Journal of the Korea Institute of Information and Communication Engineering 한국정보통신학회논문지 (J. Korea Inst. Inf. Commun. Eng.) Vol. 18, No. 7 : 1495~1504 July. 2014 정부 ICT R&D 중장기전략과 ICT 패러다임변화를반영한디지털포렌식표준정립을위한기술 - 정책적통합프로세스프레임워크 신준우 * A Technology-Strategy Integrated Digital Forensic Process Framework Considering Government ICT R&D Strategy and ICT Paradigm Shift Jun Woo Shin * National IT Industry Promotion Agency, Daejeon 305-348, Korea 요약인터넷뱅킹과같은부가서비스, 채팅등과같은대화형서비스를이용하는정보화사회가정착되었고, 더욱이스마트기기를이용한서비스사용이급속하게발전함에따라신규보안기술분야로디지털포렌식에관한연구가활발히진행되고있다. 본논문에서는디지털포렌식에관한기존의연구를체계적으로분석하고앞으로정부의 ICT R&D 중장기전략과 ICT 패러다임변화를반영하여첨단 IT기술과우리나라법체제를융합하는체계적인디지털포렌식표준정립을위한기술-정책적통합프로세스프레임워크를제안한다. ABSTRACT Currently information related service such as internet banking, chatting, social network services are quite well smeared into our daily life. Moreover, a rapid growth of service using smart devices brought an importance of security in internet services and a research activation of digital forensic in a crime investigation. This paper presented a previous digital forensic research trend and based on this, suggested a technology-strategy integrated digital forensic process platform, taking a mid-long term government leading ICT R&D strategy and ICT paradigm shift into account. 키워드 : 디지털포렌식, 기술 - 정책적프로세스, ICT R&D, ICT 패러다임 Key word : Digital Forensic, Technology-Strategy Process, ICT R&D, ICT paradigm, etc 접수일자 : 2014. 04. 08 심사완료일자 : 2014. 04. 28 게재확정일자 : 2014. 05. 16 * Corresponding Author Jun Woo Shin(E-mail:sjw@nipa.kr, Tel:+82-42-710-1450) Natioanl IT Industry Promotion Agency, Daejeon 305-348, Korea Open Access http://dx.doi.org/10.6109/jkiice.2014.18.7.1495 print ISSN: 2234-4772 online ISSN: 2288-4165 This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License(http://creativecommons.org/li-censes/ by-nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited. Copyright C The Korea Institute of Information and Communication Engineering.
한국정보통신학회논문지 (J. Korea Inst. Inf. Commun. Eng.) Vol. 18, No. 7 : 1495~1504 July. 2014 Ⅰ. 서론디지털포렌식에관한 IT기술연구논문은다수존재하지만사회과학및법학과관련한연구논문은매우부족한실정이다. 하지만, 이러한 IT기술연구는디지털증거가가지고있는다양한법학적문제에대한접근이어렵다고할것이고앞으로발생하게될디지털증거의문제를해결하기에는많은어려움이발생할것이다. 따라서, 디지털포렌식에서사회과학및법학적측면의접근을하면서디지털기술을융합하는학문적연구가절대적으로필요하다. 즉, 빠르게변화하는첨단 IT기술과이를법제표준에적용할수있는법학분야를융합하여연구를하는것이필요하다. 본논문에서는이공분야관점의디지털포렌식기술이객관적으로증명되어법제요구사항을충족시킬수있도록체계적인디지털포렌식시스템구축을위한기술적, 정책적통합프로세스정립에대해연구하고, 정부의미래 ICT R&D 중장기전략과 ICT 패러다임변화를반영하여급변하는 ICT 기술과정책이연계되어융합되는연구추진방안을검토한다. 이러한검토를바탕으로디지털포렌식표준정립을위한기술-정책적통합프로세스프레임워크의일례를제안하여향후기술과정책이융합되는방안을제시한다. Ⅱ. 디지털포렌식관련연구 2.1. 디지털포렌식절차디지털포렌식은크게증거수집, 증거분석, 증거제출절차로이루어진다. [ 그림 1] 과 [ 표 1] 에보인바와같이디지털포렌식절차는증거수집을위한사전단계에서부터증거수집과증거분석및데이터복구, 결과에대한보고서작성까지의절차이다 [1]. 표 1. 디지털포렌식절차및기술 [1] Table. 