• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.19-31
• /
• 2018

As the ICT technologies advance, the unprecedently large amount of digital data is created, transferred, stored, and utilized in every industry. With the data scale extension and the applying technologies advancement, the new services emerging from the use of large scale data make our living more convenient and useful. But the cybercrimes such as data forgery and/or change of data generation time are also increasing. For the data security against the cybercrimes, the technology for data integrity and the time verification are necessary. Today, public key based signature technology is the most commonly used. But a lot of costly system resources and the additional infra to manage the certificates and keys for using it make it impractical to use in the large-scale data environment. In this research, a new and far less system resources consuming signature technology for large scale data, based on the Hash Function and Merkle tree, is introduced. An improved method for processing the distributed hash trees is also suggested to mitigate the disruptions by server failures. The prototype system was implemented, and its performance was evaluated. The results show that the technology can be effectively used in a variety of areas like cloud computing, IoT, big data, fin-tech, etc., which produce a large-scale data.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.3
• /
• pp.192-207
• /
• 2006

Today, the SSL protocol has been used as core part in various computing environments or security systems. But, the SSL protocol has several problems, because of the rigidity on operating. First, SSL protocol brings considerable burden to the CPU utilization so that performance of the security service in encryption transaction is lowered because it encrypts all data which is transferred between a server and a client. Second, SSL protocol can be vulnerable for cryptanalysis due to the key in fixed algorithm being used. Third, it is difficult to add and use another new cryptography algorithms. Finally. it is difficult for developers to learn use cryptography API(Application Program Interface) for the SSL protocol. Hence, we need to cover these problems, and, at the same time, we need the secure and comfortable method to operate the SSL protocol and to handle the efficient data. In this paper, we propose the SSL component which is designed and implemented using CBD(Component Based Development) concept to satisfy these requirements. The SSL component provides not only data encryption services like the SSL protocol but also convenient APIs for the developer unfamiliar with security. Further, the SSL component can improve the productivity and give reduce development cost. Because the SSL component can be reused. Also, in case of that new algorithms are added or algorithms are changed, it Is compatible and easy to interlock. SSL Component works the SSL protocol service in application layer. First of all, we take out the requirements, and then, we design and implement the SSL Component, confidentiality and integrity component, which support the SSL component, dependently. These all mentioned components are implemented by EJB, it can provide the efficient data handling when data is encrypted/decrypted by choosing the data. Also, it improves the usability by choosing data and mechanism as user intend. In conclusion, as we test and evaluate these component, SSL component is more usable and efficient than existing SSL protocol, because the increase rate of processing time for SSL component is lower that SSL protocol's.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.11
• /
• pp.1515-1527
• /
• 2016

With the growth of big data, machine learning, and cloud computing, the importance of storage that can store large amounts of unstructured data is growing recently. So the commodity hardware based distributed file systems such as MAHA-FS, GlusterFS, and Ceph file system have received a lot of attention because of their scale-out and low-cost property. For the data fault tolerance, most of these file systems uses replication in the beginning. But as storage size is growing to tens or hundreds of petabytes, the low space efficiency of the replication has been considered as a problem. This paper applied erasure coding data fault tolerance policy to MAHA-FS for high space efficiency and introduces VDelta technique to solve data consistency problem. In this paper, we compares the performance of two file systems, MAHA-FS and GlusterFS. They have different IO processing architecture, the former is server centric and the latter is client centric architecture. We found the erasure coding performance of MAHA-FS is better than GlusterFS.

• The KIPS Transactions:PartC
• /
• v.15C no.3
• /
• pp.157-166
• /
• 2008

The ubiquitous service environment is poor in reliability of connection and also has a high probability that the intrusion against a system and the failure of the services may happen. Therefore, It is very important to guarantee that the legitimate users make use of trustable services from the viewpoint of security without discontinuance or obstacle of the services. In this paper, we point out the problems in the standard Jini service environment and analyze the Jgroup/ARM framework that has been developed in order to help fault tolerance of Jini services. In addition, we propose a secure Jini service architecture to satisfy the security, availability and quality of services on the basis of the analysis. The secure Jini service architecture we propose in this paper is able to protect a Jini system not only from faults such as network partition or server crash, but also from attacks exploiting flaws. It provides security mechanism for dynamic trust establishment among the service entities. Moreover, our secure Jini service architecture does not incur high computation costs to merge the user service states because of allocation of the replica based on each session of a user. Through the experiment on a test-bed, we have confirmed that proposed secure Jini service architecture is able to guarantee the persistence of the user service states at the level that the degradation of services quality is ignorable.

