클라우드 스토리지 서비스에 대한 메타데이터 기반 파일선별 수집 방법 및 구현

한중수,이승용,오정훈,김준수,정혜진,황현욱 한국디지털포렌식학회 2020 디지털 포렌식 연구 Vol.14 No.3

With the spreading of cloud storage services, company or general users' data is migrating from local storage in PC to cloud storage. Therefore, the scope of collection of crime or incident-related information in the field should include the data in the cloud storage. Under the enhanced privacy protection policy, it is compelled to collect evidence data only related to cases in the field. In general, because there are differences in how files in the local storage and files in the cloud storage are accessed, it is often difficult to apply the same technique of selectively collecting files in the existing local storage to files in the cloud storage. In the cloud storage, file information and contents are located in remote cloud storage. In the case of large files, in order to apply in the same way as the files in the existing local storage, the files are downloaded from the remote storage and analyzed. It takes a lot of time for an analysis so that there are difficulties in field investigation. In this paper, we propose a method for filtering and collecting files in cloud storage similar to the method for filtering and collecting files in existing local storage in forensic tools. First, we introduce the access method for authentication and resources for the most used cloud services: Dropbox and OneDrive service among cloud storage services. Each cloud service provides I/O API related to authentication and file for third party app developers. It covers how to access individual files, folders and metadata through these APIs. The metadata includes additional meaningful metadata such as information of the user who modified the file and shared user log. These additional metadata can be a significant clue from the perspective of the investigation. In this paper, we focus on the list and metadata of files in the cloud storage. We present a methodology for effectively searching data related to cases by applying the method provided by each cloud service to the existing searching method. 클라우드 저장소 서비스의 확산에 따라 기업 또는 일반 사용자들의 데이터는 PC 내의 로컬 저장소에서 클라우드 저장소로 옮겨가고 있다. 따라서 현장에서 범죄 또는 사건 관련 정보의 수집 대상은 클라우드 저장소의 데이터들까지 포함하여 범위가 확장되어야 한다. 강화된 개인정보보호법에 의하여 현장에서 사건과 관련된 증거 데이터들에 대해서만 선별하여 수집하도록 강제되고 있는 상황이다. 일반적으로 로컬 저장소 내의 파일들과 클라우드 저장소 내의 파일들은 파일에 접근하는 방법에 차이가 존재하기 때문에, 기존 로컬 저장소의 파일들을 선별수집하는 기술을 그대로 적용시키기 어려운 경우가 많다. 클라우드 저장소의 파일은 파일 정보 및 내용이 원격 클라우드 저장소 내에 위치한다. 대용량 파일들의 경우 기존 로컬 저장소의 파일과 동일한 방법으로 적용하기 위해서는 해당 파일들을 원격 저장소로부터 모두 내려 받은 후 분석을 진행한다. 이 때 분석에 소요되는 시간이 많고 현장 수사에 있어서 어려움이 존재한다. 본 논문에서는 포렌식 도구에서 기존 로컬 저장소들의 파일들이 선별수집 되는 방법과 유사하게 클라우드 저장소의 파일들을 선별수집 하는 방법을 제시한다. 우선, 클라우드 저장소 서비스들 중 가장 많이 사용되는 드롭박스 및 원드라이브 서비스에 대한 인증 및 리소스에 대한 접근 방법을 소개한다. 각 클라우드 서비스들은 서드파티 앱 개발자들을 위한 인증 및 파일 관련 입출력 API를 제공한다. 이러한 API들을 통해 개별 파일, 폴더 및 메타데이터에 접근하는 방법을 다룬다. 해당 메타데이터들은 파일을 수정한 사용자의 정보 및 공유된 사용자 내역 등 추가적인 매우 유용한 메타데이터들을 포함한다. 이러한 추가적인 메타데이터들은 수사적인 측면에서 유의미한 단서가 될 수 있다. 본 논문에서는 클라우드 저장소 내의 파일들에 대한 리스트와 파일의 메타데이터 수집에 초점을 맞추어 연구를 진행한다. 각 클라우드 서비스에서 제공하는 방식을 기존의 선별수집 방법에 적용하여 효과적으로 사건과 관련된 데이터들을 선별하는 방법론을 제시한다.

A Review of Cloud Computing Security Issues

Manpreet Kaur,Hardeep Singh 보안공학연구지원센터 2015 International Journal of Grid and Distributed Comp Vol.8 No.5

Cloud Computing is an emerging paradigm which has become today’s hottest research area due to its ability to reduce the costs associated with computing. In today’s era, it is most interesting and enticing technology which is offering the services to its users on demand over the internet. Since Cloud computing stores the data and its disseminated resources in the environment, security has become the main obstacle which is hampering the deployment of cloud environments. There are number of users used cloud to store their personal data, so that data storage security is required on the storage media. The major concern of cloud environment is security during upload the data on cloud server. Data storage at cloud server attracted incredible amount of consideration or spotlight from different communities. For outsourcing the data there is a need of third party. The importance of third party is to prevent and control unauthorized access to data store to the cloud. This research paper discusses the security issues of cloud storage.

