• Journal of the Korea Society of Computer and Information
• /
• v.20 no.7
• /
• pp.49-56
• /
• 2015

In this paper, we introduce recent cloud system security technologies categorizing them according to Reliability, Availability, Serviceability, Integrity, and Security (RASIS), terms that evaluate robustness of the computer system. Then we describe examples of security attacks and corresponding security technologies for each of them. We introduce security technologies based on Software Defined Network (SDN) for Reliability, security technologies based on hypervisor and virtualization for Availability, disaster restoration systems for Serviceability, authorization and access control technologies for Integrity, and encryption algorithms for Security. We believe that this paper provide wise view and necessary information for recent cloud system security technologies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4576-4598
• /
• 2018

In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.5
• /
• pp.29-38
• /
• 2002

This paper presents IPv6, ATM, and IP/ATM security systems for computer network. IPv6 uses authentication header and ESP to provide security services. Authentication header provides integrity and authentication services and ESP provides integrity, authentication and confidentiality services. User plan of ATM provides authentication, integrity, confidentiality and access control services and control plan of ATM provides authentication and integrity services. IP/ATM security services are also presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3943-3957
• /
• 2016

As digital evidence has a highly influential role in proving the innocence of suspects, methods for integrity verification of such digital evidence have become essential in the digital forensic field. Most surveillance camera systems are not equipped with proper built-in integrity protection functions. Because digital forgery techniques are becoming increasingly sophisticated, manually determining whether digital content has been falsified is becoming extremely difficult for investigators. Hence, systematic approaches to forensic integrity verification are essential for ascertaining truth or falsehood. We propose an integrity determination method that utilizes the structure of the video content in a Video Event Data Recorder (VEDR). The proposed method identifies the difference in frame index fields between a forged file and an original file. Experiments conducted using real VEDRs in the market and video files forged by a video editing tool demonstrate that the proposed integrity verification scheme can detect broken integrity in video content.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.32 no.2
• /
• pp.149-162
• /
• 2007

In the era of the internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) Security and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security quality positively, leading to users' satisfaction eventually. To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets Security and Information Security Service influence informations security qualify positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets Security and Information Security Service helped great improve the information security quality and user satisfaction.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.1
• /
• pp.241-249
• /
• 2017

Recently, as a vehicle black box device has propagated, it has been increasingly used as a legal proof and there are the needs to verify an integrity of the video data. However, since the black box classified as the embedded system has a small capacity and low processing speed, there are limitations to the storage of video files and the integrity verification processing. In this paper, we propose a novel method for video files integrity in the black box environment with limited resources by using lightweight hash function LSH and the security of HMAC. We also present the test results of CPU idle rate at integrity verification in vehicle black box device by implementing this method, and verify the effectiveness and practicality of the proposed method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1159-1168
• /
• 2012

Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.

• The Journal of Information Technology
• /
• v.10 no.3
• /
• pp.77-92
• /
• 2007

This study aims to suggest an implementation methodology of security module for data integrity of mobile internet terminal. This is based on the WTLS(Wileless Transport Layer Security) of WAP Protocol. This security module is expected to achieve central role in conversion of wireless internet environment and emphasis of encryption technology and safe and calculable wireless communication environment construction.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.4
• /
• pp.326-333
• /
• 2014

Internet Services have security issues. To prepare proper security measures for these security issues, security level setting is positively necessary. Until now, we use a security level with CIA (Confidentiality, Integrity, and Availability) Security Levels. However, CIA Security Levels has problems with ambiguous measures for the middle level of security setting. Moreover, security level overlap occurs, in some cases, when user authentications are not done. Additionally, there exist some levels among CIA Security Levels which cannot be applied to Internet services. In this paper, new security level model, CIAA Security Levels with deletion of ambiguous middle level of security setting and addition of authentication to one of security level setting factors, is proposed. The CIAA Security Levels model can be applied to more concrete security measures than CIA Security Levels. The proposed Security Levels model is applicable to almost any on-line services and it can be applied to new online services.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2219-2236
• /
• 2017

With cloud storage services, users can handle an enormous amount of data in an efficient manner. However, due to the widespread popularization of cloud storage, users have raised concerns about the integrity of outsourced data, since they no longer possess the data locally. To address these concerns, many auditing schemes have been proposed that allow users to check the integrity of their outsourced data without retrieving it in full. Yuan and Yu proposed a public auditing scheme with a deduplication property where the cloud server does not store the duplicated data between users. In this paper, we analyze the weakness of the Yuan and Yu's scheme as well as present modifications which could improve the security of the scheme. We also define two types of adversaries and prove that our proposed scheme is secure against these adversaries under formal security models.