• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1157-1169
• /
• 2021

The disaster recovery refers to policies and procedures to ensure continuity of services and minimize loss of resources and finances in case of emergency situations such as natural disasters. In particular, the disaster recovery method by the cloud service provider has advantages such as management flexibility, high availability, and cost effectiveness. However, this method has a dependency on a service provider and has a structural limitation in which a user cannot be involved in personal data. In this paper, we propose a protocol using proxy re-encryption for data confidentiality by removing dependency on service providers by backing up user data using blockchain and distributed storage. The proposed method is implemented in Ethereum and IPFS environments, and presents the performance and cost required for backup and recovery operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.999-1007
• /
• 2018

To implement crowdsensing system in reality, trustiness between service provider server and user is necessary. Service provider server could manipulate the evaluation of sensing data to reduce incentive. Moreover, user could send a fake sensing data to get unjust incentive. In this paper, we adopt private blockchain on crowdsensing system, and thus paid incentives and sent data are unmodifiablely recorded. It makes server and users act as watcher of each others. Through adopting smart contract, our system automates sensing data evaluation and opens to users how it works. Finally, we show the feasibility of proposing system with performance evaluation and comparison with other systems.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.127-138
• /
• 2022

In this paper, we present FinDID (Financial Decentralized IDentity), a blockchain-based DID(Decentralized IDentity) service that can flexibly control personal information or credentials through a systematic verification method while complying with the standard service scheme of decentralized identity for the financial sector. DID is an identity management system used in a decentralized environment without a specific certification authority, and as a technology that allows users to control their own information, it can realize self-sovereignty over users' own personal information. Through FinDID, users receive credentials that authenticate their various personal information from the issuer, select only the claims required by the target financial service using their personal electronic wallet, create presentations from credentials. Then they submit it to the financial service, leading to their qualification from the service. FinDID consists of electronic wallet, credential issuer, credential storage, DID service including DID management contract and credential management contract, and financial services using this service scheme. The DID service manages each user's DID and supports all verification processes of the associated identity management scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.3
• /
• pp.916-937
• /
• 2023

Most of the existing Distributed Denial-of-Service mitigation schemes in Software-Defined Networking are only implemented in the network domain managed by a single controller. In fact, the zombies for attackers to launch large-scale DDoS attacks are actually not in the same network domain. Therefore, abnormal traffic of DDoS attack will affect multiple paths and network domains. A single defense method is difficult to deal with large-scale DDoS attacks. The cooperative defense of multiple domains becomes an important means to effectively solve cross-domain DDoS attacks. We propose an efficient multi-domain DDoS cooperative defense mechanism by integrating blockchain and SDN architecture. It includes attack traceability, inter-domain information sharing and attack mitigation. In order to reduce the length of the marking path and shorten the traceability time, we propose an AS-level packet traceability method called ASPM. We propose an information sharing method across multiple domains based on blockchain and smart contract. It effectively solves the impact of DDoS illegal traffic on multiple domains. According to the traceability results, we designed a DDoS attack mitigation method by replacing the ACL list with the IP address black/gray list. The experimental results show that our ASPM traceability method requires less data packets, high traceability precision and low overhead. And blockchain-based inter-domain sharing scheme has low cost, high scalability and high security. Attack mitigation measures can prevent illegal data flow in a timely and efficient manner.

• The Journal of Society for e-Business Studies
• /
• v.26 no.1
• /
• pp.79-91
• /
• 2021

The public records of universities shall be classified according to the Enforcement Decree of the Public Records Act and public records management activities shall be carried out accordingly. Among various kinds of public records of the university, the records of performance management are still managed as paper documents, such as attendance books, answer sheets, and assignments, and the management system and methods of each school are different, making it difficult for the management manager to manage them. In this paper, we propose a service model that can perform blockchain-based records management of records related to performance at universities currently kept in paper documents. The proposed service is expected to reduce resource consumption, such as the cost, time and effort spent on storing and managing paper documents.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.6
• /
• pp.575-589
• /
• 2020

