• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.489-494
• /
• 2013

Personal information has been transmitted in a variety of services of Internet environment, but individual users do not know what information is sent. In this paper, we aim to develop a monitoring tool that continuously monitors personal sensitive information in network packets and informs the user whether or not to leak. So we implement a monitoring tool of personal information and analyze the experiment results. In addition, we introduce a prevention of confidential information in company and a leakage prevention of medical information, for applications that take direct advantage. The results of this study, by contributing to prevent leakage of personal information, can help reduce cyber threats variously targeting personal information of users.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.207-216
• /
• 2024

As big data was built due to the 4th Industrial Revolution, personalized services increased rapidly. As a result, the amount of personal information collected from online services has increased, and concerns about users' personal information leakage and privacy infringement have increased. Online service providers provide privacy policies to address concerns about privacy infringement of users, but privacy policies are often misused due to the long and complex problem that it is difficult for users to directly identify risk items. Therefore, there is a need for a method that can automatically check whether the privacy policy is safe. However, the safety verification technique of the conventional blacklist and machine learning-based privacy policy has a problem that is difficult to expand or has low accessibility. In this paper, to solve the problem, we propose a safety verification technique for the privacy policy using the GPT-3.5 API, which is a generative artificial intelligence. Classification work can be performed evenin a new environment, and it shows the possibility that the general public without expertise can easily inspect the privacy policy. In the experiment, how accurately the blacklist-based privacy policy and the GPT-based privacy policy classify safe and unsafe sentences and the time spent on classification was measured. According to the experimental results, the proposed technique showed 10.34% higher accuracy on average than the conventional blacklist-based sentence safety verification technique.

• Informatization Policy
• /
• v.28 no.4
• /
• pp.54-75
• /
• 2021

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.105-110
• /
• 2011

악의적 목적을 가진 Hacker는 Google의 검색 기능과 키워드 사용을 이용해 인터넷 상에 존재하는 개인정보를 탈취하거나 웹페이지의 취약성, 해킹 대상에 대한 정보들을 수집할 수 있다. Google의 검색 결과 인터넷에서는 수많은 개인정보가 검색되고, 이중에는 타인에게 노출되지 않아야 하는 개인의 이력서, 기업의 기밀자료, 관리자의 ID, Password 등도 인터넷 상에서 보안되지 않은 상태로 존재하고 있다. 본 논문에서는 Google을 이용한 정보검색과 정보탈취에 대해 연구하고, 개인 탈취 정보를 이용한 침해사고와 포렌식 자료 생성에 관한 기술과 보안방안을 제안한다. 본 논문 연구를 통하여 인터넷 검색 결과에 대한 보안 취약성 보완의 기술 발전과 기초자료로 활용될 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.764-767
• /
• 2024

웨어러블 디바이스에서는 사용자의 다양한 메타데이터를 수집할 수 있다. 그러나 이런 개인정보를 함유하고 있는 데이터를 수집하는 것은 사용자에게 개인정보침해 위협을 야기한다. 때문에 본 논문에서는 개인정보보호를 통한 웨어러블 디바이스 데이터활용방안으로 연합학습을 채택하였다. 다만 기존 연합학습에서도 해결해야할 문제점들이 있다. 우리는 그중에서도 데이터이질성(Data Heterogeneity) 문제해결을 위해 군집화(Clustering) 방법을 활용하였다. 또한 기존의 코사인유사도 기반 군집화에서 파라미터중요도가 반영되지 않는다는 문제점을 해결하고자 데이터수 기반 마하라노비스거리(Number of Samples Mahalanobis Distance) 군집화 방법을 제시하였다. 이를 통해 WESAD(Werable Stress Affect Detection)데이터에서 피실험자의 데이터 이질성이 존재하는 상황에서 기존 연합학습보다 학습 안정성 측면에서 좋음을 보여주었다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1025-1036
• /
• 2016

The conversion of the international standard web utilization HTML5 technology is being developed for improvement of the internet environment based on nonstandard technology like ActiveX. Hyper Text Markup Language 5 (HTML5) of basic programming language for creating a web page is designed to consider the security more than HTML4. However, the range of attacks increased and a variety of security threats generated from HTML4 environment inherited by new HTML5 API. In this paper, we focus on the script-based attack such as CSRF (Cross-Site Request Forgery), Cookie Sniffing, and HTML5 API such as CORS (Cross-Origin Resource Sharing), Geolocation API related with the infringement of the personal information. We reproduced the infringement cases actually and embodied a detection module of a Plug-in type diagnosed based on client. The scanner allows it to detect and respond to the vulnerability of HTML5 previously, thereby self-diagnosing the reliability of HTML5-based web applications or web pages. In a case of a new vulnerability, it also easy to enlarge by adding another detection module.

• Review of KIISC
• /
• v.12 no.4
• /
• pp.56-66
• /
• 2002

최근 무선에서의 보안 결함이 밝혀지고, 무선 환경에서의 개인 프라이버시 침해 문제가 사회적인 현안으로 등장하였다. 본 고에서는 무선 기반 공중망의 보안성 강화를 위하여 국제 표준화기구에서 논의하고 있는 무선 LAN 정보보호 기술과 키관리 기술 및 가입자 인증 기술 동향과 향후 전망에 대해서 분석해 보고자 한다.