• Journal of Information Processing Systems
• /
• v.10 no.1
• /
• pp.132-144
• /
• 2014

Information always comes with security and risk problems. There is the saying that, "The tall tree catches much wind," and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has already been submitted. This paper analyzes the causal risk factors in cloud environments through critical success factors, from a business perspective. We then integrated these critical success factors into a business model for information security by mapping out 10 principles related to cloud risks. Thus, we were able to figure out which aspects should be given more consideration in the actual transactions of cloud services, and were able to make a business-level and general-risk control model for cloud computing.

• Journal of KIISE
• /
• v.45 no.1
• /
• pp.76-85
• /
• 2018

Governments and public agencies try to use the cloud to carry out their work and provide public services. However, a public cloud is vulnerable to security side because it has a structure to support services using public networks (i.e, the internet). Thus, this paper finds the general security vulnerabilities of a network and compares and analyzes the characteristics of transport protocols (UDP, TCP, SCTP, and MPTCP) on the basis of their security vulnerabilities. This paper uses a reliability and security factor for the comparative analysis, evaluates the security exposure, and chooses a suitable protocol considering the security of the transport protocols in the cloud circumstance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• International Journal of Computer Science & Network Security
• /
• v.21 no.2
• /
• pp.1-8
• /
• 2021

Cloud computing has proven its efficiency, especially after the increasing number of cloud services offered by a wide range of cloud providers, from different domains. Despite, these cloud services are mostly heterogeneous. Consequently, and due to the rising interest of cloud consumers to adhere to a multi-cloud environment instead of being locked-in to one cloud provider, the need for semantically interconnecting different cloud services from different cloud providers is a crucial and important task to ensure. In addition, considerable research efforts proposed interoperability solutions leading to different representation models of cloud services. In this work, we present our solution to overcome this limitation, precisely in the IAAS service model. This solution is a framework permitting the semantic interoperability of different IAAS resources in a multi-cloud environment, in order to assist cloud consumers to retrieve the cloud resource that meets specific requirements.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.31-36
• /
• 2011

Cloud computing is a system which efficiently utilizes resources. In this paper, we propose 2-factor authentication system combing PKI, ID_PW and location information. The proposed method improve the security of hybrid cloud systems and manage resources more safely.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.317-322
• /
• 2013

Mobile cloud environment is recently becoming popular due to Internet access through various environments. Driven by computer performance improvement and service development, the demand for mobile cloud is increasing and accordingly the damage is on the rise. Therefore, it needs to conduct a study on problems of security necessary in large database that occurs in mobile cloud services. Although various security solutions limiting database access, security strategies about new user environments should be analyzed. This study analyzes weakness of safe data access through database management in mobile cloud environment and examines security requirements for safe data management. In addition, this study looks into threatening factors of security in cloud services and then draws security requirements about safer access control. A study on system application and evaluation of security requirements about access control is required.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.599-612
• /
• 2019

Cloud networks are used to provide various services. As services are increasingly deployed using cloud networks, there are a number of resources in the cloud that leverage a variety of environments and protocols. However, there is a security intrusion on these resources, and research on cloud network vulnerability detection is required as threats to cloud resources emerge. In this paper, we propose a vulnerability detection scheme using STRIDE and HARM for vulnerability detection of resources utilizing various environments and protocols, and present cloud network vulnerability detection scheme through vulnerability detection scenario composition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.83-102
• /
• 2024

Recently, as the use of the cloud increases year by year and remote work within the enterprise has become one of the new types of work, the security of the cloud-based remote work environment has become important. The introduction of zero trust is required due to the limitations of the existing perimeter security model that assumes that everything in the internal network is safe. Accordingly, NIST and DoD published standards related to zero trust architecture, but the security requirements of that standard describe only logical architecture at the abstract level. Therefore, this paper intends to present more detailed security requirements compared to NIST and DoD standards by performing threat modeling for OpenStack clouds. After that, this research team performed a security analysis of commercial cloud services to verify the requirements. As a result of the security analysis, we identified security requirements that each cloud service was not satisfied with. We proposed potential threats and countermeasures for cloud services with zero trust, which aims to help build a secure zero trust-based remote working environment.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.8 no.6
• /
• pp.303-309
• /
• 2013

Cloud storage services are used for efficient sharing or synchronizing of user's data across multiple mobile devices. Although cloud storages provide flexibility and scalability in storing data, security issues should be handled. Currently, typical cloud storage services offer data encryption for security purpose but we think such method is not secure enough because managing encryption keys by software and identifying users by simple ID and password are main defectives of current cloud storage services. We propose a secure data access method to cloud storage in mobile environment. Our framework supports hardware-based key management, attestation on the client software integrity, and secure key sharing across the multiple devices. We implemented our prototype using ARM TrustZone and TPM Emulator which is running on secure world of the TrustZone environment.

• Journal of Korea Multimedia Society
• /
• v.18 no.8
• /
• pp.915-924
• /
• 2015

With growing popularity of cloud computing services, users can more easily manage massive amount of data by outsourcing them to the cloud, or more efficiently analyse large amount of data by leveraging IT infrastructure provided by the cloud. This, however, brings the security concerns of sensitive data. To provide data security, it is essential to encrypt sensitive data before uploading it to cloud computing services. Although data encryption helps provide data security, it negatively affects the performance of massive data analytics because it forbids the use of index and mathematical operation on encrypted data. Thus, in this paper, we propose a novel algorithm which enables to efficiently process a large amount of encrypted data. In particular, we propose a novel top-k processing algorithm on the massive amount of encrypted data in the cloud computing environments, and verify the performance of the proposed approach with real data experiments.