• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.7
• /
• pp.3375-3400
• /
• 2018

With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• Journal of Information Technology Application
• /
• v.1 no.3_4
• /
• pp.113-132
• /
• 1999

실증적인 연구들에 의하면 고객회사(client firms)와 서비스 제공업자(vendor) 간의 파트너십의 질과 범위가 정보시스템 아웃소싱의 성공적인 구현에 결정적인 역할을 하는 것으로 알려졌다. 본 연구는 이러한 정보시스템 아웃소싱 구현에 있어서 파트너십의 역할을 좀 더 심층적으로 분석하려는 노력의 일환이다. 본 연구에서의 기본 명제는 파트너십 특성들의 아웃소싱 구현에의 효과는 아웃소싱 업무의 특성(task characteristics)과 같은 상황적 요인에 의해 영향을 받을 수 있다는 것이다. 구체적으로 본 연구에서는 자산특이성(asset specificity)과 파트너십 특성간의 상호효과(interaction effect)에 중점을 두고 조사를 하게되는데, 파트너십은 관계적거래 특성(relational exchange characteristics)에 의해 구체화되었다. 207개의 미국 회사의 아웃소싱 관계를 대상으로 한 설문조사를 기반으로 한 결과에 의하면, 전반적으로 비관계적거래(discrete exchange)보다 관계적거래에 기반을 두고 아웃소싱 관계를 운영하는 것이 아웃소싱의 성공적 구현을 위하여 필수적인 것으로 보인다. 한편 상호효과를 조사하기 위해서는 MRA와 하위그룹분석(subgroup analysis)을 시행하였는데, 자산특이성과 일부 관계적거래 특성들간에 상호효과가 유의성이 있음을 발견하였다. 발견된 상호효과를 근거로 상황 변수를 고려하지 않은 연구 결과 중 확실하지 않은 결과(inconclusive results)에 대한 해석을 시도하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.12
• /
• pp.4042-4061
• /
• 2022

Recently, various security threats such as data leakage and data forgery have been possible in the communication and storage of data shared in the cloud environment. This paper conducted a study on the CP-ABSC scheme to solve these security threats. In the existing CP-ABSC scheme, if the data is obtained by the unsigncryption of the data user incorrectly, the identity of the data owner who uploaded the ciphertext cannot be known. Also, when verifying the leaked secret key, the identity information of the data user who leaked the secret key cannot be known. In terms of efficiency, the number of attributes can affect the ciphertext. In addition, a large amount of computation is required for the user to unsigncrypt the ciphertext. In this paper, we propose ECP-ABSC that provides data user traceability, and use it in a cloud environment to provide an efficient and secure data sharing scheme. The proposed ECP-ABSC scheme can trace and verify the identity of the data owner who uploaded the ciphertext incorrectly and the data user who leaked the secret key for the first time. In addition, the ciphertext of a constant size is output and the efficiency of the user's unsigncryption computation were improved.

• Journal of Information Technology Services
• /
• v.9 no.4
• /
• pp.95-108
• /
• 2010

In this paper. the research issues and trends are analysed by reviewing the journal of the Korea Society of IT Services which published from Dec. 2002 to Jun. 2010. The 306 papers which published were included in this project. The quantitative analyses were implemented about the volume of papers and researchers. The papers are categorized as project management. service science, service computing and IT technology, software engineering, solution, outsourcing management. element technology and methodology, strategy and management. policy, laws, and systems related IT services. Specially the qualitative analyses were implemented about research issues and trends through the content analysis about the paper details, abstract and key words described. We can find the more case of the theoretical study on the areas of the strategy and management, policy, laws, and systems, also the practical study on the service computing and IT technology, and solution area than the other areas. In this research, finally, the author can suggest that the integrated control be required to editing board for the effective classification of subjected paper candidate. Also the evaluation methodology such us experiment, performance comparative, should be adopted for the theoretical or practical study because the academic research requires the more scientific research methodology.