An Efficient Public Auditing Scheme for Multi-Cloud Storage

Jae Jung Kim,Seng Phil Hong 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.12

In cloud computing, cloud users can upload their data to cloud storage server in order to save local storage and access their data from anywhere. However, cloud storage service also brings serious security issues. Cloud users should be convinced of the correctness of their data stored remotely in the cloud. Thus, a reliable auditing scheme is desired to help cloud users check the integrity of their remote data. In this paper, we first propose an efficient cloud auditing scheme for multi-cloud storage systems, which can also preserve the privacy. Then, we extend our auditing scheme to support dynamic auditing and batch auditing for both multiple cloud users and multiple cloud service providers (CSPs), which makes the scheme more practical and efficient. Security analysis shows that our auditing scheme is provably secure. Our experiments indicate that our solution is efficient and significantly relieves the computation burden of both third party auditor (TPA) and CSP.

Cloud-based Healthcare data management Framework

( Mohemmed Sha M ),( Mohamudha Parveen Rahamathulla ) 한국인터넷정보학회 2020 KSII Transactions on Internet and Information Syst Vol.14 No.3

Cloud computing services changed the way the data are managed across the healthcare system that can improve patient care. Currently, most healthcare organizations are using cloud-based applications and related services to deliver better healthcare facilities. But architecting a cloud-based healthcare system needs deep knowledge about the working nature of these services and the requirements of the healthcare environment. The success is based on the usage of appropriate cloud services in the architecture to manage the data flow across the healthcare system.Cloud service providers offer a wide variety of services to ingest, store and process healthcare data securely. The top three public cloud providers- Amazon, Google, and Microsoft offers advanced cloud services for the solution that the healthcare industry is looking for. This article proposes a framework that can effectively utilize cloud services to handle the data flow among the various stages of the healthcare infrastructure. The useful cloud services for ingesting, storing and analyzing the healthcare data for the proposed framework, from the top three cloud providers are listed in this work. Finally, a cloud-based healthcare architecture using Amazon Cloud Services is constructed for reference.

DNA Based Cloud Storage Security Framework Using Fuzzy Decision Making Technique

( Abhishek Majumdar ),( Arpita Biswas ),( Krishna Lal Baishnab ),( Sandeep K. Sood ) 한국인터넷정보학회 2019 KSII Transactions on Internet and Information Syst Vol.13 No.7

In recent years, a cloud environment with the ability to detect illegal behaviours along with a secured data storage capability is much needed. This study presents a cloud storage framework, wherein a 128-bit encryption key has been generated by combining deoxyribonucleic acid (DNA) cryptography and the Hill Cipher algorithm to make the framework unbreakable and ensure a better and secured distributed cloud storage environment. Moreover, the study proposes a DNA-based encryption technique, followed by a 256-bit secure socket layer (SSL) to secure data storage. The 256-bit SSL provides secured connections during data transmission. The data herein are classified based on different qualitative security parameters obtained using a specialized fuzzy-based classification technique. The model also has an additional advantage of being able to decide on selecting suitable storage servers from an existing pool of storage servers. A fuzzy-based technique for order of preference by similarity to ideal solution (TOPSIS) multi-criteria decision-making (MCDM) model has been employed for this, which can decide on the set of suitable storage servers on which the data must be stored and results in a reduction in execution time by keeping up the level of security to an improved grade.

Technical Consideration for Applying Cloud Computing Technologies in Telecommunication Networks

Seung Min Kim 에스케이텔레콤 (주) 2011 Telecommunications Review Vol.21 No.3

The business benefits of Cloud computing to Cloud service providers, basically, come from the economy of scale. As a telecommunication operator who wants to become a major Cloud service provider successfully, the transformation of the current dedicated computing & network infrastructure into a commodity hardware-based Cloud computing infrastructures is necessary. In this position paper, we propose three technical consideration points for applying Cloud computing technologies into telecommunication operators' networks, i.e. Network Clouds. We think that guaranteeing time readiness, supporting service scalability and providing secure storage with cost-effectively are the most important things to be researched for realizing Network Clouds. Guaranteeing time readiness is necessary for running time sensitive network services on virtual machines. Supporting service scalability is required to run carrier-grade services safely and effectively using unreliable commodity computing machines, and providing secure storage to customers with cost-effectively is needed as a default service for introducing Cloud computing services into B2C and B2B areas. We present the results of experimentation to check the current state-of-the-art Cloud computing technologies for managing these consideration points. Finally, our on-going approach to transforming our telecommunication network equipments into a Network Cloud is described briefly.