• Information Systems Review
• /
• v.11 no.2
• /
• pp.147-167
• /
• 2009

As global climate changes, the interest in environmental crisis is increasing and a number of international agreements and regulations against this crisis are being established. Global information technology(IT) corporations are building their own pro-environmental green IT strategies to cope with the regulatory measures. Green IT broadly refers to pro-environmental technologies designed to replace hazardous materials, maximize energy effectivity, and find alternative energies. In the current stage of the IT industry development, Green IT specifically refers to the technologies that deal with the server heat generation and the energy reduction in data center. This study defines the concept of Green IT and reviews its origin and necessity. Then, it examines the issues regarding Green IT industry in Korea as well as other countries and compares the Green IT strategies developed in each country. Reviewing the recent development of IT and data center market enables us to see that overall Green IT strategies focus on the establishment of Green Internet Data Centers. Therefore, this study analyzes the cases in which some domestic and foreign corporations introduced Green Data Centers in order to examine the protocol and legal requirements for building Green IT, the aspects of environmental evaluation and design, and specific strategies for launching Green IT strategies and its future assignments. The conclusions of this study are as follows. First, to introduce Green Data Center as a strategy to build Green IT, the government and corporations should cooperate with each other. Partial introduction at the initial stage is desirable because, through the process, mutual trust between the two parties can be built more smoothly. Second, CEO's determination to build Green IT and continue its operation is indispensable. CEO's are required to have clear understanding as to why Green IT needs to be built and how it should be constructed. Those who initiate the construction of Green Data Center for Green IT need to know the definition and necessity of Green IT while at the same time understanding the implicit meanings of Green IT. They also need to be aware of future-oriented values of Green Data Center and readjust their corporate business activities in the pro-environmental direction. Finally, not only the CEOs' pro-environmental activities but also the change of mind on the part of all corporate employees is required to realize Green IT. It should be remembered that pro-environmental Green IT starts with minor activities.

• Journal of Korea Multimedia Society
• /
• v.8 no.9
• /
• pp.1258-1268
• /
• 2005

While the concept of Home Network is laying by and its interests are increasing by means of digitalizing of the information communication infrastructure, many efforts are in progress toward convenient lives. Moreover, as information household appliances which have a junction of connecting to the network are appearing over the past a few years, the demands against intellectual Home Services are increasing. In this paper, by being based upon Multimedia which is an essential factor for developing of various application services on ubiquitous computing environments, we suggest a simplified application model that could apply the information to the automated processing system after studying user's behavior patterns using authentication and access control for identity certification of users. In addition, we compared captured video images in the fixed range by pixel unit through some time and checked disorder of them. And that made safe of user certification as adopting self-developed certification method which was used 'Hash' algorism through salt function of 12 byte. In order to show the usefulness of this proposed model, we did some testing by emulator for control of information after construction for Intellectual Multimedia Server, which ubiquitous network is available on as a scheme so as to check out developed applications. According to experimental results, it is very reasonable to believe that we could extend various multimedia applications in our daily lives.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.146-155
• /
• 2004

Currently most of commercial operating systems contain a high-level audit feature to increase their own security level. Linux does not fall behind the other commercial operating systems in performance and stability, but Linux does not have a good audit feature. Linux is required to support a higher security feature than C2 level of the TCSEC in order to be used as a server operating system, which requires the kernel-level audit feature that provides the system call auditing feature and audit event. In this paper, we present LxBSM, which is a kernel module to provide the kernel-level audit features. The audit record format of LxBSM is compatible with that of Sunshield BSM. The LxBSM is implemented as a loadable kernel module, so it has the enhanced usability. It provides the rich audit records including the user-level audit events such as login/logout. It supports both the pipe and file interface for increasing the connectivity between LxBSM and intrusion detection systems (IDS). The performance of LxBSM is compared and evaluated with that of Linux kernel without the audit features. The response time was increased when the system calls were called to create the audit data, such as fork, execve, open, and close. However any other performance degradation was not observed.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.6
• /
• pp.646-661
• /
• 2003

It is not easy that we visualize the large volume data stored in the every client computers of the web environment. One solution is as follows. First we compress volume data, second store that in the database server, third transfer that to client computer, fourth visualize that with direct-volume-rendering in the client computer. In this case, we usually use wavelet transform for compressing large data. This paper reports the experiments for acquiring the wavelet bases and the compression ratios fit for the above processing paradigm. In this experiments, we compress the volume data Engine, CThead, Bentum into 50%, 10%, 5%, 1%, 0.1%, 0.03% of the total data respectively using Harr, Daubechies4, Daubechies12 and Daubechies20 wavelets, then visualize that with direct-volume-rendering, afterwards evaluate the images with eyes and image comparison metrics. When compression ratio being low the performance of Harr wavelet is better than the performance of the other wavelets, when compression ratio being high the performance of Daubechies4 and Daubechies12 is better than the performance of the other wavelets. When measuring with eyes the good compression ratio is about 1% of all the data, when measuring with image comparison metrics, the good compression ratio is about 5-10% of all the data.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.67-75
• /
• 2015

According to the changes of the mobile environments, the usage and interest of the Android apps have been increased. But the usage of illegally-copied apps has been also increased. And the transparency and dependability of the app markets has been decreased. Therefore there are many cases for the copyright infringement of app developers. Although several methods for preventing illegally-copied apps have been studied, there may exist possible ways to bypass the methods. Since it is difficult to find out the first distributors of the illegally-copied apps, it is not easy to punish them legally. This paper proposes the method of detecting illegally-copied apps. The proposed detector can detect the illegally-copied apps using odex file, which is created when the app is installed. The detector can also find out the information of the first distributors based on forensic watermark technique. Since the illegally-copied app detector is running as a service on the system server, it is granted that the detector hides from the users. As an experiment result, the illegally-copied app detector takes on average within 0.2 seconds to detect and delete an illegally-copied app.