Along with the exponential growth of data businesses, the importance of data containing personal information of use have also increaseing. Particularly, in Korea, as the Data 3 Act was implemented, companies can use personal information more actively through regulatory improvement and stipulation in case of using data containing personal information. In this situation as per the service use, self-sovereign identity technology has emerged that can minimize the provision of personal information in relation to real name authentication and provision of personal information. Recently, services and studies using blockchain have been actively conducted in case of using the self-sovereign identity function for clarity and verification of records according to the use of personal information. In this thesis, by analyzing the characteristics of domestic self-sovereign identity service and the current status and contents of research related to blockchain-based self-sovereign identity technology and we suggest a research direction based on self-sovereign identity technology to reinforce the sovereignty of personal information in the era of the 3rd Data Act do.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.113-122
• /
• 2020

In this paper, we propose the terminal authentication system using blockchain and TOTP(Time-based One-time Password Algorithm) to sustain a continuous authentication between user device and service device. And we experiment this system by using door-lock as a terminal of IoT(Internet of Things). In the future, we can apply this result to several devices of IoT for convenience and security. Although IoT devices frequently used everyday require convenience and security at the same time, it is difficult for IoT devices having features of the low-capacity and light-weight to apply the existing authentication technology requiring a high amount of computation. Blockchain technology having security and integrity have been used as a storage platform, but its authentication cannot be performed when the terminal cannot access any network. We show the method to solve this problem using Blockchain and TOPT.

• Journal of Multimedia Information System
• /
• v.9 no.1
• /
• pp.33-42
• /
• 2022

In this paper, we have recently created self-driving cars and self-parking systems in human-friendly cars that can provide high safety and high convenience functions by recognizing the internal and external situations of automobiles in real time by incorporating next-generation electronics, information communication, and function control technologies. And with the development of connected cars, the ITS (Intelligent Transportation Systems) market is expected to grow rapidly. Intelligent Transportation System (ITS) is an intelligent transportation system that incorporates technologies such as electronics, information, communication, and control into the transportation system, and aims to implement a next-generation transportation system suitable for the information society. By combining the technologies of connected cars and Internet of Things with software features and operating systems, future cars will serve as a service platform to connect the surrounding infrastructure on their own. This study creates a research methodology based on the Enhanced Security Model in Self-Driving Cars model. As for the types of attacks, Availability Attack, Man in the Middle Attack, Imperial Password Use, and Use Inclusive Access Control attack defense methodology are used. Along with the commercialization of 5G, various service models using advanced technologies such as autonomous vehicles, traffic information sharing systems using IoT, and AI-based mobility services are also appearing, and the growth of smart transportation is accelerating. Therefore, research was conducted to defend against hacking based on vulnerabilities of smart cars based on artificial intelligence blockchain.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.7
• /
• pp.143-148
• /
• 2020

Recently, web services have been expanded to various areas with the evolution of cloud environment. Whenever a user accesses a web service, the user's log information is stored in the web server. This log information is used as data to analyze the user's web service tendencies and is also used as important data to track the user's system access when a security problem in the system occurs. Currently, most web servers manage user log information in a centralized manner. When user log information is managed in a centralized manner, it is simple in the side of operation, but has a disadvantage of being very vulnerable to external malicious attacks. In the case of centralized management, user log information stored in the web server can be arbitrarily manipulated by external attacks, and in severe cases, the manipulated information can be leaked. In this case, it not only decreases the trust of the web service, but also makes it difficult to trace the source and cause of the attack on the web server. In order to solve these problems, this paper proposes a new method of managing user log information in a cloud environment by applying blockchain technology as an alternative to the existing centralized log management method. The proposed method can manage log information safely from external attacks because user log information is distributed and stored in blockchain on a private network with cloud environment.

• Journal of Korea Society of Industrial Information Systems
• /
• v.27 no.4
• /
• pp.127-136
• /
• 2022

As technological development continues, platforms with more diverse structures are emerging. Existing research predicts that a new structure based on technology and innovation will affect the two-sided market. This study evaluated the decentralized identifier (DID) platform, a new platform based on blockchain technology, of the importance of this platform from the perspective of the two-sided market. Using the Analytic Network Process, IT, platform, and blockchain experts conducted a dual comparison survey. Data with a consistency ratio value of 0.1 or less were selected and analyzed for 12 data. The research results showed the importance of service quality, policy support, openness, and uncertainty. This study is expected to be used to support the development of strategic decision-making for blockchain and DID platform-based business companies.