1 Digital forensic process and technology[1] Prior evidence collection step Evidence collection step Evidence analysis step Evidence submission step Process -Establish application plan for Professional Manpower Training and forensic tool -Establish plan for continuity of storage -Establish plan for maintain of data integrity -Priority of volatile evidence collection -Make a decision whether to power down or not -Flexible action for evidence collection object -Evidence collection -Data recovery -Evidence analysis -Write final report -Evidence submission Content and Technology -Expert who has knowledge of various operating system and file system, network, data base, and accounting system should be educated about digital forensic. They attend as an investigator to collect the evidence with speed and accuracy by using specialized tools. -Establish the detailed plan to prove that the evidence is not destroyed and show that the evident is integrity by obtaining some information such as person who has the evidence, time, and reason why taking the evidence. -Data should be read from storage media (computer memory, hard disks, USB, etc) for digital evidences, which can be easily damaged and lost, with a guarantee of the integrity of the data.(integrity: It means that data modulation is not caused by raw storage media.) -One of useful technique for evidence collection is Imaging technique guaranteeing integrity -Useful information should be extracted from the data obtained from evidence collection. -Useful information can usually exist inside or outside the file system of storage media. For example, criminals can hide important information inside the NTFS or in the blocks which are not used by the NTFS. -Recovery technique for deleted files, decoding of encrypted files, and string Searching technique are useful techniques for evidence analysis. -Reliability of evidence data should be secured so that the impounded digital evidences are chosen as legal evidences. -Legal standard procedure for digital forensic and verification procedure for forensic tools should be made. 그림 1. 디지털포렌식절차 [1] Fig. 1 Digital Forensic Process 디지털포렌식의분석대상에따라다음과같이몇가지포렌식유형으로분류할수있다. 1496
정부 ICT R&D 중장기전략과 ICT 패러다임변화를반영한디지털포렌식표준정립을위한기술 - 정책적통합프로세스프레임워크 표 2. 디지털포렌식분석대상에따른유형 Table. 2 Digital forensic types according to analysis objects Type Computer forensic Embedded (moblie) forensic Network forensic Content Digital forensic for a general-purpose computer using Windows or Unix as operating system Digital forensic for various device such as mobile device (e.g. smart phone), digital camera, camcorder, or PDA Forensic for collecting and analyzing data such as network information, user log, and internet browsing history from communication device in case of communication by computer of smartphone 2.3. 디지털포렌식시스템및분석툴디지털포렌식법률체계는개별적인법률의단순한집합이아니라, 디지털증거의적법성확보와디지털포렌식기술활용과관계된법목표들의유기적인체계로구성되어있다. 현재디지털포렌식법률체계의구성요소들에대해국외법제현황과국내법제현황을비교함으로써국내법제에요구되는사항들을분석하여정리하면 [ 표 4] 와같다 [3]. Ⅲ. ICT 패러다임변화를반영하는기술 - 정책적통합프로세스 2.2. 