• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권7호
• /
• pp.3375-3400
• /
• 2018

With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

• Journal of Information Processing Systems
• /
• 제14권5호
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• 정보기술응용연구
• /
• 제1권3_4호
• /
• pp.113-132
• /
• 1999

실증적인 연구들에 의하면 고객회사(client firms)와 서비스 제공업자(vendor) 간의 파트너십의 질과 범위가 정보시스템 아웃소싱의 성공적인 구현에 결정적인 역할을 하는 것으로 알려졌다. 본 연구는 이러한 정보시스템 아웃소싱 구현에 있어서 파트너십의 역할을 좀 더 심층적으로 분석하려는 노력의 일환이다. 본 연구에서의 기본 명제는 파트너십 특성들의 아웃소싱 구현에의 효과는 아웃소싱 업무의 특성(task characteristics)과 같은 상황적 요인에 의해 영향을 받을 수 있다는 것이다. 구체적으로 본 연구에서는 자산특이성(asset specificity)과 파트너십 특성간의 상호효과(interaction effect)에 중점을 두고 조사를 하게되는데, 파트너십은 관계적거래 특성(relational exchange characteristics)에 의해 구체화되었다. 207개의 미국 회사의 아웃소싱 관계를 대상으로 한 설문조사를 기반으로 한 결과에 의하면, 전반적으로 비관계적거래(discrete exchange)보다 관계적거래에 기반을 두고 아웃소싱 관계를 운영하는 것이 아웃소싱의 성공적 구현을 위하여 필수적인 것으로 보인다. 한편 상호효과를 조사하기 위해서는 MRA와 하위그룹분석(subgroup analysis)을 시행하였는데, 자산특이성과 일부 관계적거래 특성들간에 상호효과가 유의성이 있음을 발견하였다. 발견된 상호효과를 근거로 상황 변수를 고려하지 않은 연구 결과 중 확실하지 않은 결과(inconclusive results)에 대한 해석을 시도하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권12호
• /
• pp.4042-4061
• /
• 2022

Recently, various security threats such as data leakage and data forgery have been possible in the communication and storage of data shared in the cloud environment. This paper conducted a study on the CP-ABSC scheme to solve these security threats. In the existing CP-ABSC scheme, if the data is obtained by the unsigncryption of the data user incorrectly, the identity of the data owner who uploaded the ciphertext cannot be known. Also, when verifying the leaked secret key, the identity information of the data user who leaked the secret key cannot be known. In terms of efficiency, the number of attributes can affect the ciphertext. In addition, a large amount of computation is required for the user to unsigncrypt the ciphertext. In this paper, we propose ECP-ABSC that provides data user traceability, and use it in a cloud environment to provide an efficient and secure data sharing scheme. The proposed ECP-ABSC scheme can trace and verify the identity of the data owner who uploaded the ciphertext incorrectly and the data user who leaked the secret key for the first time. In addition, the ciphertext of a constant size is output and the efficiency of the user's unsigncryption computation were improved.

• 한국IT서비스학회지
• /
• 제9권4호
• /
• pp.95-108
• /
• 2010

In this paper. the research issues and trends are analysed by reviewing the journal of the Korea Society of IT Services which published from Dec. 2002 to Jun. 2010. The 306 papers which published were included in this project. The quantitative analyses were implemented about the volume of papers and researchers. The papers are categorized as project management. service science, service computing and IT technology, software engineering, solution, outsourcing management. element technology and methodology, strategy and management. policy, laws, and systems related IT services. Specially the qualitative analyses were implemented about research issues and trends through the content analysis about the paper details, abstract and key words described. We can find the more case of the theoretical study on the areas of the strategy and management, policy, laws, and systems, also the practical study on the service computing and IT technology, and solution area than the other areas. In this research, finally, the author can suggest that the integrated control be required to editing board for the effective classification of subjected paper candidate. Also the evaluation methodology such us experiment, performance comparative, should be adopted for the theoretical or practical study because the academic research requires the more scientific research methodology.

• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제4권12호
• /
• pp.543-548
• /
• 2015

최근 다양한 분야에서 생산되는 데이터의 양이 폭발적으로 증가함에 따라 사용자가 가장 관심 있어 하는 몇 개의 데이터를 검색하는 top-k 질의에 대한 관심이 고조되고 있다. Top-k 질의는 사용자의 점수 함수를 이용하여, 사용자가 원하는 모든 조건을 만족시키는 데이터들 중에서 최상위 (또는 최하위) 점수를 가지는 k개의 데이터를 사용자에게 반환한다. 최근 들어 클라우드 컴퓨팅 서비스의 대중화로 인하여 사용자의 대용량 데이터를 클라우드에 아웃소싱하여 경제적으로 저장 및 관리하는 데이터 아웃소싱이 크게 주목받고 있다. 그러나 데이터 아웃소싱으로 인하여 사용자의 민감한 데이터가 클라우드 서비스 제공자에게 노출될 수 있다는 위험이 존재하며, 이러한 문제를 방지하기 위해서는 사용자의 민감한 데이터를 암호화하여 클라우드에 저장하는 것이 필수적으로 요구된다. 본 논문은 클라우드 컴퓨팅 환경에서 암호화된 데이터에 대한 top-k 질의를 효율적으로 처리하는 알고리즘을 제안한다. 제안되는 알고리즘은 순서보존 암호화 기법을 이용하여, 암호화된 데이터만을 대상으로 top-k 질의 결과에 포함되지 않을 것으로 예상되는 중간 결과들을 클라우드 내에서 미리 제거함으로써 효율적인 top-k 질의 처리가 가능하게 한다. 논문의 실험 결과는 제안된 top-k 질의 처리 알고리즘이 단순 방법과 비교하여 사용자 시스템의 부하를 10배~10000배 줄일 수 있음을 증명한다.

