• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권6호
• /
• pp.3219-3237
• /
• 2019

The Cloud Computing is growing rapidly in the current IT industry. Cloud computing has become a buzzword in relation to Grid & Utility computing. It provides on demand services to customers and customers will pay for what they get. Various "Cloud Service Provider" such as Microsoft Azure, Google Web Services etc. enables the users to access the cloud in cost effective manner. However, security, privacy and integrity of data is a major concern. In this paper various security challenges have been identified and the survey briefs the comprehensive overview of various security issues in cloud computing. The classification of security issues in cloud computing have been studied. In this paper we have discussed security challenges in cloud computing and also list recommended methods available for addressing them in the literature.

• Journal of Information Processing Systems
• /
• 제13권6호
• /
• pp.1613-1627
• /
• 2017

The concept of the Internet of Things (IoT) enables physical objects or things to be virtually accessible for both consuming and providing services. Undue access from irresponsible activities becomes an interesting issue to address. Maintenance of data integrity and privacy of objects is important from the perspective of security. Privacy can be achieved through various techniques: password authentication, cryptography, and the use of mathematical models to assess the level of security of other objects. Individual methods like these are less effective in increasing the security aspect. Comprehensive security schemes such as the use of frameworks are considered better, regardless of the framework model used, whether centralized, semi-centralized, or distributed ones. In this paper, we propose a new semi-centralized security framework that aims to improve privacy in IoT using the parameters of trust and reputation. A new algorithm to elect a reputation coordinator, i.e., ConTrust Manager is proposed in this framework. This framework allows each object to determine other objects that are considered trusted before the communication process is implemented. Evaluation of the proposed framework was done through simulation, which shows that the framework can be used as an alternative solution for improving security in the IoT.

• Journal of Information Processing Systems
• /
• 제14권2호
• /
• pp.286-308
• /
• 2018

The availability of powerful and sensor-enabled mobile and Internet-connected devices have enabled the advent of the ubiquitous sensor network (USN) paradigm. USN provides various types of solutions to the general public in multiple sectors, including environmental monitoring, entertainment, transportation, security, and healthcare. Here, we explore and compare the features of wireless sensor networks and USN. Based on our extensive study, we classify the security- and privacy-related challenges of USNs. We identify and discuss solutions available to address these challenges. Finally, we briefly discuss open challenges for designing more secure and privacy-preserving approaches in next-generation USNs.

• Journal of Computing Science and Engineering
• /
• 제9권3호
• /
• pp.119-133
• /
• 2015

While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

• 한국멀티미디어학회논문지
• /
• 제18권2호
• /
• pp.178-188
• /
• 2015

The proliferation of devices such as tablets and smart phones, which are now used by many people in their daily lives, has led to a number of companies allowing employees to bring their own devices to work due to perceived productivity gains and cost savings. However, despite many advantage, security breaches (e.g., information leakage) can happen for various reasons (e.g., loss or theft of devices, and malicious code) and privacy breaches can happen by using personal devices for business. We should carefully scrutinize security threats in this area. We present the security threats analysis and the technical approach in this area, and discuss privacy threats and countermeasures.

• Journal of Information Processing Systems
• /
• 제16권1호
• /
• pp.1-5
• /
• 2020

Sustainable computing is a rapidly expanding field of research covering the fields of multidisciplinary engineering. With the rapid adoption of Internet of Things (IoT) devices, issues such as security, privacy, efficiency, and green computing infrastructure are increasing day by day. To achieve a sustainable computing ecosystem for future smart cities, it is important to take into account their entire life cycle from design and manufacturing to recycling and disposal as well as their wider impact on humans and the places around them. The energy efficiency aspects of the computing system range from electronic circuits to applications for systems covering small IoT devices up to large data centers. This editorial focuses on the security, privacy, and efficiency of sustainable computing for future smart cities. This issue accepted 17 articles after a rigorous review process.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권3호
• /
• pp.1722-1737
• /
• 2019

We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• 정보보호학회논문지
• /
• 제31권3호
• /
• pp.341-351
• /
• 2021

최근에 분산ID관리처럼 개인정보를 주체적으로 관리하는 기술이 주목받고 있지만, 기존에 제시된 블록체인 기반의 접근제어 연구들은 사용자에게 충분한 수준의 개인정보 접근제어 방안을 제공하지 못하고 있다. 본 논문은 퍼미션 블록체인 기술과 표준화된 프라이버시 보호 기술을 결합한 방안을 제안한다. 사용자의 접근제어 개입을 위해 프라이버시 제어 표준인 UMA2를 준용하는 토큰 기반의 사용자 접근제어 서비스를 블록체인 분산어플리케이션에 적용하였다. 블록체인과 UMA2를 연동함으로써 기존 블록체인이 제공하지 못했던 사용자 중심의 접근제어 기능을 제공한다. 또한 UMA2의 단점인 엔터티의 프라이버시 문제와 보안성, 가용성 이슈를 해결하였다.

• 정보보호학회논문지
• /
• 제29권6호
• /
• pp.1477-1489
• /
• 2019

본 연구는 EU 회원국에서 상위권을 차지하는 안드로이드 애플리케이션 50개에 대한 개인정보처리방침을 분석하여, EU 일반 개인정보 보호법(GDPR)이 규정하는 투명성 확보방안을 제시하였다. WP29 작업반에서 제시한 투명성 관련 지침을 참고하여, 개인정보처리의 투명성 확보를 위한 요소를 도출하고, 각 요소에 대한 단계별 확인 절차를 거쳤다. 그 결과, 현재 구글플레이스토어와 애플리케이션에서 각각 제공하고 있는 개인정보처리방침을 일원화하고, 개인정보처리방침을 설명하는 내용을 좀 더 이해하기 쉬운 표현으로 기술할 필요성이 제기되었다. 또한, 신속한 정보 제공 및 컨트롤러의 정보 기재 등이 개선될 필요가 있음이 제시되었다. 본 연구는 GDPR 5조 개인정보처리원칙 7가지 중 하나인 투명성의 원칙에 기반을 두어 분석하였으며, 향후 실질적인 준수를 통해 EU의 GDPR에 선제적으로 대응할 수 있는 기초 자료로 활용될 수 있을 것이다.