디지털포렌식시스템및분석툴현재상용화되어있는컴퓨터포렌식증거수집및분석소프트웨어는 Guidance Software사의 EnCase와 AccessData사의 ForensicToolkit이가장널리사용되고있다. Paraben사는모바일기기에대한전문분석가들을위해서 Cell Siezure, PDA Siezure 등의소프트웨어와각종휴대용기기와의연결을지원하는툴박스형태의상용제품을제공하고있으며, 메모리를직접분석할수있는소프트웨어도개발하여제공한다. 디지털포렌식툴중에서컴퓨터포렌식툴의현황은 [ 표 3] 과같다 [2]. 현재디지털포렌식의분류는분석대상에따라디스크포렌식, 시스템포렌식, 네트워크포렌식, 인터넷포렌식, 모바일포렌식, 데이터베이스포렌식, 암호포렌식, 회계포렌식등 8개로분류할수있다. 그렇지만현재웹기술의발전 ( 웹메일, 블로그, 카페, SNS, 클라우드컴퓨팅 ) 으로증거데이터수집의어려움이있으며, 분석대상장치의증가, 저장장치의용량증가, 운영체제 (OS) 와파일포맷 (file format) 의증가 ) 로데이터간연관관계분석을위한데이터추출, 분석시간및비용증가하고있다. 또한, 안티포렌식솔루션 ( 데이터완전삭제 (wiping), 데이터암호화 (encryption), 데이터은닉 표 3. 컴퓨터포렌식툴의현황분석 Table. 3 Analysis of computer forensic tools Tool Operating system Possibility to open to the public1 Image creation and test2 Integrity test3 Low level recovery4 Additional facility5 ForensicX Unix/ Linux Com Disk, OS, Traffic Hard, File, Finger Delete Plug, Report Mares Ware Windows Com Disk Hard, File Linux Ccom Disk File The Coriner's Toolkit Unix/ Linux Free Disk Hard Delete, Key Tom's Rootboot Linux Free Disk, OS Boot EnCase Windows Com Disk, OS Hard, File, Finger Raw, Delete Plug, Report Byte Back Ⅲ Windows Com Disk, OS, Traffic Hard, File Raw, Delete ForensicToolkit Window Com Disk Hard, File Raw, Delete Report 1. Possibility to open to the public: Com(common use), Free(public) 2. Image creation and test: Disk(disk image), OS(operating system image), Traffic(IP traffic image) 3. Integrity test: Hard(change of hardware test), File(file integrity test), Finger(electrical finger print test) 4. Low level recovery: Raw(low level file edit), Delete(deleted file recovery), Key(encrypted key recovery) 5. Additional facility: Boot(emergency booting support), Plug(plug-in support), Report(automatical report support) 1497
한국정보통신학회논문지 (J. Korea Inst. Inf. Commun. Eng.) Vol. 18, No. 7 : 1495~1504 July. 2014 표 4. 디지털포렌식법률체계의구성요소와국내법제에요구되는사항 Table. 4 Element of digital forensic legal system and requirements in domestic forensic law Division Legal system component Internal law requirement based on international law current state Section for digital forensic, - Warrant requirement and legal process principles are stated in the 1Constitution digital investigation Constitution of the Republic of Korea. fundamental law principle, - Establishment for unified personal data protection law is required to and people's fundamental 2Privacy/Personal minimize invasion of people's privacy in pursuance of digital evidence human rights information secure law collection and analyze. 