• The Korean Journal of Applied Statistics
• /
• v.37 no.3
• /
• pp.381-393
• /
• 2024

This study investigates the impact of pseudonymization of personal information and its effect on the accuracy of data analysis. We quantitatively evaluated the relationship between the degree of pseudonymization and the accuracy of data analysis using logistic regression models, decision trees, and random forests. Through this, we confirmed that pseudonymizing sensitive information can realize personal information protection without significantly damaging data quality. However, we recognized limitations such as single sample data and consistent application of pseudonymization ratios. To overcome these limitations, additional research on diverse datasets is necessary to strengthen the generalizability of results. Moreover, we propose developing and applying methodologies to find optimal pseudonymization ratios for individual variables. The results from this study provide new insights into maintaining usability of data while achieving regulatory compliance and personal information protection.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.427-430
• /
• 2024

교통체계서비스는 안전한 교통 환경을 구축하는 것을 목표로 하여 차량, 도로, 기반 시설의 정보를 수집 및 처리하여 안전 교통정보를 제공한다. 교통체계서비스가 수집하는 차량 운행정보는 교통 안전 정보 외에도 다른 분야에서도 활용될 수 있으며 특히 다른 데이터와 결합하는 것으로 다양한 결과를 도출할 수 있어 연구, 통계 작성 등에 필요한 자료이다. 그러나 차량의 운행정보는 운전자의 개인정보를 포함하고 있어 운행정보 활용 시 가명화 및 가명결합이 필수적이다. 본 논문에서는 가명화된 운행정보를 가명결합하는데 발생하는 문제점을 설명하고 이러한 문제를 해결한 가명결합 방안을 연구하였다. 그 결과 교통체계서비스가 수집한 운행정보를 다른 기관의 데이터와 결합하여 활용할 수 있게 하여 개인정보를 보호하면서 데이터의 유용성을 활용하는데 기여할 것으로 예상한다.

• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.29-35
• /
• 2017

In this paper, we describe certificate policy and characteristics in cooperation condition with Cooperative intelligent transport system and autonomous driving vehicle. Among the authentication functions of the vehicle, there is a pseudonym authentication function. This pseudonymity is provided for the purpose of protecting the privacy of information that identifies the vehicle driver, passenger or vehicle. Therefore, the purpose of the pseudonym certificate is to be used for reporting on BSM authentication or misbehavior. However, this pseudonym certificate is used in the OBE of the vehicle and does not have a cryptographic key. In this paper, we consider a method for managing a pseudonym authentication function, which is a key feature of the pseudonym certificate, such as location privacy protection, pseudonym function, disposition of linkage value or CRL, request shuffling processing by registry, butterfly key processing, The authentication policy and its characteristics are examined in detail. In connection with the management of pseudonymes of the vehicle, the attacker must record the BSM transmission and trace the driver or vehicle. In this respect, the results of this study are contributing.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.348-351
• /
• 2021

본 논문에서는 지속적으로 늘어나고 있는 내부의 유출자를 탐지하기위해 컨소시엄 블록체인 기술을 활용하여 기업간 직원의 PC사용 행위 로그 데이터를 가명처리하여 블록에 기록하여 네트워크에 참여한 다른 기업들간의 안전한 공유를 통해 내부자 유출 데이터 및 시나리오의 확장하여 내부에서의 유출을 탐지할 수 있는 데이터 셋을 확보하는 연구를 제안한다. 현재 내부자 위협탐지의 한계점중 가장 큰 요소를 차지하는 부족한 실제 사례의 내부자 유출 데이터 셋의 문제점을 본 연구를 통해서 네트워크 참여 기업간의 내부자 유출 데이터를 확장하고 타기업의 유출 사례를 활용해 기업에서 발생할 수 있는 내부자 유출을 미연에 방지할 수 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.6
• /
• pp.53-63
• /
• 2022