• KIPS Transactions on Software and Data Engineering
• /
• v.4 no.12
• /
• pp.543-548
• /
• 2015

Recently top-k query processing has been extremely important along with the explosion of data produced by a variety of applications. Top-k queries return the best k results ordered by a user-provided monotone scoring function. As cloud computing service has been getting more popular than ever, a hot attention has been paid to cloud-based data outsourcing in which clients' data are stored and managed by the cloud. The cloud-based data outsourcing, though, exposes a critical secuity concern of sensitive data, resulting in the misuse of unauthorized users. Hence it is essential to encrypt sensitive data before outsourcing the data to the cloud. However, there has been little attention to efficient top-k processing on the encrypted cloud data. In this paper we propose a novel top-k processing algorithm that can efficiently process a large amount of encrypted data in the cloud. The main idea of the algorithm is to prune unpromising intermediate results at the early phase without decrypting the encrypted data by leveraging an order-preserving encrypted technique. Experiment results show that the proposed top-k processing algorithm significantly reduces the overhead of client systems from 10X to 10000X.

• Information Systems Review
• /
• v.5 no.2
• /
• pp.1-21
• /
• 2003

In this paper, we investigate industrial product intermediary's transformation strategy by exploiting advantages afforded by web based information technologies. Our motivation for this research stems from exploring intermediary's responding strategy to cope with supplier's threatening to disintermediation. From transaction cost perspective, internet can induce both the vertical quasi-integration (electronic hierarchy) and outsourcing (electronic market). Our rationale on directing one of these bi-directional movements is specified on intermediary's value adding on the supply chain. As such, we investigated supply chain performance, IT effects on customer's requirement of channel functions, and channel power structure. Propositions to suggest contingent e-transforming strategic alternatives are logically derived from dyadic nature of supply chain characteristics such as efficiency versus customer services, and supplier dominant versus easy replaceability of suppliers. The contingent e-transformation framework developed from intermediary's perspective is reviewed through longitudinal industry case analysis. Implications from the industry case analysis give us insights for the effectiveness of the framework to combine supply chain characteristics with intermediary's e-transformation.

• Journal of the Korea Fashion and Costume Design Association
• /
• v.14 no.1
• /
• pp.131-150
• /
• 2012

The purpose of this study is to provide the characteristics of marketing strategy on the SPA(Specialty store retailor of Private label Apparel) brand. This research can be used as information for the domestic SPA brand to enhance its international competitiveness. The characteristics of marketing strategy on the SPA brand are as follows. 1. One company integrate vertically the process of planning, production, promotion and distribution. 2. As using the advanced information, productions, and logistics systems, they are carried out speedy management. 3. The production strategies are focused on providing new goods of fast cycle and very diverse styles in a season, developing products that accurately reflect the general market trend and consumer demands, extending the line of goods, outsourcing of the place to reduce production costs. For high-quality goods, they are collaborating with the famous designers and developing of new and green environment materials. 4. Generally, the SPA brand emphasizes the low price strategy against the quality. 5. The promotion strategies are focused on conducting various unique and high sensible VMDs, fashion shows, star marketing, campaigns, aggressive publicity, magazine & outdoor advertisement and various events through the internet website, etc. 6. The place (distribution) strategies of SPA brand are focused on launching into global, expanding number of stores, increasing large-sized stores and diversifying the forms of store and selling.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.111-117
• /
• 2017

This study analyzes the relative importance of the introducing factors for the critical success factors in the implementation stage of the lifecycle of ERP system using Delphi technique and Analytic Hierarchy Process(AHP). In the 1st layer of the hierarchy, technical factor is evaluated as the most important factor among organizational, technical, and supplier factors. In the 2nd layer, choosing a proper ERP package is evaluated as the most important factor within 15 factors followed by process-oriented approach, technical suitability, minimized customization, integration and association of system with trading parter, association with legacy systems, and support and involvement of top management. As a result of this analysis enterprise should choose an ERP package that is suitable to its business environment, and make the best use of(take full advantage of) best practice that ERP package provides to optimize the existing business procedure or process(to approach the existing business procedure or process). This study also shows the range of customization of the features provided by the ERP package should be minimized.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5560-5579
• /
• 2019

Searchable symmetric encryption (SSE) scheme can perform search on encrypted data directly without revealing the plain data and keywords. At present, many constructive SSE schemes were proposed. However, they cannot really resist the malicious adversary, because it (i.e., the cloud server) may delete some important data. As a result, it is very likely that the returned search results are incorrect. In order to better guarantee the integrity of outsourcing data, and ensure the correction of returned search results at the same time, in this paper, we combine SSE with blockchain (BC), and propose a SSE-on-BC framework model. We then construct two concrete schemes based on the size of the data, which can better provide privacy protection and integrity verification for data. Lastly, we present their security and performance analyses, which show that they are secure and feasible.