3Digital evidence concept - Digital evidence concept and characteristic should be included in the acceptance civil procedure, criminal procedure, and the rest of related laws. Section for digital evidence admissibility Section for digital investigation principles in investigation intelligence agencies 4Digital evidence admissibility 5Digital evidence collection analysis procedure 6Electronic signature law 7Digital investigate procedure 8Digital communication monitoring 9Encrypted evidence handling Section for digital forensic 10Criminal investigation, application in investigation anti- terrorism, intelligence intelligence agencies Section for cooperative work between investigation intelligence agencies and private enterprise Digital forensic application promotion of private enterprise Section for create a healthy digital forensic technology utilizing environment Section for digital forensic research support and invigorate the industry 11Digital communication monitoring support 12E- Discovery 13Various compliance 14Financial auditing 15Industrial security 16Anti-insurance fraud 17Digital forensic prevention of adverse effect of anti forensic technology 18Digital forensic research and industry promotion - Legal standards or procedures are required to prove that digital evidence is same as documentary evidence in the law of criminal procedure. - Standard procedure is required as the law to prove that collected digital evidence is not forged and falsified during collecting and analyzing processes. - Electronic signature is utilized to obtain the admissibilities of digital evidence and digital document certification. A legal basis is required to establish and operate the digital evidence certification center by utilizing PKI system. - Law for standardized principle and procedure related in digital evidence collection and analysis is required. - Digital communication between computers monitoring should be included in the protection of communications secrets law. - Institutional and technically procedure is required as the law to decode timely the legally collected encrypted data - Article that is demanded for application of digital forensic technology in the legislative systems of criminal investigation, anti-terrorism, and intelligence should be supplemented - Communication monitoring support of ISP for secure the effective digital communication data evidence should be arranged as the law - E-Discovery article should be supplemented in the civil procedure law - Digital forensic technology requirement should be supplemented in various compliance - Article that is demanded for application of digital forensic and forensic accounting technology in the digital audit law should be required in audit law such as external audit system law - Requirement of digital forensic technology application should be supplemented in legislative system for industrial secret secure - Requirement of digital forensic technology application should be supplemented in legislative system for anti-insurance fraud - A article that someone who tries to abuse or doesn't have a properly authorization of digital forensic tool and