• International Journal of Computer Science & Network Security
• /
• 제24권7호
• /
• pp.123-127
• /
• 2024

Cloud computing services has gained increasing popularity in recent years for supporting various on demand and scalable services for IT consumers where there is a need of less investment towards infrastructure. While storage architecture of cloud enjoys a more robust and fault-tolerant cloud computing network, such architecture also poses a number of security challenges especially when applied in applications related to social networks, Financial transactions, etc. First, as data are stored and maintained by individual virtual machines so Cloud resources are prone to hijacked. Such attacks allow attackers to create, modify and delete machine images, and change administrative passwords and settings successfully. hence, it is significantly harder to ensure data security. Second, Due to dynamic and shared nature of the Cloud, data may be compromised in many ways. Last but not least, Service hijacking may lead to redirect client to an illegitimate website. User accounts and service instances could in turn make a new base for attackers. To address the above challenges, we propose in this paper a distributed data access control scheme that is able to fulfil fine-grained access control over cloud data and is resilient against strong attacks such as compromise and user colluding. The proposed framework exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for cloud computing with respect to security requirements

• 정보보호학회논문지
• /
• 제22권1호
• /
• pp.141-153
• /
• 2012

클라우드 컴퓨팅 서비스의 표준화 작업을 위해 클라우드 컴퓨팅 서비스에 대한 유즈 케이스와 요구사항 연구가 이루어지고 있지만 클라우드 컴퓨팅 환경의 운영 방법에 대한 연구 자체는 미비하다. 본 논문은 IaaS 클라우드 컴퓨팅 환경의 운영 방법을 기존의 통합보안관리시스템과 연계하여 제안한다. CloudStack 2.2.4 테스트베드를 활용하여 IaaS 클라우드 컴퓨팅 환경을 구축한 SWU-IaaS 클라우드 구조를 먼저 제안한다. 이러한 SWU-IaaS 클라우드 운영을 통해 IaaS 클라우드의 계층적인 구조와 구성요소들에 대한 속성 및 기능을 도출한다. 아울러 IaaS 클라우드 서비스를 정상(normal)적인 상태와 비정상(abnormal)적인 상태로 구분하여 각각의 시나리오를 제시한 후 통합보안 관리시스템으로부터 전달되는 보안 이벤트에 대하여 IaaS 클라우드 서비스의 운영 시나리오를 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권7호
• /
• pp.2719-2735
• /
• 2015

In the cloud environment, users pay more attentions to their data security since all of them are stored in the cloud server. Researchers have proposed many mutual authentication schemes for the access control of the cloud server by using the smart card to protect the sensitive data. However, few of them can resist from the smart card lost problem and provide both of the forward security and the backward security. In this paper, we propose a novel authentication scheme for cloud computing which can address these problems and also provide the anonymity for the user. The trick we use is using the password, the smart card and the public key technique to protect the processes of the user's authentication and key exchange. Under the Elliptic Curve Diffie-Hellman (ECDH) assumption, it is provably secure in the random oracle model. Compared with the existing smart card based authentication schemes in the cloud computing, the proposed scheme can provide better security degree.

• Journal of information and communication convergence engineering
• /
• 제11권1호
• /
• pp.17-23
• /
• 2013

Cloud computing is a currently developing revolution in information technology that is disturbing the way that individuals and corporate entities operate while enabling new distributed services that have not existed before. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. Security is often said to be a major concern of users considering migration to cloud computing. This article examines some of these security concerns and surveys recent research efforts in cryptography to provide new technical mechanisms suitable for the new scenarios of cloud computing. We consider techniques such as homomorphic encryption, searchable encryption, proofs of storage, and proofs of location. These techniques allow cloud computing users to benefit from cloud server processing capabilities while keeping their data encrypted; and to check independently the integrity and location of their data. Overall we are interested in how users may be able to maintain and verify their own security without having to rely on the trust of the cloud provider.

• 정보처리학회지
• /
• 제17권2호
• /
• pp.18-29
• /
• 2010

In this paper, we surveyed SSO based security management including the knowledge domain of the area of cloud and its relevant components. Cloud computing refers to the delivery of software and other technology services over the Internet by a service provider. SSO refers to the ability to log on to a single security system once, rather than logging on separately to multiple security systems. Existing SSO solutions in cloud computing environment suggest several methods. SSO-based security Issues illustrate these key items in cloud computing environment such as risks and security vulnerabilities of SSO. SSO supports for multiple and different domains in cloud computing environment.

