DOI QR코드

DOI QR Code

Internal Network Partition Security Model Based Authentication using BlockChain Management Server in Cloud Environment

클라우드 환경에서 블록체인관리서버를 이용한 인증기반 내부망 분리 보안 모델

  • 김영수 (배재대학교 사이버보안학과) ;
  • 이병엽 (배재대학교 사이버보안학과)
  • Received : 2018.04.16
  • Accepted : 2018.05.14
  • Published : 2018.06.28

Abstract

Recently, the threat to the security and damage of important data leaked by devices of intranet infected by malicious code through the Internet have been increasing. Therefore, the partitioned intranet model that blocks access to the server for business use by implementing authentication of devices connected to the intranet is required. For this, logical net partition with the VDI(Virtual Desktop Infrastructure) method is no information exchange between physical devices connected to the intranet and the virtual device so that it could prevent data leakage and improve security but it is vulnerable to the attack to expose internal data, which has access to the server for business connecting a nonregistered device into the intranet. In order to protect the server for business, we suggest a blockchain based network partition model applying blockchain technology to VDI. It contributes to decrease in threat to expose internal data by improving not only capability to verify forgery of devices, which is the vulnerability of the VDI based logical net partition, but also the integrity of the devices.

Keywords

Cloud;BlockChain;Authentication;MAC Address;Internal Network Partition;Security

Acknowledgement

Supported by : 배재대학교

References

  1. 김영수, 문형진, 조혜선, 김병익, 이진해, 이진우, 이병엽, "계층적침해자원기반의 침해사고 구성 및 유형 분석," 한국콘텐츠학회논문지, 제16권, 제11호, pp.139-153, 2016. https://doi.org/10.5392/JKCA.2016.16.11.139
  2. 김영수, 이병엽, "클라우드 환경에서 문서의 유형분류를 위한 시맨틱 클러스터링 모델," 한국콘텐츠학회논문지, 제17권, 제11호, pp.389-397, 2017. https://doi.org/10.5392/JKCA.2017.17.11.389
  3. E. B. Lee, A Study on Information Security of Network Partition Based, Proc. of the KIISC Conference 20, Vol.1, pp.39-46, 2010.
  4. M. E. Kuhl, Cyber Attack Modeling and Simulation for Network Security Analysis, Simulation Conference 2007 (Winter), pp.1180-1188, 2007.
  5. J. S. Moon, Cyber Terrorism Trends and Countermeasures, Proc. of the KIISC Conference 20, Vol.4, pp.21-27, 2010.
  6. B. Lee and J. H. Lee, "Blockchain based secure firmware update for embedded devices in an Internet of Things environment," Journal of Supercomputing, Vol.73, No.3, pp.1152-1167, 2017. https://doi.org/10.1007/s11227-016-1870-0
  7. Satoshi Nakamoto, "Bitcoin:A peer-topeer electronic cash system," 2008.
  8. B. Lee, Y. J. Lim, and J. H. Lee, "Consensus algorithms in block-chain platforms," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.386-387, 2017.
  9. H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, "A timing-based scheme for rogue AP detection," IEEE Trans. Parallel Distrib. Syst., Vol.22, No.11, pp.1912-1925, Nov. 2011. https://doi.org/10.1109/TPDS.2011.125
  10. D. Inoue, R. Nomura, and M. Kuroda, Transient MAC address scheme for untraceability and DOS attack resiliency on wireless network," in Proc. Wireless Telecommun. Symp., pp.15-23, Pomona, U.S.A., Apr. 2005.
  11. S. Banerjee, Order-P, An Algorithm To Order Network Partitionings, ICC '92, Conference record, SUPERCOMM, ICC '92, Discovering a New World of Communications, IEEE International Conference on 1, pp.432-436, 1992.
  12. Samuel T. King, SubVirt:Implementing Malware with Virtual Machines, Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.
  13. C. Y. An and C. Yoo, Comparison of Vitualization Method, Proc. of the KIISE Korea Computer Congress 2008, Vol.35, No.1, pp.446-450, 2008.
  14. Guangda Lai, A Service Based Lightweight Desktop Virtualization System, Service Sciences (ICSS), 2010 International Conference on, pp.277-282, 2010,
  15. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," Proc. of the 9th SOSP, pp.164-177, Oct. 2003.
  16. B. Liu, L. Lishen, and X. Qin, "Research on Hardware I/O Passthrough in Computer Virtualization," Proc. of ISCSCT 2010, pp.353-356, Aug. 2010.
  17. S. H. Kim, J. Y. Yang, and Y. J. Kim, "A Study on the Selfish Mining of Block Chain," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.422-423, 2015.
  18. I. Eyal and Emin G. Sirer, "Majority is not Enough: Bitcoin Mining is Vulnerable," In Financial Cryptography, pp.436-454, 2014.
  19. A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Capkun, "On the security and performance of proof of work blockchains," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM, pp.3-16, Oct. 2016.
  20. Muneeb Ali and Jude Nelson, Blockstack: A Global Naming and Storage System Secured by Blockchains, USENIX ATC, 2016.
  21. Vitalik Buterin, "A Next Generation Smart Contract & Decentralized Application Platform," Ethereum White Paper, 2014.