• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.558-579
• /
• 2021

The cloud storage provides flexible data storage services for data owners to remotely outsource their data, and reduces data storage operations and management costs for data owners. These outsourced data bring data security concerns to the data owner due to malicious deletion or corruption by the cloud service provider. Data integrity verification is an important way to check outsourced data integrity. However, the existing data verification schemes only consider the case that a verifier launches multiple data verification challenges, and neglect the verification overhead of multiple data verification challenges launched by multiple verifiers at a similar time. In this case, the duplicate data in multiple challenges are verified repeatedly so that verification resources are consumed in vain. We propose a duplicate data verification algorithm based on multiple verifiers and multiple challenges to reduce the verification overhead. The algorithm dynamically schedules the multiple verifiers' challenges based on verification time and the frequent itemsets of duplicate verification data in challenge sets by applying FP-Growth algorithm, and computes the batch proofs of frequent itemsets. Then the challenges are split into two parts, i.e., duplicate data and unique data according to the results of data extraction. Finally, the proofs of duplicate data and unique data are computed and combined to generate a complete proof of every original challenge. Theoretical analysis and experiment evaluation show that the algorithm reduces the verification cost and ensures the correctness of the data integrity verification by flexible batch data verification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.637-645
• /
• 2022

Cloud computing has been gaining popularity over decades, and container, a technology that is primarily used in cloud native applications, is also drawing attention. Although container technologies are lighter and more capable than conventional VMs, there are several security threats, such as sharing kernels with host systems or uploading/downloading images from the image registry. one of which can refer to the integrity of container images. In addition, runtime security while the container application is running is very important, and monitoring the behavior of the container application at runtime can help detect abnormal behavior occurring in the container. Therefore, in this paper, first, we implement a signing checker that automatically checks the signature of an image based on the existing Docker Content Trust (DCT) technology to ensure the integrity of the container image. Next, based on falco, an open source project of Cloud Native Computing Foundation(CNCF), we introduce newly created image for the convenience of existing falco image, and propose implementation of docker-compose and package configuration that easily builds a monitoring system.

• Journal of KIISE:Software and Applications
• /
• v.26 no.12
• /
• pp.1393-1403
• /
• 1999

공간 데이타베이스 시스템을 통하여 공유되는 공간 데이타는 무결성이 적절하게 유지되지 않는 한 전체 응용 시스템의 행위를 예측할 수 없게 되므로 데이타의 무결성 확인 및 유지는 필수적이다. 특히 공공 GIS에 저장된 공간 데이타는 토지 이용도 평가, 도시 계획, 자원 관리, 시설물 관리, 안전 관리, 국방 등 국가 전체 및 지역의 중요한 정책 결정을 위한 다양한 응용 시스템들에 의해 이용되므로 적절한 공간 객체의 무결성 확인이 더욱 더 필요하다. 본 논문에서는 능동(active) DBMS의 능동 규칙(active rule) 기법을 이용하여 공간 객체의 무결성 확인을 지원하기 위한 규칙 관리 시스템을 제시한다. 능동 규칙을 이용한 공간 객체의 무결성 확인은 응용 프로그래머를 무결성 확인에 대한 부담으로부터 자유롭게 할 수 있다. 본 시스템은 특정 DBMS에 종속되지 않는 독립적인 외부 시스템으로 존재하며, 능동 규칙 관리기, 규칙 베이스, 그리고 활성규칙 생성기의 3 부분으로 구성된다. 사용자가 공간 데이타베이스 응용 프로그램을 통해 공간 객체를 조작하고자 할 때, 본 시스템은 데이타베이스 트랜잭션을 단위로 조작되는 모든 공간 객체의 무결성 확인을 위해 응용 프로그램에 삽입될 무결성 제약조건 규칙들을 효율적으로 관리하는 역할을 한다.Abstract It is necessary that the integrity of spatial data shared through the spatial database system is validated and appropriately maintained, otherwise the activity of whole application system is unpredictable. Specially, the integrity of spatial data stored in public GIS has to be validated, because those data are used by various applications which make a decision on an important policy of the region and/or whole nation such as evaluation of land use, city planning, resource management, facility management, risk management/safety supervision, national defense. In this paper, we propose rule management system to support validating the integrity of spatial object, using the technique of active rule technique from active DBMS. Validating data integrity using active rules allows database application programmer to be free from a burden on validation of the data integrity. This system is an independent, external system that is not subject to specific DBMS and consists of three parts, which are the active rule manager, the rule base, and the triggered rule generator. When an user tries to manipulate spatial objects through a spatial database application program, this system serves to efficiently manage integrity rules to be inserted into the application program to validate the integrity constraints of all the spatial objects manipulated by database transactions.