A Novel Safe File Sharing Method Based on Cloud Storage Structure in DHT Networks

Zhongning Lu,Gaofeng Shen 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.7

Safe file sharing mechanism in cloud storage is one of the most significant elements that affects the development of security technology. With application of homomorphic key agreement mechanism、Shamir secret sharing algorithm. Bloom Filter and B-tree search algorithm and Rsync data updating algorithm, a safe file sharing scheme in cloud storage is established based on cloud storage infrastructure of DHT networks. Under the circumstance of cloud storage, the scheme can make full use of the sharing mechanism and achieve the confidentiality and integrity of the file. Based on DHT networks, the analysis and test of data sharing are conducted in the paper. Together with file upload and download, the test of data encryption and decryption is done on the basis of Dropbox. As the result shows, the scheme puts forward a safe and effective solution to safe file sharing in cloud storage.

Research on The Network Cloud Teaching Mode of PBL Project Teaching Method

Lei Zhang,Zheng Ren,Xianming Shi,Qingqi Zeng 보안공학연구지원센터 2016 International Journal of u- and e- Service, Scienc Vol.9 No.10

This paper designed the learning resource storage model mainly based on Hadoop platform, and the system structure was optimized on the basis of the original system against the problems of inefficient storage of massive small files, high memory overhead on the Hadoop platform. The PBL teaching resources are classified to improve the utilization ratio of resources and access efficiency of resources according to the file size and file correlation. When processing the small files, small files are merged according to the knowledge point, and then storage processing is conducted with the method of handling large files, giving full play to the advantages of processing files in the Hadoop. Simulation experiment is conducted in the laboratory environment, to compare the integrated storage space with the time required for resources storage. The result is that the model can reduce the storage space of the file, and improve the integrated storage efficiency on the basis of not affecting file storage.

A Billboard Manager Based Model That Offers Dual Features Supporting Cloud Operating System And Managing Cloud Data Storage

Rajesh Bose,Sandip Roy,Debabrata Sarddar 보안공학연구지원센터 2015 International Journal of Hybrid Information Techno Vol.8 No.6

With an increasing focus on mobility and an innate desire to access data and information efficiently and as quickly as possible, users are turning to technologies that can service their needs with the minimum of fuss and a high degree of reliability. In this paper, we have designed a proposed model that seeks to combine Billboard Manager with an open source cloud operating system known as eyeOS that, together, can help achieve the goals desired in a private cloud environment. The eyeOS is essentially a web-based operating system that allows file read/write/update operations in cloud. The architecture that we have proposed in this paper, involves a mix of the Internet, a private cloud zone, and a Billboard Manager managing an eyeOS powered layer. In this model, any user would be able to create, update, access, and delete almost any file from anywhere where there is Internet connectivity options available. The Billboard Manager would enable users to store or retrieve files across distributed storage nodes in a private cloud zone. The architecture that we have proposed is aimed at providing a thin-client architecture to any user with a PC, laptop, or a suitably-enabled mobile computing device, such that the user is able to collaborate and communicate his/her work within a private cloud zone from almost any location.

신뢰성 있는 데이터 전송을 위한 Connected DataLake 시스템의 설계 및 구현

박선,차병래,이연우,김종원 한국스마트치안학회 2022 스마트치안연구 Vol.3 No.2

Currently, the edge cloud for efficient management of IoT and various devices is increasing, so there is a growing need to safely and flexibly manage the stored data in the Edge Cloud. One of the most effective ways to efficiently manage the growing edge cloud is to store the data of each distributed edge cloud to the cloud. In this paper, we design and implement a connected DataLake system based on distributed cloud storage that delivers data stored in multiple Edge Clouds securely to micro cloud storage. In addition, the system performs real-time error recovery such that the transferred data can be restored to the abnormal point when an abnormality occurs during transmission. The developed Connected DataLake system was proved to show the efficiency of the system in the KOREN/TEIN network. 현재 점차 증가하는 IoT 및 다양한 장치들을 효율적 관리를 위한 에지 클라우드(Edge Cloud)가 증가하는 추세에 있으며, 다중 에지 클라우드(Cloud)에 저장된 데이터를 안전하고 유연한 관리의 필요성이 증가하고 있다. 이를 위해서 늘어나는 에지 클라우드를 효율적으로 통합 관리하기 위해서는 각각 분산 저장된 에지 클라우드들의 자료를 클라우드에 저장하는 방법이 현재 가장 효율적인 방법의 하나다. 그러나 에지 클라우드와 클라우드 간에 데이터 전송에 따른 효율적인 연동이 어려운 상황이다. 본 논문은 다수의 에지 클라우드에 저장된 데이터를 마이크로 클라우드 스토리지에 안전하게 전달하며, 전달 도중 이상 발생 시 이상 시점까지 전달 데이터를 복원할 수 있도록 실시간으로 처리하는 분산 클라우드 스토리지(분산) 기반 Connected DataLake 시스템을 설계 및 구현하였다. 개발된 Connected DataLake 시스템을 국내 네트워크 연구망인 KOREN망에 실증을 통하여 개발 시스템의 효율성을 보였다.