anti-forensic tool suffers additional punishment should be arranged - Digital forensic technology research support article should be arranged and logical basis about digital forensic research center and digital evidence analysis center should be provided - In addition, promotion bill of digital forensic private industry and prevention law of adverse effect of digital forensic technology should be arranged - Obligation of digital forensic education and manpower training support article should be arranged. In addition, article to prevent invasion of people's privacy by using digital forensic technology should be arranged 1498
정부 ICT R&D 중장기전략과 ICT 패러다임변화를반영한디지털포렌식표준정립을위한기술 - 정책적통합프로세스프레임워크 (steganography) 증가에따른데이터증거수집의어려움이있다. 특히, 스마트폰의사용이급증하고, 다양한스마트폰 OS가존재하며, 250,000개이상의어플리케이션이존재함으로인해모바일포렌식의한계점을노출하고있다. 모바일포렌식의한계점은모든 OS와어플리케이션에대한포렌식은현실적으로어려움이있으며, 데이터추출을위한표준화된프로토콜이존재하지않기때문이다. 즉, 적절한다중시스템또는보조적인클라우딩컴퓨팅과같은환경을효과적으로이용함으로써대용량디지털포렌식서비스시간단축과분석의효율성을추구하는 IT융합연구체계정립이필요하다. 또한 SW 패러다임변화및 5개분야 ( 콘텐츠 (C)-플랫폼(P)-네트워크 (N)-디바이스(D)-정보보호(S)) 를밀접하게연계시키는스마트융합시대에부합하는정부의 ICT R&D 중장기전략 (ICT WAVE 전략 ) 을고려한디지털포렌식표준정립을위한기술-정책적통합프로세스의고려가필요하다. 따라서본논문에서는다중시스템이나클라우딩컴퓨팅환경등의첨단 IT기술을접목하는디지털포렌식표준정립을위한기술-정책적통합프로세스를제안한다. 이를위해서현재정부에서추진하고있는 IT정책의동향을고려하고각기관과의효율적이고신속한처리가가능한통합프로세스를제안한다. 3.1. 정부의 ICT R&D 중장기전략현재정부는 창조경제 라는키워드를바탕으로 창조경제는국민개개인의상상력과창의성을과학기술과 ICT에접목해산업과산업, 산업과문화콘텐츠와의융합과창업을통해지금까지없었던새로운산업과시장, 새로운일자리를만드는것 이라설명하고있다 [4]. 또한창의와혁신으로반드시정보통신 (ICT) 최강국을만들겠다 는목표하에 IT분야공약을발표하여, 건강한정보통신생태계조성을통한창조경제기반구축, 콘텐츠산업의집중육성, 방송의공공성강화및미디어산업의핵심으로육성, 통신비부담완화, 전담부처신설적극검토등을공약으로제시하였다 (2012. 10월정보통신최강국실현을위한 5대전략발표 )[5]. 미래창조과학부는 2013년 10월 23일열린제23차경제관계장관회의에서이같은내용을담은 정보통신기 술 (ICT) 연구개발 (R&D) 중장기전략 ( 일명 ICT WAVE 전략 ) 을확정했다고밝혔다. 미래부는 ICT WAVE 전략 으로창조경제성장잠재력을확충할수있도록 (W) 세계최고의 ICT 경쟁력확보 (World best ICT), (A) 연구환경의획기적개선 (Activating R&D ecology), (V) 산업적성과창출 (Vitalizing industry), (E) 국민삶의질개선 (Enhancing life) 이라는 4대비전을제시하고향후 5년내기술상용화율 35%( 현재 18%), ICT R&D 투자생산성 7%( 현재 3.42%), 국제표준특허보유세계 4위 ( 현재 6위 ) 달성을목표로설정하였다. 이전략은미래부는향후 5년간 ICT분야 R&D 중점개발분야와향후서비스추진방향을제시한것으로세계최고경쟁력유지와연구환경개선, 산업적인성과창출, 삶의질개선등 4가지목표를담고있다. 이전략에따르면정부는향후 5년내기술상용화율 35%( 현재 18%), ICT R&D 투자생산성 7%( 현재 3.42%), 국제표준특허보유세계 4위 ( 현재 6위 ) 달성을목표로설정했다. 이를위해콘텐츠 (C), 플랫폼 (P), 네크워트 (N), 디바이스 (D), 정보보호 (S) 등 5개분야에서 10대핵심기술을개발해신성장동력으로육성하고글로벌시장을선점해나갈방침이다. 향후 5년내기술상용화율 35%( 현재 18%), ICT R&D 투자생산성 7%( 현재 3.42%), 국제표준특허보유세계 4위 ( 현재 6위 ) 달성을목표로설정했다. 이를위해콘텐츠 (C), 플랫폼 (P), 네크워트 (N), 디바이스 (D), 정보보호 (S) 등 5개분야에서 10대핵심기술을개발해신성장동력으로육성하고글로벌시장을선점해나갈방침이다. 이를기반으로하는 15가지대표미래서비스를중점구현할계획이다. 특히모든산업고부가가치화, 신산업창출, 소통 / 협업등에기여할수있는창조경제실현도구 (Enabler) 로서 SW를집중육성할계획이다. SW R&D 투자를확대하고공개연구강화, 기초원천 SW분야연구확대등특성에부합되는 R&D 전략을추진한다고제시하였다. 또한 ICT 특별법에근거하여총리실에설치 ( 14.2월) 되는정보통신전략위원회산하에 정보통신융합전문위원회 를구성하여범부처과제발굴및의견조율을추진하고, ICT R&D 정책 기획 평가 관리 사업화의 R&D 全주기지원체계를확립하기위해정보통신기술진흥원 ( 전담기관 ) 을재구성하는방안등을기재부등과협의하여추진하기로하였다. 1499
