Earticle

Cloud computing has become one of the important technologies for reducing cost and increasing productivity by efficiently using IT resources in companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes also have plans to introduce the system in Korea. Various researches have pointed out security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the expected security threats and their correspondents for solving problems. Cloud computing security area is classified into managerial, physical and technical area in the research. The research derives the influence of security priorities in each area on the importance of security issues according to the recognition of workers in private enterprise and public institutions by ordered probit model. The ordered probit model is used to analyze the influences and marginal effects of awareness for security importance in each area on the degree of security priority. The results show workers in public agencies regard the technical security as the highest priority, otherwise the physical and managerial security are considered as the critical security factors in private enterprise. This research compared the difference of recognitions for the security priority in three areas between workers in private enterprise which are using cloud computing services and them in public institutions that has never used the services. It contributes to the establishment of strategies in aspect of security by providing guidelines to companies or agencies which want to introduce the cloud computing systems.

Over the past several years, we have seen the emergence of new paradigm in the Internet, online social media networking, which provide Internet users to communicate and collaborate with family, friends, social groups, and other community by using social media tools (i.e., Twitter, Facebook, MySpace, and Youtube). The use of social media for communication is becoming more prevalent worldwide, with people from countries of varying economic development increasingly accessing the Internet to participate in networking sites. Online social media networking today is a great tool to meet and network with people sharing similar business interests. However, they can also pose serious security threats to users and their organizations. This paper presents the security risks of online social media networking and then attempts to develop the model for assessing its security risks. Our model can help security professionals for assessing security risks in the existing information systems and designing new security systems of enterprise.

Dependence on a public key infrastructure (PKI) is the prominent obstructer in the path of following a public key cryptography widespread, which is held together among various users. In order to ensure authenticated communication, encryption and signature key pair must be generated by each senders and receivers. Apart from this, request along with the proof of identity should also be submitted to the Certificate Authority (CA) and receive CA-Signed certificates, so that it can be used to authenticate one another and exchange encrypted message while limitations of this is that it consumes more time and is error-prone as well. So to get rid of this menace we need to explore few alternatives which will not ask about certificates for encryption and signature verification. Thus, we identify that identity based cryptography approach is one of the robust alternative feature. Using this Characteristic we will be able to overcome the complexity of a cryptography system to a greater extent by ignoring use of generating and managing user’s certificates. Integer factorization, quadratic residue and bilinear pairing are the parameters on the basis of which we review the identity based cryptographic primitive. To make sure how it works several major proposals for identity based encryption schemes and identity based signature schemes has been explored along with their performance comparisons.

Recently, some researchers alarm the security community that the smart-phone which is interoperable between telecom networks and Internet, is dangerous conduits for Internet security threats to reach the telecom network such as DDoS attacks to the emergency call center. But the detailed DDoS defense scheme for the emergency call center against DDoS attack by zombie smart-phones is not presented yet. This paper presents a DDoS defense system, called cushion system, against zombie smart-phones to protect the emergency call center such as 911. The cushion system, a private branch exchange(PBX) extension, differentiates the legitimate human users and zombie smart-phones using CAPTCHA test which can be solved by only human users. This paper analyzes the negative impacts on the emergency call center by the DDoS attack. Also, this paper shows how much stronger the emergency call center becomes, when the emergency call center adopts the cushion system.

A smart grid is a digitally enabled electrical grid that gathers, distributes, and acts on information about the behavior of all participants (suppliers and consumers) in order to improve the efficiency, importance, reliability, economics, and sustainability of electricity services. Currently, smart grid systems are widely considered to be fundamental components for improving the monitoring and control of a power distribution infrastructure. Using a distributed measurement architecture, it is possible to gather information about the smart grid status in order to monitor and control the overall infrastructure, including remote units. This technology can control the use of electricity. In particular, users can monitor and limit the electricity consumption of each home appliance in real time. Likewise, power companies can monitor and control electricity consumption in order to stabilize the electricity supply. However, these features may cause serious problems in the case of data leakage. For example, if a malicious attacker is able to sniff and analyze data, they can figure out the usage pattern and ascertain when a house is empty. Thus, users could suffer serious damage, such as burglary. Therefore, we propose a privacy-enhanced secure data transaction system. The proposed system can protect private data using encryption. The encrypted data includes the user’s ID, home appliance serial number, and electricity consumption. Thus, attackers cannot obtain important data for analysis from transaction data. In addition, unauthorized power companies are unable to access this information.