• 정보보호학회논문지
• /
• 제23권2호
• /
• pp.251-265
• /
• 2013

IT자원을 공유하여 서비스 형태로 제공하는 클라우드 컴퓨팅은 정보보호 이슈가 해결되지 않으면 활성화될 수 없다. 기업은 클라우드 컴퓨팅 서비스를 도입하여 정보통신 자원의 효율성을 극대화하고자 한다. 하지만 미국, 일본 등에 비해 국내에서 클라우드 컴퓨팅 서비스가 아직 활성화되지 못한 가장 큰 이유는 정보보호에 대한 신뢰가 부족하기 때문이다. 본 논문은 국내 외 클라우드 인증제도 및 가이드라인과 정보보호 관리체계 통제 항목을 비교 분석하여 한국형 클라우드를 위한 핵심 평가 기준 및 기존 정보보호 관리체계 통제 항목과의 중복성을 제거한 추가적인 평가 기준을 제안한다. 정보보호 관리체계 인증을 받은 클라우드 서비스 제공자는 추가 평가 기준만으로 중복되고 불필요한 인증 평가 작업을 최소화할 수 있다.

• 정보보호학회논문지
• /
• 제24권2호
• /
• pp.411-429
• /
• 2014

클라우드 컴퓨팅이 활성화됨에 따라 다양한 클라우드 서비스가 대중적으로 보급되고, 그에 따른 클라우드 컴퓨팅 관련 제품들을 IT시장에서 쉽게 접할 수 있게 되었다. 일반적으로 IT제품군에 대해서 보안성 평가를 수행하고, 그 결과 값을 통해 소비자에게 객관적인 지침으로 활용될 수 있는 국제 표준인 공통평가기준에서는 보안 제품군에 대한 보안목 표명세서인 보호프로파일을 제공하고 있다. 하지만 현재 일반적인 IT제품군에 대한 보호프로파일은 존재하지만 클라우드 관련 제품군에 대해서는 보호프로파일이 존재하지 않아 보안성 평가를 위한 표준화된 방법이 없는 실정이다. 따라서 본 논문에서는 클라우드 데이터 관리 시스템 보호프로파일을 제안하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제23권10호
• /
• pp.107-114
• /
• 2023

The study provides the identification of vulnerabilities in the security issues by Wireless Network. To achieve it the research focus on packet flow analysis, end to end data communication, and the security challenges (Cybercrime, insider threat, attackers, hactivist, malware and Ransomware). To solve this I have used the systematic literature review mechanisms and demonstrative tool namely Wireshark network analyzer. The practical demonstration identifies the packet flow, packet length time, data flow statistics, end- to- end packet flow, reached and lost packets in the network and input/output packet statics graphs. Then, I have developed the proposed model that used to secure the Wireless network solution and prevention vulnerabilities of the network security challenges. And applying the model that used to investigate the security challenges and vulnerabilities of cloud computing services is used to fulfill the network security goals in Wireless network. Finally the research provides the model that investigate the security challenges and vulnerabilities of cloud computing services in wireless networks

• International Journal of Computer Science & Network Security
• /
• 제23권8호
• /
• pp.63-76
• /
• 2023

Identity and access management in cloud computing is one of the leading significant issues that require various security countermeasures to preserve user privacy. An authentication mechanism is a leading solution to authenticate and verify the identities of cloud users while accessing cloud applications. Building a secured and flexible authentication mechanism in a cloud computing platform is challenging. Authentication techniques can be combined with other security techniques such as intrusion detection systems to maintain a verifiable layer of security. In this paper, we provide an interactive, flexible, and reliable multi-factor authentication mechanisms that are primarily based on a proposed Authentication Method Selector (AMS) technique. The basic idea of AMS is to rely on the user's previous authentication information and user behavior which can be embedded with additional authentication methods according to the organization's requirements. In AMS, the administrator has the ability to add the appropriate authentication method based on the requirements of the organization. Based on these requirements, the administrator will activate and initialize the authentication method that has been added to the authentication pool. An intrusion detection component has been added to apply the users' location and users' default web browser feature. The AMS and intrusion detection components provide a security enhancement to increase the accuracy and efficiency of cloud user identity verification.

• 한국멀티미디어학회논문지
• /
• 제20권12호
• /
• pp.1928-1939
• /
• 2017

Fog computing is another paradigm of the cloud computing, which extends the ubiquitous services to applications on many connected devices in the IoT (Internet of Things). In general, if we access a lot of IoT devices with existing cloud, we waste a huge amount of bandwidth and work efficiency becomes low. So we apply the paradigm called fog between IoT devices and cloud. The network architecture based on cloud and fog computing discloses the security and privacy issues according to mixed paradigm. There are so many security issues in many aspects. Moreover many IoT devices are connected at fog and they generate much data, therefore light and efficient security mechanism is needed. For example, with inappropriate encryption or authentication algorithm, it causes a huge bandwidth loss. In this paper, we consider issues related with data encryption and authentication mechanism in the network architecture for cloud and fog-based M2M (Machine to Machine) IoT services. This includes trusted encryption and authentication algorithm, and key generation method. The contribution of this paper is to provide efficient security mechanisms for the proposed service architecture. We implemented the envisaged conceptual security check mechanisms and verified their performance.