한국정보통신학회논문지 (J. Korea Inst. Inf. Commun. Eng.) Vol. 18, No. 7 : 1495~1504 July. 2014 표 5. 정부의 ICT R&D 중장기전략의 5 대분야 10 대핵심기술개념 [5] Table. 5 5 Categories and 10 core technologies of government leading ICT R&D mid-long term strategy Field Technology Concept Ripple effect Contents hologram content 2.0 The technology that enables full dimensional 3D media to produce, compressive transport, and diplay into the huge screen Collaborative production technique based on cloud for creating and distributing open type participatory contents -Lead media content new paradigm -Respond $4billion world market in 2022 -Promote collaborate works between small scale developers -$2.1trillion world market in 2016 intelligent SW Software technology that can recognize, decide, and express(conversation or gesture) as a human -Utilize native language education -Respond $245.5billion world market in 2020 Platform Internet of Everything (IoT) Platform Super-connected service platform interconnected various devices by internet -Rear creative small scale service industry -Respond $1.9trillion world market in 2020 big data cloud Information generating and service supporting technologies based on massive data -Utilize for solving various social issues -Respond $300billion world market in 2017 Network 5th generation (5G) mobile telecommunication Mobile communication original technology that is 1000 times faster than present technology and radio propagation applied technology -Lead mobile communication new technology market -Respond $7.64billion world market in 2017 smart network 100Gbps optimized network service support technology based on software -Future high qualified service infrastructure -Respond $2.1billion world market in 2017 Device emotional device technology intelligent ICT convergence module Context-aware mobile using technology utilized user's five senses Core sensing technology for realizing ICT convergence new technology -Lead new concept smart device development -Respond $235.1billion world market in 2020 -Secure core technology of convergence of other industries -Respond $120billion world market in 2017 Data secure cyber attack reaction technique New cyber security threat detecting and real time acting technologies -Minimize cyber attack damage -Respond $44.2billion world market in 2017 또한융합형 R&D 기획강화로타부터연계형 R&D 강화전략, 과학기술-ICT 융합, 협업 R&D 확대등의전략을수립하였다. 즉, 총리실정보통신잔략위원회산하에 ( 가칭 ) 정보통신융합전문위원회 를설치하여부처간의견조율및과제기획추진할계획으로수요조사, 기획, 사업계획검토등과제운영과정에수요부처추천전문가및관련기관이참여하고, 미래서비스조기구현을위한 범부처협업 R&D 프로그램 을추진할계획이다. 즉, 정부의 ICT R&D 중장기전략을분석하여보면, 정부는창조경제의근본적인개념인 국민개개인의상상력과창의성을과학기술과 ICT에접목해산업과산업, 산업과문화콘텐츠와의융합과창업 이라는 그림 2. 정부의 ICT R&D 중장기전략 [5] Fig. 2 Government leading ICT R&D Mid-Long term Strategy 1500
