• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권11호
• /
• pp.5404-5424
• /
• 2018

This work is mainly focused on two major topics in cloud platforms by using OpenStack as a case study: management and provisioning of resources to meet the requirements of a service demanded by remote end-user and relocation of virtual machines (VMs) requests to offload the encumbered compute nodes. The general framework architecture contains two subsystems: 1) An orchestrator that allows to systematize provisioning and resource management in OpenStack, and 2) A resource utilization based subsystem for vibrant VM relocation in OpenStack. The suggested orchestrator provisions and manages resources by: 1) manipulating application program interfaces (APIs) delivered by the cloud supplier in order to allocate/control/manage storage and compute resources; 2) interrelating with software-defined networking (SDN) controller to acquire the details of the accessible resources, and training the variations/rules to manage the network based on the requirements of cloud service. For resource provisioning, an algorithm is suggested, which provisions resources on the basis of unused resources in a pool of VMs. A sub-system is suggested for VM relocation in a cloud computing platform. The framework decides the proposed overload recognition, VM allocation algorithms for VM relocation in clouds and VM selection.

• Journal of Information Processing Systems
• /
• 제14권4호
• /
• pp.989-1009
• /
• 2018

Rapid advances in science and technology with exponential development of smart mobile devices, workstations, supercomputers, smart gadgets and network servers has been witnessed over the past few years. The sudden increase in the Internet population and manifold growth in internet speeds has occasioned the generation of an enormous amount of data, now termed 'big data'. Given this scenario, storage of data on local servers or a personal computer is an issue, which can be resolved by utilizing cloud computing. At present, there are several cloud computing service providers available to resolve the big data issues. This paper establishes a framework that builds Hadoop clusters on the new single-board computer (SBC) Mobile Raspberry Pi. Moreover, these clusters offer facilities for storage as well as computing. Besides the fact that the regular data centers require large amounts of energy for operation, they also need cooling equipment and occupy prime real estate. However, this energy consumption scenario and the physical space constraints can be solved by employing a Mobile Raspberry Pi with Hadoop clusters that provides a cost-effective, low-power, high-speed solution along with micro-data center support for big data. Hadoop provides the required modules for the distributed processing of big data by deploying map-reduce programming approaches. In this work, the performance of SBC clusters and a single computer were compared. It can be observed from the experimental data that the SBC clusters exemplify superior performance to a single computer, by around 20%. Furthermore, the cluster processing speed for large volumes of data can be enhanced by escalating the number of SBC nodes. Data storage is accomplished by using a Hadoop Distributed File System (HDFS), which offers more flexibility and greater scalability than a single computer system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• 한국기록관리학회지
• /
• 제19권3호
• /
• pp.271-292
• /
• 2019

최근 중앙행정기관은 업무관리시스템을 클라우드 기반의 온나라2.0으로 변경하였다. 국가기록원은 클라우드 업무관리시스템의 기록을 이관받아 관리할 수 있도록 클라우드 기반의 기록관리시스템을 개발하여 보급하고 있다. 클라우드 컴퓨팅의 이점을 극대화하여 기록관리가 보다 효과적 효율적으로 이루어지도록 재설계할 수 있는 기회이다. 전자기록 관리의 프로세스와 방법이 종이기록 관리방식을 단순히 전자화하는 것에서 탈피하여 디지털 기술에 따른 변환(Transformation)의 수준으로 나아갈 수 있는 기회이기도 하다. 첫째, 이관의 방식을 변환해 볼 수 있다. 업무관리시스템과 기록관리 시스템이 클라우드 저장소를 공유하게 되면 처리과에서 기록관으로 기록물 이관 시 콘텐츠 파일들을 물리적으로 이동시키지 않고 메타데이터만 복사하는 방식으로 이관할 수 있어 비용이 줄고 무결성 훼손 위험이 줄어들 수 있다. 둘째, 기록물의 저장공간 할당에 대한 전략을 구상해 볼 수 있다. 클라우드 저장소를 업무관리시스템과 기록관리시스템이 공유하는 것을 전제로 한다면 콘텐츠 파일들을 저장할 때 기록의 보존기간에 따라 저장하는 위치를 구분함으로써 이점을 얻을 수 있다. 셋째, 기록의 생산시스템, 기록관리시스템, 정보공개시스템 등 콘텐츠에 접근하는 시스템들이 클라우드 저장소를 공유하게 되면 콘텐츠의 중복을 최소화하는 방향으로 설계를 전환할 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권4호
• /
• pp.998-1019
• /
• 2024