• Journal of KIISE:Computing Practices and Letters
• /
• v.5 no.4
• /
• pp.416-425
• /
• 1999

복잡한 무결성 제약 조건을 효율적으로 확인하기 위해 제약 조건들을 룰 베이스(rule base)에 저장하고 별도의 룰 관리 시스템과 제약 조건 관리 시스템을 통해 제약 조건을 확인하는 기법이 많은 연구자들에 의해 연구되고 발표되었다. 그러나 제약 조건 관리 시스템이 실행시간에 응용 프로그램을 항상 모니터링하고 있다가 데이타의 수정이 요청될 때마다 개입하여 프로세스를 중단시키고 관련 제약 조건을 확인하는 기존의 방법들은 처리 시간의 지연을 피할 수 없다. 본 논문은 컴파일 시간에 제약 조건 확인 코드를 응용 프로그램에 미리 삽입할 것을 제안한다. 응용 프로그램 자체 내에 제약 조건 확인 코드가 삽입되기 때문에 실행 시간에 다른 시스템의 제어를 받지 않고 직접 제약 조건의 확인 및 데이타베이스의 접근이 가능해져서 처리 시간의 지연을 피할 수 있을 것이다. 이를 위해 어떤 구문이 제약 조건의 확인을 유발하는 지를 추적하였고, 컴파일러가 그러한 구문을 어떻게 전처리 과정에서 검색하는지 그리고 그러한 구문마다 어떻게 해당 제약 조건 확인 코드를 삽입할 수 있는 지를 객체지향1) 데이타베이스 언어인 Objectivity/C++에 대해 gcc의 YACC 코드를 변경함으로써 보여 주었다.Abstract To cope with the complexity of handling integrity constraints, numerous researchers have suggested to use a rule-based system, where integrity constraints are expressed as rules and stored in a rule base. A rule manager and an integrity constraint manager cooperate to check the integrity constraints efficiently. In this approach, however, the integrity constraint manager has to monitor the activity of an application program constantly to catch any database operation. For each database operation, it has to check relevant rules with the help of the rule manager, resulting in considerable delays in database access. We propose to insert the constraints checking code in the application program directly at compile time. With constraints checking code inserted, the application program can check integrity constraints by itself without the intervention of the integrity constraint manager. We investigate what kind of statements require the checking of constraints, show how the compiler can detect those statements, and show how constraints checking code can be inserted into the program, by modifying the GCC YACC file for Objectivity/C++, an object-oriented database programming language.

• Journal of the Institute of Convergence Signal Processing
• /
• v.13 no.4
• /
• pp.211-219
• /
• 2012

In this paper, we described the software development for verifying the integrity of output data of TCP/IP for VLBI Correlation Subsystem (VCS) correlation block and proposed the performance improvement method in order to prevent the data loss of correlation output. The VCS correlation results are saved at the Data Archive system through TCP/IP packet transmission. In this paper, the integrity verification software is developed so as to confirm the integrity of correlation result saved at the data archive system using TCP/IP packet information of VCS. The 3-step integrity verification process is proposed by using the developed software, its effectiveness was confirmed in consequence of correlation experiments. In addition, TCP/IP packet transmission must be completed within minimum integration period. However, there is not only TCP/IP packet loss occurred but also the problem of correlation result integrity affected in account of a large quantity of packets and data during short integration time. In this paper, the reason of TCP/IP packet loss is analyzed and the modified methods for FPGA(Field Programmable Gate Array) of VCS are proposed, the integrity problem of correlation results will be solved.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.9
• /
• pp.2354-2365
• /
• 1997

This paper presents a design of an access control mechanism that can resolves the complicated problems of access control requirements in modern information communication applications. In this paper, we proposed an integrated information model which can satisfy the combined goals of confidentiality, integrity and availability of any resource. We defined an integrated information model from the view points of identity-based, rule-based and role-based policy and implemented six access control operations. The proposed integrated information model can protect to unauthorized access to any resource based on the multilevel security policies of security label, integrity level, role and ownership.