정부 ICT R&D 중장기전략과 ICT 패러다임변화를반영한디지털포렌식표준정립을위한기술 - 정책적통합프로세스프레임워크 의미에부합하는 ICT가근간의 ICT융합전략 이라고할수있다. 따라서본논문에서는정부의 ICT WAVE 전략과부합하는 ICT융합전략을고려하여 ICT기술의발전방향과정책의변화흐름을반영하고, ICT 패러다임의변화를반영하는디지털포렌식기술- 정책통합프로세스의프레임워크를제안한다. 3.2. ICT패러다임변화와 ICT R&D 중장기정책변화현재정부는 창조경제 라는키워드를바탕으로 창조경제는국민개개인의상상력과창의성을과학기술과 ICT에접목해산업과산업, 산업과문화콘텐츠와의융합과창업을통해지금까지없었던새로운산업과시장, 새로운일자리를만드는것 이라설명하고있다 [6]. 또한창의와혁신으로반드시정보통신 (ICT) 최강국을만들겠다 는목표하에 IT분야공약을발표하여, 건강한정보통신생태계조성을통한창조경제기반구축, 콘텐츠산업의집중육성, 방송의공공성강화및미디어산업의핵심으로육성, 통신비부담완화, 전담부처신설적극검토등을공약으로제시하였다 (2012. 10월정보통신최강국실현을위한 5대전략발표 )[6]. 또한미래부에서는 ICT 중장기전략을확정발표하였다. 속한확산과웹의플랫폼화진전과다양한 OS, 서비스플랫폼사업자의등장으로기존에비해 ICT산업의서비스경쟁력과 SW 기술력의중요성이증대되고있는상황을반영한정책수립이라고볼수있다. 특히이러한인터넷호나경의변화는 SW산업의서비스산업화로의확대를야기하여 XaaS(~as a Service) 개념이확산되고있어, SW산업정책과서비스산업정책및규제간의경계가와해되고있다. 이러한변화는기존의제조및 HW중심적인전략 / 정책에서 SW중심전략 / 정책으로이동하고있는추세이고, SW산업의다양성과융복합화를반영할수있는통섭적인시각의필요성이증대하고있음을반영한다. 현재정부의 ICT R&D 중장기전략은기존의 ICT정책현황은지난 2~3년간인터넷의급격한변화에의한다양한 ICT 패러다임의변화에따른정책적변화의필요성을반영한결과이다. 이러한결과는정보통신정책연구원에서제시하는 ICT 패러다임의변화 ( 인터넷이라는네트워크를통하여통신, 방송, 미디어를흡수함을물론이고, 글로벌 ICT 기업들의자체플랫폼을통하여시장을선점하려는상황으로이에대한기존의법, 제도, 규제의변화가불가피함 ) 를반영한것으로분석된다 [7]. 그림 3. 7 대미래국가사회수요와 15 대미래서비스선정현황 [5] Fig. 3 7 Future society needs and 15 Future services 또한창조경제를구현하기위한큰축이바로과학기술과 ICT라고강조하고있으며, 창조경제실현을위한국정과제로 IT SW 융합을통한주력산업구조고도화, 세계최고의인터넷생태계조성, 정보통신최강국건설, 창업 벤처활성화를통한일자리창출 등을제시하고있다 [7]. 이러한정부의 ICT R&D 중장기전략은인터넷의급 3.2.1. 인터넷에의한 SW, 네트워크패러다임변화에의한전략정책의변화스마트산업생태환경은인터넷 / 웹이핵심적인요소인데, 이는클라우딩컴퓨팅의이용의확대되면서 SW 부문에서의구조적인변화가진행되고있다. 특히클라우딩컴퓨팅환경의도래와 SNS( 소셜네트워크서비스 ) 의활성화로기존의프로세스로는해결할수없는많은문제들이산재해있다. 클라우드컴퓨팅은인터넷을이용하여가상의 IT 자원을제공하여다양한단말기기 (PC, 노트북, 태블릿PC, 스마트폰등 ) 를통해정보에접근할수있는환경이기때문에, 클라우드컴퓨팅은범죄의객체, 주체가될수도있고, 범죄의수단으로이용될수도있다. 해커가 CSP(Cloude Service Provider) 를대상으로 DDOS 공격을행한경우나, 타인의클라우드에존재하는데이터를삭제, 저작권파일공유등다양한범죄의주체가될수있다. 이러한클라우드컴퓨팅서비스유형은 IaaS(Infrastructure as a Service), Paas (Platform as a Service), 및 SaaS(Software as a Service) 1501
한국정보통신학회논문지 (J. Korea Inst. Inf. Commun. Eng.) Vol. 18, No. 7 : 1495~1504 July. 2014 그림 4. 제안하는국내의 IT 융합기술의발전방향및정책에부합하는기술 - 정책통합프로세스프레임워크 Fig. 4 Proposed technology-strategy integrated process framework complying IT-conversion technology trend and strategy 로구분할수있고, 배치모델에따라사설클라우드와공공클라우드로분류할수있다. 특히 SW 부문의패러다임의변화는기존의네트워크서비스, 콘텐츠, 어플리케이션등스마트산업생태환경의핵심적인요소가 SW를중심으로통합되는방향으로전개되고있고, 이에따라전략적, 정책적인결정이필요하다. 현행 소프트웨어산업진흥법 은클라우딩컴퓨팅, 인터넷 / 웹의 SW 플랫폼화, 새로운 SW 변화등의 SW 패러다임변화를반영하지못하고있어서클라우드컴퓨팅환경의특징에적합한새로운 SW 패러다임변화를반영한 IT기술이융합된기술- 정책프로세스의정립이필요하다. 3.2.2. C-P-N-D가연계된디지털스마트융합플랫폼에의한패러다임변화최근인터넷을기반으로콘텐츠 (C)-플랫폼(P)-네트워크 (N)-기기(D) 를밀접하게연계시키는글로벌비지니스모델이성공하면서콘텐츠산업의새로운생태계 등장이가속화되고있다. 그렇지만국내는온라인 / 모바일콘텐츠유통플랫폼구축을위하여노력하고있지만, 여전히플랫폼과응용 SW의기술수준이취약하고불공정콘텐츠의유통등으로스마트융합시대에적극적으로대처하지못하고있다. 이를해결하기위해서정부에서제시한 ICT R&D 중장기전략에서와같이 C-P-N-D가연계된디지털 ICT 스마트융합플랫폼에의한패러다임의전환을반영한기술적 / 정책적전략수립이필요하다. 3.3. 정부의 ICT R&D 중장기전략에부합하는디지털포렌식기술-정책프로세스프레임워크본논문에서는정부의 ICT R&D 중장기전략과 ICT 패러다임의변화를반영하여국내의 IT융합기술의발전방향및정책에부합하는디지털포렌식기술- 정책통합프로세스프레임워크를제안한다. 그림 4에제시한바와같이참고문헌 [8] 에서정립한디지털포렌식절차를바탕으로하여국내환경과정부의정책을반영하고 1502