• 경영정보학연구
• /
• 제5권2호
• /
• pp.1-21
• /
• 2003

e-비즈니스 환경에서 중개 유통기업은 공급자의 고객과의 직거래에 대한 위협에 대응하여 지속적인 변화를 추구하고 있다. 본 논문에서는 웹 기반 정보기술 활용을 통한 산업재 유통기업의 e-트랜스포메이션 전략을 분석적 관점에서 다루었다. 거래 비용 이론에 의하면 인터넷의 급격한 보급은 중개자와 공급자의 통합 및 아웃소싱에 의한 분할 등 상반되는 두 가지 방향을 동시에 촉진한다고 연구된 바 본 연구에서는 이러한 전략적 변화 방향에 대한 프레임웍을 중개유통 기업의 공급사슬 가치기여 이론과의 결합을 통하여 제시하였다. 공급사슬 가치기여 관점에서는 정보기술과 관련된 공급사슬 특성, 유통채널 조직간의 역학관계, 인터넷 유통 채널 특성 등의 상황적 변수가 포함되었다. 본 논문에서 제시된 프레임웍은 이와 같은 변수들의 복합적인 연계관계가 고려된 상황적 대안을 제시하고 있으며 제안된 명제들의 효과성은 산업재 유통기업의 종단적 심층 사례 연구를 통하여 분석되었다.

• 한국의상디자인학회지
• /
• 제14권1호
• /
• pp.131-150
• /
• 2012

The purpose of this study is to provide the characteristics of marketing strategy on the SPA(Specialty store retailor of Private label Apparel) brand. This research can be used as information for the domestic SPA brand to enhance its international competitiveness. The characteristics of marketing strategy on the SPA brand are as follows. 1. One company integrate vertically the process of planning, production, promotion and distribution. 2. As using the advanced information, productions, and logistics systems, they are carried out speedy management. 3. The production strategies are focused on providing new goods of fast cycle and very diverse styles in a season, developing products that accurately reflect the general market trend and consumer demands, extending the line of goods, outsourcing of the place to reduce production costs. For high-quality goods, they are collaborating with the famous designers and developing of new and green environment materials. 4. Generally, the SPA brand emphasizes the low price strategy against the quality. 5. The promotion strategies are focused on conducting various unique and high sensible VMDs, fashion shows, star marketing, campaigns, aggressive publicity, magazine & outdoor advertisement and various events through the internet website, etc. 6. The place (distribution) strategies of SPA brand are focused on launching into global, expanding number of stores, increasing large-sized stores and diversifying the forms of store and selling.

• 한국컴퓨터정보학회논문지
• /
• 제22권2호
• /
• pp.111-117
• /
• 2017

This study analyzes the relative importance of the introducing factors for the critical success factors in the implementation stage of the lifecycle of ERP system using Delphi technique and Analytic Hierarchy Process(AHP). In the 1st layer of the hierarchy, technical factor is evaluated as the most important factor among organizational, technical, and supplier factors. In the 2nd layer, choosing a proper ERP package is evaluated as the most important factor within 15 factors followed by process-oriented approach, technical suitability, minimized customization, integration and association of system with trading parter, association with legacy systems, and support and involvement of top management. As a result of this analysis enterprise should choose an ERP package that is suitable to its business environment, and make the best use of(take full advantage of) best practice that ERP package provides to optimize the existing business procedure or process(to approach the existing business procedure or process). This study also shows the range of customization of the features provided by the ERP package should be minimized.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권11호
• /
• pp.5560-5579
• /
• 2019

Searchable symmetric encryption (SSE) scheme can perform search on encrypted data directly without revealing the plain data and keywords. At present, many constructive SSE schemes were proposed. However, they cannot really resist the malicious adversary, because it (i.e., the cloud server) may delete some important data. As a result, it is very likely that the returned search results are incorrect. In order to better guarantee the integrity of outsourcing data, and ensure the correction of returned search results at the same time, in this paper, we combine SSE with blockchain (BC), and propose a SSE-on-BC framework model. We then construct two concrete schemes based on the size of the data, which can better provide privacy protection and integrity verification for data. Lastly, we present their security and performance analyses, which show that they are secure and feasible.