• Journal of Korea Multimedia Society
• /
• v.25 no.7
• /
• pp.922-931
• /
• 2022

Recently, the need for health information management platforms has been increasing for efficient medical and IT technology research. However, health information is requiring security management by law. When permissioned blockchain technology is used to manage health information, the integrity is provided because only the authenticated users participate in bock generation. However, if the blockchain server is attacked, it is difficult to provide security because user authentication, block generation, and block verification are all performed on the blockchain server. In this paper, therefore, we propose a Health Information Management Server, which uses a permissioned blockchain algorithm and asymmetric cryptography. Health information is managed as a blockchain transaction to maintain the integrity, and the actual data are encrypted with an asymmetric key. Since using a private key kept in the institute local environment, the data confidentiality is maintained, even if the server is attacked. 1,000 transactions were requested, as a result, it was found that the server's average response time was 6,140ms, and the average turnaround time of bock generation was 368ms, which were excellent compared to those of conventional technology. This paper is that a model was proposed to overcome the limitations of permissioned blockchains.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.399-408
• /
• 2021

Information security reports four types of basic attacks on information. One of the attacks is named as fabrication. Even though mobile devices and applications are showing its maturity in terms of performance, security and ubiquity, location-based applications still faces challenges of quality of service, privacy, integrity, authentication among mobile devices and hence mobile users associated with the devices. There is always a continued fear as how location information of users or IoT appliances is used by third party LB Service providers. Even adversary or malicious attackers get hold of location information in transit or fraudulently hold this information. In this paper, location information fabrication scenarios are presented after knowing basic model of information attacks. Peer-to-Peer broadcast model of location privacy is proposed. This document contains introduction to fabrication, solutions to such threats, management of fabrication mitigation in collaborative or peer to peer location privacy and its cost analysis. There are various infrastructure components in Location Based Services such as Governance Server, Point of interest POI repository, POI service, End users, Intruders etc. Various algorithms are presented and analyzed for fabrication management, integrity, and authentication. Moreover, anti-fabrication mechanism is devised in the presence of trust. Over cost analysis is done for anti-fabrication management due to nature of various cryptographic combinations.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.14 no.6
• /
• pp.452-460
• /
• 2021

As the global electric vehicle (EV) market expands, eco-friendly EV that complement performance and safety problems continue to be released and the market is growing. However, in the case of EVs, the inconvenience of charging, safety problems such as electric shock, and electromagnetic interference (EMI) problems caused by the interlocking of various electronic components are problems that must be solved in EVs. The use of wireless power transmission technology can solve the problem of safety by not dealing with high current and high voltage directly and solving the inconvenience of charging EVs. In this paper, in order to reduce EMI a wireless charging control module, which is a key electronic component of WPT of EV. EMI reduction was designed through simulation of problems such as resonance and impedance that may occur in the power supply and signal distortion between high-speed communication that may occur in the signal part. Therefore, through the EMI reduction design with power integrity and signal integrity, the WPT wireless charging control module for electric vehicles reduces 10 dBu V/m and 15 dBu V/m, respectively, in 800 MHz to 1 GHz bands and 1.5 GHz bnad.

• KIISE Transactions on Computing Practices
• /
• v.23 no.8
• /
• pp.504-509
• /
• 2017

Preserving the integrity of the booting process is important. Recent rootkit attacks and subverting OS attacks prove that any post-OS security mechanism can be easily circumvented if the booting process is not properly controlled. Using an actual case as an example, the hacker of the Se-jong government office simply bypassed the user's password authentication by compromising the normal booting process. This paper analyzes existing pre-OS protection using secure boot and measured boot, and proposes another bootloader that overcomes the limitations. The proposed bootloader not only guarantees the integrity of all the pre-OS binaries, bootloaders, and kernel, it also makes explicit records of integrity in the booting process to the external TPM device, so that we can track modifications of BIOS configurations or unintended booting process modifications.