층 프로토콜 분석·평가

  • Received : 2017.04.28
  • Accepted : 2017.10.18
  • Published : 2018.01.15
⟨ Previous Next ⟩

Abstract

Governments and public agencies try to use the cloud to carry out their work and provide public services. However, a public cloud is vulnerable to security side because it has a structure to support services using public networks (i.e, the internet). Thus, this paper finds the general security vulnerabilities of a network and compares and analyzes the characteristics of transport protocols (UDP, TCP, SCTP, and MPTCP) on the basis of their security vulnerabilities. This paper uses a reliability and security factor for the comparative analysis, evaluates the security exposure, and chooses a suitable protocol considering the security of the transport protocols in the cloud circumstance.

정부 및 공공기관에서는 업무 및 서비스 제공에 있어 공공망을 활용한 클라우드 서비스를 촉진하고자 하나 공공망(인터넷)을 이용하는 구조로 인해 보안상의 취약점이 발생하기 쉽다. 이에 본 논문에서는 공공망을 사용하는 클라우드 네트워크의 일반적인 보안 취약점을 도출하고, 이를 기준으로 UDP와 TCP 계열 프로토콜(TCP, SCTP, MPTCP)의 보안 관련 특성을 비교 분석하였다. 비교 분석에는 신뢰성 및 보안성 요소를 사용하였으며, 보안 노출도를 평가하고 전송 프로토콜 중 보안성 측면에서 가장 적합한 프로토콜을 선정하였다.

Keywords

Acknowledgement

Grant : 셀룰러 기반 산업 자동화 시스템 구축을 위한 5G 성능 한계 극복 저지연, 고신뢰, 초연결 통합 핵심기술 개발

Supported by : 정보통신기술진흥센터

References

  1. Ministry of Science and ICT, K-ICT cloud computing activation plan, Ministry of Science and ICT, Nov. 2015. (In Korean)
  2. H. G. Kim, Consulting methodology for public sector cloud adoption, Public Cloud Support Center, Dec. 2016.
  3. KISA, Notification announcement of cloud information security and implementation of security encryption, Cloud Service Brokerage forum, Apr. 2016. (In Korean)
  4. S. H. Kang, Trends in cloud security regulations in major countries, SPRi, Jul. 2016.
  5. Habib, S., Qadir, J., Ali, A., Habib, D., Li, M., & Sathiaseelan, A., "The past, present, and future of transport-layer multipath," Journal of Network and Computer Applications, 75, pp. 236-258, Jan. 2016. https://doi.org/10.1016/j.jnca.2016.09.005
  6. A. Ford, C. Raiciu, M. Handley, O. Bonaventure, "TCP Extensions for Multipath Operation with Multiple Addresses," RFC 6824, Jan. 2013.
  7. S. J. Koh, H. Y. Jung, J. H. Min, K. S. Park, "Analysis and Prospect of Stream Control Transmission Protocol," Electronics and Telecommunications Trends, Vol. 18, No. 3, Jun. 2003.
  8. Ministry of the Interior, Guidelines for public agencies to use the private cloud, Jul. 2016. (In Korean)
  9. M. Bagnulo, M. Bagnulo, F. Gont, O. Bonaventure, C. Raiciu, "Analysis of Residual Threats and Possible Fixes for Multipath TCP (MPTCP)," RFC 7430, Jul. 2015.
  10. M. Bagnulo, "Threat Analysis for TCP Extensions for Multipath Operation with Multiple Addresses," RFC 6181, Mar. 2011.