• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.645-654
• /
• 2012

The South Korean Defense Ministry is planning and pushing forward to conduct a cloud computing pilot project in 2012. Taking into consideration the high-level security necessary in the military as well as wartime duties, if not designed properly, this project may anticipate severe damage to national security and interest. In particular, despite the fact that vulnerability due to inter-Korean confrontation and regular security-related incidents have been triggered, unconditionally conducting a cloud computing pilot project without reviewing not only violates security regulations but also causes various security-related side effects in and outside South Korea. Therefore, this thesis found conditions for conduct of this project by suggesting duties that can apply cloud computing as well as security technology, administration, post-accident matters and conditions for legally solving cloud computing in the military.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.27-32
• /
• 2019

Along with the growth of u-Healthcare, we propose a security enhancement based on network separation for CloudHIS with for handling healthcare information to cope with cyber attack. To protect against all security threats and to establish clear data security policies, we apply desktop computing servers to cloud computing services for CloudHIS. Use two PCs with a hypervisor architecture to apply physical network isolation and select the network using KVM switched controller. The other is a logical network separation using one PC with two OSs, but the network is divided through virtualization. Physical network separation is the physical connection of a PC to each network to block the access path from both the Internet and the business network. The proposed system is an independent desktop used to access an intranet or the Internet through server virtualization technology on a user's physical desktop computer. We can implement an adaptive solution to prevent hacking by configuring the CloudHIS, a cloud system that handles medical hospital information, through network separation for handling security enhancement.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.1
• /
• pp.406-434
• /
• 2019

In general, an information security approach estimates the risk, where the risk is to occur due to an unusual event, and the associated consequences for cloud organization. Information Security and Risk Management (ISRA) practices vary among cloud organizations and disciplines. There are several approaches to compare existing risk management methods for cloud organizations but their scope is limited considering stereo type criteria, rather than developing an agent based task that considers all aspects of the associated risk. It is the lack of considering all existing renowned risk management frameworks, their proper comparison, and agent techniques that motivates this research. This paper proposes Agent Based Information Security Framework for Hybrid Cloud Computing as an all-inclusive method including cloud related methods to review and compare existing different renowned methods for cloud computing risk issues and by adding new tasks from surveyed methods. The concepts of software agent and intelligent agent have been introduced that fetch/collect accurate information used in framework and to develop a decision system that facilitates the organization to take decision against threat agent on the basis of information provided by the security agents. The scope of this research primarily considers risk assessment methods that focus on assets, potential threats, vulnerabilities and their associated measures to calculate consequences. After in-depth comparison of renowned ISRA methods with ABISF, we have found that ISO/IEC 27005:2011 is the most appropriate approach among existing ISRA methods. The proposed framework was implemented using fuzzy inference system based upon fuzzy set theory, and MATLAB(R) fuzzy logic rules were used to test the framework. The fuzzy results confirm that proposed framework could be used for information security in cloud computing environment.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.89-95
• /
• 2023

Cloud computing today provides huge computational resources, storage capacity, and many kinds of data services. Data sharing in the cloud is the practice of exchanging files between various users via cloud technology. The main difficulty with file sharing in the public cloud is maintaining privacy and integrity through data encryption. To address this issue, this paper proposes an Enhanced RSA encryption schema (ERSA) for data sharing in the public cloud that protects privacy and strengthens data integrity. The data owners store their files in the cloud after encrypting the data using the ERSA which combines the RSA algorithm, XOR operation, and SHA-512. This approach can preserve the confidentiality and integrity of a file in any cloud system while data owners are authorized with their unique identities for data access. Furthermore, analysis and experimental results are presented to verify the efficiency and security of the proposed schema.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.548-556
• /
• 2015

When the variety of personal health services are provided in the ICBM(IoT, Cloud, Bigdata, and Mobile) environment, the security requirements of personal health service(PHS) including privacy issues is proposed in this paper. Because it is expected that the services related to personal health are provided in the cloud environment, the security requirements of a cloud environment is firstly investigated and then security threats including direct and indirect threats in a cloud environment are analyzed in terms of the security of PHS. In addition, the security requirements of PHS is developed based on the security requirements of electronic medical record(EMR) for medical service in this paper, then the validity of the proposed security requirements is shown by the relation between security requirements of cloud environment and PHS to indicate that a security requriement is supported by several security requirements of PHS.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.1
• /
• pp.243-250
• /
• 2019

In this paper, we develop a Secure File Management Security(: SFMS) based on media in a cloud environment to encrypt and decrypt cloud data on a computer using a Bluetooth - based cryptographic module. The Bluetooth cipher module makes it easy to browse files stored in the cloud, but it is never possible to browse without a module. It is a solution that fundamentally blocks the problems such as hacking and leakage of personal data that have recently become an issue.

• Knowledge Management Research
• /
• v.18 no.4
• /
• pp.237-260
• /
• 2017

Recently, with the proliferation of smart phones and mobile devices and the increase in the speed of mobile Internet, IT services are increasingly used in smart phones and mobile devices in a different way from the past. That is, a cloud service that downloads and uses data stored in the server in real time is expanding, and as a result, the security due to the continuous Internet connection of the user becomes a problem. In this study, we analyzed the relationship between factors affecting the continuous use of personal cloud service by using technology acceptance model. In addition to the technology acceptance model, confidentiality, privacy, accessibility, innovation, and self-efficacy were extracted from the existing research with emphasis on the characteristics of the cloud service and security factors. Moreover, the difference of intention to use among genders was verified through structural equation modeling with survey data from 262 personal cloud service users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.743-763
• /
• 2018

It has been 10 years since the concept of cloud system has emerged. Despite the fact that the cost-effectiveness and security of cloud systems has been proven, financial companies are reluctant to adopt cloud systems. Financial institutions are reluctant to adopt the cloud system because of the strong regulation of financial authorities in relation to the leakage of customer information However, more important reason why financial institutions hesitate to introduce cloud systems is the lack of direction and standards for the introduction of cloud systems by financial institutions. This study examines the legal and institutional constraints on the introduction of cloud systems in financial institutions and suggests decision models for determining whether cloud systems can be applied and how cloud systems are configured when financial institutions construct IT systems. We hope that this research will be helpful for establishing direction of cloud system introduction of many financial institutions.

• The Journal of the Convergence on Culture Technology
• /
• v.3 no.4
• /
• pp.199-205
• /
• 2017

As cloud computing can utilize the proper allocation of system resources, it can be expected to have great benefits in terms of maintaining availability and reducing costs when a cloud is applied to a financial company's computer system. Although some provisions of the Financial Supervisory Regulation were revised in October 2016, this is limited to non-critical information processing systems, limits are remain whitch the application of cloud computing to the whole computer system of financial companies including electronic financial systems. In this paper, cloud security requirements are studied for the application of financial company's computational infrastructure system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.736-739
• /
• 2012

Cloud Computing is attracting attention are activated and rapidly spread to companies and public institutions, etc. have been introduced are getting. Spotlighted these effects due to the utilization and integration of information system using cloud computing technology resources, and the resulting data security issue has been. In this paper, the side lights on due to the introduction of a cloud computing system, the resources of information systems, data security, and knowledge to provide the foundation for cloud computing infrastructure.