The user authentication scheme in a global mobility network is an important security issue that allows users of mobile devices to access a secure roaming service through wireless networks. Over recent years, many anonymous authentication schemes have been proposed for roaming services in global mobility networks. In 2012, Mun et al. proposed a new enhancement for scheme that uses the Elliptic Curve Diffie–Hellman protocol to overcome security weaknesses and improve performance. However, this has some vulnerabilities, such as in the case of replay attacks and man-in-the-middle attacks. In this paper, we demonstrate the weaknesses of Mun et al.’s scheme to the attacks mentioned above. We also propose an improved secure anonymous authentication scheme for roaming services.

From using secret knowledge like password up to physical traits as biometrics, current smartphone authentication systems are deemed inconvenience and difficult for users. Burdens on remembering password as well as privacy issue on stolen or forged biometrics have raised a new idea of authentication systems. New system is expected to be transparent to users without or with very minimum user involvement being as implicit authentication system. With user’s convenience in mind yet without sacrificing security aspect, behavioral biometrics can be applied in implicit authentication system for security protection to users and their smartphones. Behavioral biometrics (behaviometrics) concept has emerged intending on both being inexpensive for deployment and being safe to user as compared on physical traits-based biometrics. One of the human behaviors considered being unique is arm’s flex (AF). It is gestural pattern i.e. the way people bending their arm for picking a phone when responding to incoming calls. That arm’s flexing is considered as a subset of gesture pattern in lower limb gesture. We study and evaluate arm’s movements that take place when picking up smartphone to receive incoming phone call. Our study shows that arm’s movements captured by smartphone built-in accelerometer are potentially useful for authentication system using smartphone. Our study shows that AF is indeed unique and has discriminant power to distinguish one user from others. These findings will promisingly augment development of novel implicit and transparent authentication system in smartphone so that authentication becomes easier and unobtrusive for user.

Grid Security Infrastructure (GSI) is the most common security infrastructure for grid computing, which is also based on Public Key Infrastructure (PKI). Therefore, the process to issue certificates for grid users, which is usually including interviewing with registration authorities (RAs) for identifying the user in person, is complicate and difficult to ensure reliability. We could therefore rely on the certificate issuance process of national PKI, which includes RA system guaranteed by governments. However, it is not possible to adapt the national PKI on GSI without modifying security software due to technical and legal problems. Either certificate validation or certificate path validation will be fail in that case. In this paper, we propose an alternative certificate validation method which translates the original certificate of national PKI to grid credential on separate GSI and delegate the translated credential to grid service by an extended OAuth protocol. The proposed idea is implemented in service called SecureBox which is operating in demo site. GSI can now adapt a reliable certificate issuance process including nationwide RA system from national PKI by the service.

Keeping pace with the increase of digital information in use, Cloud storage is in service, which can store one’s data from distance through network and various devices and easy to access. Unlike the existing removable storage necessary in order to carry data, it is used many users because it has no limit of memory capacity and no need to carry storage medium. As many users save a great volume of date in Cloud storage, its reliability has become a focus of issue. To protect it from unethical managers and attackers, researches are being conducted on application of a variety of cryptography systems such as searchable encryption and proxy re-encryption to Cloud storage system. However, existing searchable encryption technology is inconvenient in the cloud storage environment in which the user uploads data in person, and those data are shared with others, whenever it is necessary to do, and those with whom data are shared change frequently. In this paper, we propose a searchable re-encryption scheme by which user can share data with others safely by generating searchable encryption index, and re-encrypting it.

Cloud services are so efficient and flexible to expend and manage the service so that various cloud services are commercially implemented and provided by KT uCloud, Amazon EC2, and the other companies. As could service are quickly deployed, more security problems occurs and cloud forensic procedures for cloud systems are needed. But, in multi-users serviced cloud systems, a system suspension makes serious problems to users so that collecting evidences and analysis have to be performed in the field and live analysis is important in cloud systems. Cloud system based on Hadoop distributed file system has characteristics of massive volume of data and multi-users, physically-distributed data, and multi-layered data structures. The previous forensic procedures and methodologies are not appropriate for cloud system based on Hadoop distributed file system. In order to deal with those characteristics of cloud system, we propose Hadoop based cloud forensic procedure that supports static analysis after live analysis and live collection without system suspension, and Hadoop based cloud forensic guidelines. With our proposed Hadoop based cloud forensic procedure, we can decrease the time for evidence collection and evidence volume

As private information can be contained in the DLP (Data Leakage Prevention) system’s target of monitoring, the monitoring process inevitably violates privacy of the internal employees. Currently, existing DLP systems do not consider the privacy violation during the monitoring process. In this work, we are proposing a DLP system considering privacy violation level. The privacy violation level of our system has static and dynamic characteristics. The static privacy level just indicates the monitoring target’s portion of private data. The dynamic privacy level indicates the portion of private data which are disclosed by DLP system. The privacy level of our proposing DLP system can be used to control the private violation by removing specific monitoring targets in DLP system. The contribution of this work is defining the privacy level in DLP system and implementing the proposed idea.