Mobile cloud computing is a very attractive service paradigm that outsources users' data computing and storage from mobile devices to cloud data centers. To protect data privacy, users often encrypt their data to ensure data sharing securely before data outsourcing. However, the bilinear and power operations involved in the encryption and decryption computation make it impossible for mobile devices with weak computational power and network transmission capability to correctly obtain decryption results. To this end, this paper proposes an outsourcing decryption algorithm of verifiable transformed ciphertext. First, the algorithm uses the key blinding technique to divide the user's private key into two parts, i.e., the authorization key and the decryption secret key. Then, the cloud data center performs the outsourcing decryption operation of the encrypted data to achieve partial decryption of the encrypted data after obtaining the authorization key and the user's outsourced decryption request. The verifiable random function is used to prevent the semi-trusted cloud data center from not performing the outsourcing decryption operation as required so that the verifiability of the outsourcing decryption is satisfied. Finally, the algorithm uses the authorization period to control the final decryption of the authorized user. Theoretical and experimental analyses show that the proposed algorithm reduces the computational overhead of ciphertext decryption while ensuring the verifiability of outsourcing decryption.

• Journal of Information Processing Systems
• /
• 제10권1호
• /
• pp.103-118
• /
• 2014

Over the last couple of years, traditional VANET (Vehicular Ad Hoc NETwork) evolved into VANET-based clouds. From the VANET standpoint, applications became richer by virtue of the boom in automotive telematics and infotainment technologies. Nevertheless, the research community and industries are concerned about the under-utilization of rich computation, communication, and storage resources in middle and high-end vehicles. This phenomenon became the driving force for the birth of VANET-based clouds. In this paper, we envision a novel application layer of VANET-based clouds based on the cooperation of the moving cars on the road, called CaaS (Cooperation as a Service). CaaS is divided into TIaaS (Traffic Information as a Service), WaaS (Warning as a Service), and IfaaS (Infotainment as a Service). Note, however, that this work focuses only on TIaaS and WaaS. TIaaS provides vehicular nodes, more precisely subscribers, with the fine-grained traffic information constructed by CDM (Cloud Decision Module) as a result of the cooperation of the vehicles on the roads in the form of mobility vectors. On the other hand, WaaS provides subscribers with potential warning messages in case of hazard situations on the road. Communication between the cloud infrastructure and the vehicles is done through GTs (Gateway Terminals), whereas GTs are physically realized through RSUs (Road-Side Units) and vehicles with 4G Internet access. These GTs forward the coarse-grained cooperation from vehicles to cloud and fine-grained traffic information and warnings from cloud to vehicles (subscribers) in a secure, privacy-aware fashion. In our proposed scheme, privacy is conditionally preserved wherein the location and the identity of the cooperators are preserved by leveraging the modified location-based encryption and, in case of any dispute, the node is subject to revocation. To the best of our knowledge, our proposed scheme is the first effort to offshore the extended traffic view construction function and warning messages dissemination function to the cloud.

• 정보과학회 논문지
• /
• 제43권4호
• /
• pp.497-508
• /
• 2016

클라우드 스토리지를 이용하면 사용자는 시간과 장소의 제약 없이 데이터를 원격으로 위탁 및 공유할 수 있게 된다. 그러나 기존에 클라우드에 존재하는 보안상 위협과 사용자가 물리적으로 본인의 데이터를 소유하고 있지 않는다는 사실로 인해, 클라우드 스토리지 서버에 저장된 사용자 데이터에 대한 무결성 검증이 필수적으로 요구되고 있다. 최근 몇 년간 클라우드 스토리지 환경에서 공공 무결성 검증 기법을 제안하는 많은 연구들이 제안되어 왔다. 그러나 현재까지 제안된 대부분의 클라우드 공공 무결성 검증 기법의 경우 검증 단계에서 과도한 연산량이 발생하거나 안전성을 보장받지 못했다. 본 논문에서는 J. Zhang등이 제안한 자체 인증 기반 무결성 검증 기법이 두 가지 공격에 취약함을 보인 후, 이 두 가지 공격에 안전하면서도 동일한 연산 효율성을 보장하는 새로운 자체인증 기반 클라우드 무결성 검증 기법을 제안한다. 뿐만 아니라, 제안하는 기법이 세 가지 안전성 모델에서 안전함을 증명한다.