정부 ICT R&D 중장기전략과 ICT 패러다임변화를반영한디지털포렌식표준정립을위한기술 - 정책적통합프로세스프레임워크 미래 ICT기술을반영한프레임워크모델을제안한다. 제안하는국내의 IT융합기술의발전방향및정책에부합하는디지털포렌식기술- 정책통합프로세스프레임워크에서알수있듯이, 기존에물리적인디바이스에의한포렌식증거수집에서클라우딩컴퓨팅환경과나아가서는콘텐츠 (C)-플랫폼(P)-네트워크(N)-디바이스 (D)-정보보호(S) 가연계된스마트융합플랫폼의변화를반영할수있는방안을제시하였다. 그림 4에서는클라우딩컴퓨팅 / 서비스 / 플랫폼에따른단계별세부고려사항만을제시하였지만, 향후기술발전과스마트융합플랫폼의변화에따라변화하는각포렌식단계별로정책방향을제시하였다. 예를들면, 그림 4의증거수집단계에서는현재 2차데이터확보를위하여클라우딩컴퓨팅 / 서비스 / 플랫폼에따른데이터수집을기존의방식인물리적인디바이스에의한데이터수집방법에추가하여제시하였다. 그렇지만, 향후에는콘텐츠-플랫폼-네트워크- 디바이스의통합플랫폼의변화와같은 ICT 기술발전을반영하여데이터수집형태, 수집종류, 수집방법에대한기술적해결방안과정책적해결방안을제시하는것이다. 이러한과정은정부와관련기관및대학 / 연구소의 R&D 결과와정책결정에의하여신속하게반영될수있도록해야할것이다. 또한증거분석단계나증거제출단계에있어서도클라우딩컴퓨팅 / 서비스 / 플랫폼환경은물론이고지속적으로변화하고있는스마트융합플랫폼을반영할수있도록정부와 R&D 연구센터및관계기관의다각적인융합협조체제를구축할필요가있다. 현재에도이러한시도는 ICT R&D 중장기전략에서제시하였지만, 디지털포렌식표준정립을위한체계적인분석이더욱요구된다. 따라서본논문에서제안한디지털포렌식기술- 정책통합프로세스프레임워크를기반으로기술과정책이융합되어효율적이며신속한디지털포렌식법제체제와표준정립에기여할것이다. 또한, 정부에서는 2013년 5월부터디지털포렌식기술을범죄수사에직접활용할수있도록국민복지 안전수요해결형연구개발사업 ( 공공복지안전연구사업 ) 의일환으로 디지털기반첨단과학수사요소기술개발과제 를마련하여추진하고있다. 따라서, 본논문에서제안한기술-정책통합프로세스프레임워크와연계한다면, 미래 ICT 패러다임변화와기술변화에능동적 으로반영하는디지털포렌식프로세스를정립하는데기여할것으로예상된다. Ⅳ. 결론본논문에서는디지털포렌식기술이객관적으로증명되어법제요구사항을충족시킬수있도록체계적인디지털포렌식시스템구축을위한기술적, 정책적통합프로세스프레임워크를제안하였다. 특히정부의 ICT R&D 중장기전력과스마트융합플랫폼패러다임변화를반영하여급변하는 ICT 기술과정책이연계되어융합되는기술-정책통합프로세스프레임워크의방안을제시하였다. 특히클라우딩컴퓨팅환경을고려한디지털포렌식프로세스를한일례로제시하였고, 이를바탕으로콘텐츠 (C)-플랫폼(P)-네트워크(N)-디바이스 (D)-정보보호(S) 가연계된스마트융합플랫폼의변화를반영할수있는방안을제시하였다. 본논문에서제시한프레임워크를기반으로미래 ICT 패러다임변화와기술변화에능동적으로반영하는디지털포렌식프로세스를정립하는데기여할것이다. 감사의글본연구는 2012년정부 ( 교육과학기술부 ) 의재원으로한국연구재단의지원을받아수행된연구임 (NRF-2012S1A5A2A01014422) REFERENCES [1] S. D. Jeon, D. S. Hong, G. J. Han, Technologies prospect and Trends of Digital Forensics, National Information Society Agency, Informatization policy, Vol. 13, No. 4, pp. 3-19, 2006. [2] I.R. Jeong, D.W. Hong and K.I. Chung Technologies and Trends of Digital Forensics, Electronics and telecommunications, Vol. 22, No. 1, pp. 97-104, 2007. 2. [3] S. J. Baek, M. N. Shim and J. I. Lim, National Digital Forensics legal system and Digital Forensics law of Domestic and Foreign, Journal of the Korea Institute of 1503
한국정보통신학회논문지 (J. Korea Inst. Inf. Commun. Eng.) Vol. 18, No. 7 : 1495~1504 July. 2014 Information Security and Cryptology, Vol. 18, No. 1, pp. 49-61, 2008. 2. [4] Available on http://www.korea.kr/policy/economyview.do? newsid=148759211&call_from=koreagov [5] ICT R&D mid & long-term Policy, Ministry of Science, ICT and Future Planning, 2013. 10. [6] Available on http://incheon.saenuriparty.kr/xe/index.php? document_srl=422840&mid=subsnrpp3_6 [7] G. Y. Choi and etc., The change of ICT paradigm and mid & long-term political subject, KISDI Premium Report, 2012. [8] Ben Martini, Kim-Kwang Raymond Choo, An integrated conceptual digital forensic framework for cloud computing, Digital Investigation, 2012. 신준우 (Jun Woo Shin) 1996 년 2 월 : 숭실대학교경영학과학사 2002 년 2 월 : 성균관대학교정보통신공학과공학석사 2010 년 2 월 : 고려대학교정보관리공학박사 1996 년 2 월 ~ 현재 : 정보통신산업진흥원 관심분야 : 디지털포렌식, 인력양성, ICT R&D 1504