Recently, as digital transformation due to the COVID-19 pandemic accelerates, data to improve individual quality of life is being used in large quantities, and more reinforced non-identification processing procedures are required to utilize the most valuable personal information among data. In Korea, procedures for de-identification measures are presented through amendments to laws and guidelines, but there is no methodology to measure the level of de-identification in the field due to ambiguous processing standards and subjective risk measurement methods. This paper compares and analyzes the current status of policy and guidelines related to de-identification measures proposed at home and abroad to derive complementary points, suggests a data context-based risk measurement method centered on pseudonymized information processing, and verifies its validity. As a result of verification through Delphi survey and focus group interview (FGI), it was confirmed that the need for the proposed methodology and the validity of the indicators were high.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.5
• /
• pp.17-22
• /
• 2021

With the application of the Data 3 method, the scope of the use of pseudonym information has expanded. In the case of pseudonym information, a specific individual can be identified by linking and combining with various data, and personal information may be leaked due to incorrect use of the pseudonym information. In this paper, we propose the scope of use of data is subdivided and a differentiated pseudonym information processing method according to the scope. For the study, the formula was modified by using zero-knowledge proof among the pseudonym information processing methods, and when the proposed formula was applied, it was confirmed that the performance improved by an average of 10% in terms of verification time compared to the case of applying the formula of the existing zero-knowledge proof.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.53-63
• /
• 2020

In accordance with the revision of the Data 3 Act, such as the Personal Information Protection Act, it is possible to process pseudonym information without the consent of the information subject for statistical creation, scientific research, and preservation of public records, and unlike personal information, it is legal for personal information leakage notification and personal information destruction There are exceptions. It is necessary to revise the pseudonym information in that the standard for the pseudonym processing differs by country and the identification guidelines and anonymization are identified in the guidelines for non-identification of personal information in Korea. In this paper, we focus on the use of personal information in accordance with the 4th Industrial Revolution, examine the concept of pseudonym information for safe use of newly introduced pseudonym information, and generate / use / provide / destroy domestic and foreign non-identification measures standards and pseudonym information. At this stage, through the review of the main contents of the law or the enforcement ordinance (draft), I would like to make suggestions on future management / technical protection measures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.329-339
• /
• 2022

Recently, as personal information has been used as data, various new industries have been discovered, but cases of personal information leakage and misuse have occurred one after another due to insufficient systematic management system establishment. In addition, services that use personal information anonymously and anonymously have emerged since the enforcement of the Data 3 Act in August 2020, but personal information issues have arisen due to insufficient alias processing, safety measures for alias information processing, and insufficient hate expression. Therefore, this study proposed a new PbD principle that can be applied to the pseudonym information life cycle based on the Privacy by Design (PbD) principle proposed by Ann Cavoukian [1] of Canada to safely utilize personal information. In addition, the significance of the proposed method was confirmed through a survey of 30 experts related to personal information protection.

• Journal of The Korean Institute of Defense Technology
• /
• v.5 no.3
• /
• pp.1-7
• /
• 2023

Recently, in the defense field, efforts are being made to collect data by building data centers to incorporate artificial intelligence technology. Weapon system training data can be used as input data for artificial intelligence models and can be used as high-quality data to maximize training performance and develop military strategies. However, training data contains personal information such as the names and military numbers of the personnel who operated the equipment, and training records that reveal the characteristics of the weapon system. If such data is passed on to the enemy, not only the specifications and performance of the weapon system but also the proficiency of each operator may be exposed. In this paper, we propose a pseudonym processing methodology for education and training data security and also suggest a direction for revising related laws.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.23 no.3
• /
• pp.48-66
• /
• 2024

According to the three amended Laws of the Data Economy and the Data Industry Act of Korea, systems for pseudonymous data integration and Data Safe Zones have been operated separately by selected agencies, eventually causing a burden of use in SMEs, startups, and general users because of complicated and ineffective procedures. An over-stringent pseudonymization policy to prevent data breaches has also compromised data quality. Such trials should be improved to ensure the convenience of use and data quality. This paper proposes a prototype system of the Integrated Data Safe Zone based on redesigned and optimized pseudonymization workflows. Conventional workflows of pseudonymization were redesigned by applying the amended guidelines and selectively revising existing guidelines for business process redesign. The proposed prototype has been shown quantitatively to outperform the conventional one: 6-fold increase in time efficiency, 1.28-fold in cost reduction, and 1.3-fold improvement in data quality.