• 한국정보전자통신기술학회논문지
• /
• 제8권6호
• /
• pp.491-496
• /
• 2015

클라우드 컴퓨팅은 서버의 추가 구축에 대한 비용절감, 데이터 스토리지 확대에 대한 비용 절감, 컴퓨터 자원에 대한 공유, 새로운 기술의 적용에 대한 편의성 등의 장점을 가지고 있다. 그러나 서비스 모델의 다양성으로 인하여 새로운 보안의 우려사항이 높아지고 있어, 이용자가 서비스를 이용 시 안전한 사용자 인증방법이 요구되고 있다. 이에 본 논문에서는 클라우드 보안 영역 접근시 향상된 에이다부스트 알고리즘을 활용한다. 에이다부스트는 20도 이상 기울어진 얼굴을 인식 못 한다는 단점에도 불구하고, 속도와 신뢰성이 높다는 장점 때문에 많이 사용되고 있다. 제안된 방법을 이용하면, 실험결과에서 보듯 20도 이상 기울어진 얼굴도 인식함을 확인하였다. 연구용으로 이용할 수 있는 FEI Face Database를 이용하여 알고리즘 수행 결과 98%의 성공률을 얻었다. 실패한 2%는 안경을 쓴 사진이나 다른 객체로 인하여 인식이 제대로 안된 경우이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권6호
• /
• pp.2851-2873
• /
• 2016

Cloud storage as a service provides high scalability and availability as per need of user, without large investment on infrastructure. However, data security risks, such as confidentiality, privacy, and integrity of the outsourced data are associated with the cloud-computing model. Over the year's techniques such as, remote data checking (RDC), data integrity protection (DIP), provable data possession (PDP), proof of storage (POS), and proof of retrievability (POR) have been devised to frequently and securely check the integrity of outsourced data. In this paper, we improve the efficiency of PDP scheme, in terms of computation, storage, and communication cost for large data archives. By utilizing the capabilities of JAR and ZIP technology, the cost of searching the metadata in proof generation process is reduced from O(n) to O(1). Moreover, due to direct access to metadata, disk I/O cost is reduced and resulting in 50 to 60 time faster proof generation for large datasets. Furthermore, our proposed scheme achieved 50% reduction in storage size of data and respective metadata that result in providing storage and communication efficiency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1892-1903
• /
• 2016

Mobile social network is becoming more and more popular with respect to the development and popularity of mobile devices and interpersonal sociality. As the amount of social data increases in a great deal and cloud computing techniques become developed, the architecture of mobile social network is evolved into cloud-based that mobile clients send data to the cloud and make data accessible from clients. The data in the cloud should be stored in a secure fashion to protect user privacy and restrict data sharing defined by users. Ciphertext-policy attribute-based encryption (CP-ABE) is currently considered to be a promising security solution for cloud-based mobile social network to encrypt the sensitive data. However, its ciphertext size and decryption time grow linearly with the attribute numbers in the access structure. In order to reduce the computing overhead held by the mobile devices, in this paper we propose a new Outsourcing decryption and Match-then-decrypt CP-ABE algorithm (OM-CP-ABE) which firstly outsources the computation-intensive bilinear pairing operations to a proxy, and secondly performs the decryption test on the attributes set matching access policy in ciphertexts. The experimental performance assessments show the security strength and efficiency of the proposed solution in terms of computation, communication, and storage. Also, our construction is proven to be replayable choosen-ciphertext attacks (RCCA) secure based on the decisional bilinear Diffie-Hellman (DBDH) assumption in the standard model.