한국콘텐츠학회논문지 (The Journal of the Korea Contents Association)

  • 제18권6호
  • /
  • Pages.434-442
  • /
  • 2018
  • /
  • 1598-4877(pISSN)
  • /
  • 2508-6723(eISSN)
한국콘텐츠학회 (The Korea Contents Association)
권호 표지
DOI QR코드

DOI QR Code

클라우드 환경에서 블록체인관리서버를 이용한 인증기반 내부망 분리 보안 모델

Internal Network Partition Security Model Based Authentication using BlockChain Management Server in Cloud Environment

  • 김영수 (배재대학교 사이버보안학과) ;
  • 이병엽 (배재대학교 사이버보안학과)
  • 투고 : 2018.04.16
  • 심사 : 2018.05.14
  • 발행 : 2018.06.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

오늘날 보안 위협이 점차 증가하고, 인터넷을 통한 외부악성 코드에 감염된 디바이스에 의해서 중요 데이터가 유출되는 피해가 증가하고 있다. 따라서 내부망에 연결된 디바이스에 대한 인증을 통해서 업무용 서버로의 접근을 차단하는 내부망 분리 모델이 필요하다. 이를 위한 VDI (Virtual Desktop Infrastructure)방식을 사용한 논리적 망 분리는 내부망에 연결된 물리 디바이스와 가상 디바이스 간에는 정보 교환이 차단되는 방식으로 중요 데이터의 유출을 방지하고 있으나 미등록 디바이스를 사용하여 내부망의 업무용 서버에 접근하여 중요 자료를 유출하는 공격에는 취약하다. 따라서 이의 해결책으로 VDI(Virtual Desktop Infrastructure) 기술에 블록체인 기술을 수용하여 블록체인 기반 망 분리 모델을 제안한다. 이는 VDIVirtual Desktop Infrastructure) 방식의 논리적 망 분리의 보안 취약점인 디바이스의 위변조에 대한 식별 능력과 디바이스의 무결성 강화를 통한 내부의 중요 데이터의 유출 위협을 감소시키는데 기여한다.

Recently, the threat to the security and damage of important data leaked by devices of intranet infected by malicious code through the Internet have been increasing. Therefore, the partitioned intranet model that blocks access to the server for business use by implementing authentication of devices connected to the intranet is required. For this, logical net partition with the VDI(Virtual Desktop Infrastructure) method is no information exchange between physical devices connected to the intranet and the virtual device so that it could prevent data leakage and improve security but it is vulnerable to the attack to expose internal data, which has access to the server for business connecting a nonregistered device into the intranet. In order to protect the server for business, we suggest a blockchain based network partition model applying blockchain technology to VDI. It contributes to decrease in threat to expose internal data by improving not only capability to verify forgery of devices, which is the vulnerability of the VDI based logical net partition, but also the integrity of the devices.

키워드

참고문헌

  1. 김영수, 문형진, 조혜선, 김병익, 이진해, 이진우, 이병엽, "계층적침해자원기반의 침해사고 구성 및 유형 분석," 한국콘텐츠학회논문지, 제16권, 제11호, pp.139-153, 2016. https://doi.org/10.5392/JKCA.2016.16.11.139
  2. 김영수, 이병엽, "클라우드 환경에서 문서의 유형분류를 위한 시맨틱 클러스터링 모델," 한국콘텐츠학회논문지, 제17권, 제11호, pp.389-397, 2017. https://doi.org/10.5392/JKCA.2017.17.11.389
  3. E. B. Lee, A Study on Information Security of Network Partition Based, Proc. of the KIISC Conference 20, Vol.1, pp.39-46, 2010.
  4. M. E. Kuhl, Cyber Attack Modeling and Simulation for Network Security Analysis, Simulation Conference 2007 (Winter), pp.1180-1188, 2007.
  5. J. S. Moon, Cyber Terrorism Trends and Countermeasures, Proc. of the KIISC Conference 20, Vol.4, pp.21-27, 2010.
  6. B. Lee and J. H. Lee, "Blockchain based secure firmware update for embedded devices in an Internet of Things environment," Journal of Supercomputing, Vol.73, No.3, pp.1152-1167, 2017. https://doi.org/10.1007/s11227-016-1870-0
  7. Satoshi Nakamoto, "Bitcoin:A peer-topeer electronic cash system," 2008.
  8. B. Lee, Y. J. Lim, and J. H. Lee, "Consensus algorithms in block-chain platforms," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.386-387, 2017.
  9. H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, "A timing-based scheme for rogue AP detection," IEEE Trans. Parallel Distrib. Syst., Vol.22, No.11, pp.1912-1925, Nov. 2011. https://doi.org/10.1109/TPDS.2011.125
  10. D. Inoue, R. Nomura, and M. Kuroda, Transient MAC address scheme for untraceability and DOS attack resiliency on wireless network," in Proc. Wireless Telecommun. Symp., pp.15-23, Pomona, U.S.A., Apr. 2005.
  11. S. Banerjee, Order-P, An Algorithm To Order Network Partitionings, ICC '92, Conference record, SUPERCOMM, ICC '92, Discovering a New World of Communications, IEEE International Conference on 1, pp.432-436, 1992.
  12. Samuel T. King, SubVirt:Implementing Malware with Virtual Machines, Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006.
  13. C. Y. An and C. Yoo, Comparison of Vitualization Method, Proc. of the KIISE Korea Computer Congress 2008, Vol.35, No.1, pp.446-450, 2008.
  14. Guangda Lai, A Service Based Lightweight Desktop Virtualization System, Service Sciences (ICSS), 2010 International Conference on, pp.277-282, 2010,
  15. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," Proc. of the 9th SOSP, pp.164-177, Oct. 2003.
  16. B. Liu, L. Lishen, and X. Qin, "Research on Hardware I/O Passthrough in Computer Virtualization," Proc. of ISCSCT 2010, pp.353-356, Aug. 2010.
  17. S. H. Kim, J. Y. Yang, and Y. J. Kim, "A Study on the Selfish Mining of Block Chain," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp.422-423, 2015.
  18. I. Eyal and Emin G. Sirer, "Majority is not Enough: Bitcoin Mining is Vulnerable," In Financial Cryptography, pp.436-454, 2014.
  19. A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Capkun, "On the security and performance of proof of work blockchains," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM, pp.3-16, Oct. 2016.
  20. Muneeb Ali and Jude Nelson, Blockstack: A Global Naming and Storage System Secured by Blockchains, USENIX ATC, 2016.
  21. Vitalik Buterin, "A Next Generation Smart Contract & Decentralized Application Platform," Ethereum White Paper, 2014.