• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2708-2721
• /
• 2014

Data outsourcing in the cloud (DOC) is a promising solution for data management at the present time, but it could result in the disclosure of outsourced data to unauthorized users. Therefore, protecting the confidentiality of such data has become a very challenging issue. The conventional way to achieve data confidentiality is to encrypt the data via asymmetric or symmetric encryptions before outsourcing. However, this is computationally inefficient because encryption/decryption operations are time-consuming. In recent years, a few DOC schemes based on secret sharing have emerged due to their low computational complexity. However, Dautrich and Ravishankar pointed out that most of them are insecure against certain kinds of collusion attacks. In this paper, we proposed a novel DOC scheme based on Shamir's secret sharing to overcome the security issues of these schemes. Our scheme can allow an authorized data user to recover all data files in a specified subset at once rather than one file at a time as required by other schemes that are based on secret sharing. Our thorough analyses showed that our proposed scheme is secure and that its performance is satisfactory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.981-987
• /
• 2017

Proliferation of cloud computing services brings about reduction of the maintenance and management costs by allowing data to be outsourced to a dedicated third-party remote storage. At the same time, the majority of storage service providers have adopted a data deduplication technique for efficient utilization of storage resources. When a hash tree is employed for duplicate identification as part of deduplication process, size information of the attested data and partial information about the tree can be deduced from eavesdropping. To mitigate such side channels, in this paper, a new duplicate identification method is presented by exploiting a multi-set hash function.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.971-980
• /
• 2017

Data deduplication can be utilized to reduce storage space in cloud storage services by storing only a single copy of data rather than all duplicated copies. Users who are concerned the confidentiality of their outsourced data can use secure encryption algorithms, but it makes data deduplication ineffective. In order to reconcile data deduplication with encryption, Liu et al. proposed a new server-side cross-user deduplication scheme by exploiting password authenticated key exchange (PAKE) protocol in 2015. In this paper, we demonstrate that this scheme has side channel which causes insecurity against the confirmation-of-file (CoF), or duplicate identification attack.

• Journal of Environmental Health Sciences
• /
• v.33 no.4
• /
• pp.235-241
• /
• 2007

The National Institute of Environmental Research(NIER) launched a research about Framework of Environmental Health Information System for Industrial Complex in 2001, with the goal of finding out measures to establish an integrated management system(IMS) for environmental health information. Based on the research results, NIER started to build integrated information system. The process will continue from 2006 to 2008. As the first step, in 2006, NIER outsourced the job of setting up the specific plan. In 2007, based on the plan created in the previous year, computerization work began. During 2008, the $3^{rd}$ year of the process, the integrated system will be compatible to conventional GIS system and statistics analysis system to deliver funker efficient and useful services. In this vein, the objective of the study is to identify data collection procedure, data utilization, and overall goal of the system. In addition, It will illustrate digitalization process and recommendation about how to utilize the system.

• Journal of the Korean Society of Safety
• /
• v.27 no.5
• /
• pp.190-195
• /
• 2012

This study is aimed to investigate the occupational safety and health management of contractor company in the steel industry. Many companies now only carry out core functions inhouse and ancillary functions have been outsourced. This results in transferring risk to the contractor. The questionnaire survey was conducted on the suppliers and contractors of steel industry. Data were collected from 29 companies and their 240 contractor companies. From the survey result, it was found that the level of safety and health management is above the average. To strengthen the relationship for safety and health management, the supplier should provide more data and design a curriculum to train workers of contractor company. Also it is needed that the supplier company employ the person in exclusive charge to support contractor.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5653-5672
• /
• 2019

In cloud computing era, an increasing number of resource-constrained users outsource their data to cloud servers. Due to the untrustworthiness of cloud servers, it is important to ensure the integrity of outsourced data. However, most of existing solutions still have challenging issues needing to be addressed, such as the identity privacy protection of users, the traceability of users, the supporting of dynamic user operations, and the publicity of auditing. In order to tackle these issues simultaneously, in this paper, we propose a traceable dynamic public auditing scheme with identity privacy preserving for cloud storage. In the proposed scheme, a single user, including a group manager, is unable to know the signer's identity. Furthermore, our scheme realizes traceability based on a secret sharing mechanism and supports dynamic user operations. Based on the security and efficiency analysis, it is shown that our scheme is secure and efficient.

• Journal of Korean Library and Information Science Society
• /
• v.40 no.2
• /
• pp.69-86
• /
• 2009

This study was intended to investigate the quality control in technical services outsourcing in academic libraries. For this purpose, investigated related papers and the experience of outsourced technical services in three academic libraries. Data from senior librarians charged with revision of catalogs are gathered. Issues of catalogs production and quality control are explored and statistics of outsourcing is analysed. Quality control is a major factor of the success of technical services outsourcing operation. The some suggestions in order to enhance quality of vendor-supplied cataloging are presented.

• Journal of Information Technology Services
• /
• v.16 no.2
• /
• pp.61-83
• /
• 2017

It is well known that PMO (Project Management Office)s are effective for successful project performance. Since it takes a long time to develop PMO capability, many public organizations and companies that do not have internal PMOs are increasingly relying on outsourcing of PMO functions in order to introduce mature PMO capabilities in a short period of time. However, it is not verified yet whether outsourced PMO is more effective than internal PMO or not. The objective of this study is to verify the effectiveness of PMO outsourcing. There are many different definitions about PMO function, and even the same PMO function may have different effectiveness depending on the Industry. Thus, this study redefined the PMO functions and Project Performance based on the past studies, and conducted research by focusing on the ICT (Information and Communication Technology) industry. The ICT industry is an important industry economically and has been attracting global attention recently. This study is the first attempt to prove the effectiveness of outsourcing of PMO function in Korea. We found that PMO function outsourcing is effective for certain aspects of project performance, particularly technical support and infrastructure management. Overall, PMO outsourcing is usually more effective than internal PMO for improving project performance. The results of this study are expected to contribute to the development of PMO theories and practices.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.826-845
• /
• 2017

Outsourcing computation is one of the most important applications in cloud computing, and it has a huge ability to satisfy the demand of data centers. Modular exponentiation computation, broadly used in the cryptographic protocols, has been recognized as one of the most time-consuming calculation operations in cryptosystems. Previously, modular exponentiations can be securely outsourced by using two untrusted cloud servers. In this paper, we present two practical and secure outsourcing modular exponentiations schemes that support only one untrusted cloud server. Explicitly, we make the base and the index blind by putting them into a matrix before send to the cloud server. Our schemes provide better performance in higher efficiency and flexible checkability which support single cloud server. Additionally, there exists another advantage of our schemes that the schemes are proved to be secure and effective without any cryptographic assumptions.