• Annual Conference of KIPS
• /
• 2016.04a
• /
• pp.339-342
• /
• 2016

스마트그리드는 기존 전력망의 비효율적인 운영, 이산화탄소 과다 배출, 전력피크의 문제를 해결하기 위한 방법으로 주목받고 있다. 하지만, 기존의 ICT가 도입되고 구조가 복잡해짐에 따라 개인정보를 침해 할 수 있는 가능성이 증가하게 되었다. 본 논문에서는 스마트그리드 내에서 개인정보를 다루는 기기, 시스템, 데이터와 같은 자산을 식별하여 공격자 입장에서의 공격 목표를 설정한 뒤, Attack Tree 방법을 통하여 세부적인 위협을 식별하였다. 분석 결과, 스마트그리드 환경은 기존의 ICT 기술이 접목되기 때문에 스마트그리드 구조상 발생할 수 있는 위협뿐 만 아니라 기존의 기술들에서 발생할 수 있는 위협도 함께 존재했다.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.

• The Journal of the Korea Contents Association
• /
• v.10 no.11
• /
• pp.262-274
• /
• 2010

In Welfare Center for the disabled, under the Government's information acceleration plan, the computer system has been developed starting from work standardization in 2001 but it has been emphasized only on the technical and customer convenience side leaving out preparation for the side effects of them. Therefore this article will seek the necessity of personal information protection, legal basis in the Welfare Center for the disabled. Additionally after analyzing current status for the personal security of Welfare Center for the disabled, establishing an alternative plan for personal security policy's way could be addressed. Increasing education for awareness stress of personal information security, and preparing institutional protection apparatus from applying life cycle of personal information would be an alternative plan for personal information protection for Welfare Center for the disabled. Also frequent monitoring of accessing personal information from the computerized system should be achieved. It is impossible to recover damage caused by leak of personal information although post actions are progressed. From this essay, awareness of personal information protection should be newly revised for both the Social Welfare Organization and the Disabled welfare center, and also technical, institutional strategy's action should be arranged.

• Journal of Science and Technology Studies
• /
• v.4 no.1 s.7
• /
• pp.31-57
• /
• 2004

Controversies over NEIS(Network of Education Information System) began with very deep concern about infringement of human rights stemming from NEIS. A large information system which accumulates and uses huge size of individual information is always able to deeply infringe on human rights. But the ministry of education would not do the best not to be 'Big Brother' being dazzled by instrumental efficiency of information technology. NEIS has demonstrated problems of the information policy of Korea strongly driven in the name of 'E-goverment'. It has very strong characteristic of the statist economic growth policy focusing on more economic possibility than other. In this situation, making money is easily considered more important than protecting human rights. Information capitalism is nurtured at the sacrifice of human rights. So, we have to face problems of 'E-goverment' in order to correct the NEIS problem, The most important task to correct the NEIS problem is to make an element law protecting privacy and to establish an independent national institute protecting privacy

• The Journal of the Korea Contents Association
• /
• v.20 no.8
• /
• pp.34-41
• /
• 2020

An era of stabilizing IoT markets and rapid expansion is coming. In an IoT environment, communication environments where objects take the lead in communication can occur depending on the situation, and communication with unspecified IoT environments has increased the need for thorough management of personal sensitive information. Although there are benefits that can be gained by changing environment due to IoT, there are problems where personal sensitive information is transmitted in the name of big data without even knowing it. For the safe management of personal sensitive information transmitted through sensors in IoT environment, the government plans to propose measures to enhance information protection in IoT environment as the use of non-identifiable personal information in IoT environment is expected to be activated in earnest through the amendment of the Data 3 Act and the initial collection method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1091-1102
• /
• 2012

With a recent rapid increase in infringement on privacy information, a need to protect privacy information is called for more than ever. Keeping pace with such concern and demands of the times, Korea has established and executed "Privacy Information Protection Act" on September 30th, 2011. This regulation was enacted from an individually regulated method to a basic regulation that includes public and private institutions. Also, the regulation includes diverse contents for the sake of protecting privacy information by expanding a range of protection subjects and limiting the process of uniquely identifiable information. In this context, the study has suggested a direction for development on Korea's Privacy information Protection Act by taking a look at the status on privacy information protection acts from home and foreign nations and conducting a comparative analysis between domestic and foreign acts.

• Journal of Digital Convergence
• /
• v.14 no.2
• /
• pp.65-72
• /
• 2016

This study built the theoretical frameworks for empirical analysis based on the analysis of the relationship among the concepts of risk of information privacy, the experience of information privacy, the policy of information privacy and information control via the provision intention studies. Also, in order to analyze the relationship among the factors such as the risk of information privacy, intention to offer the personal information, this study investigated the concepts of information privacy and studies related with the privacy, established a research model about the information privacy. Followings are the results of this study: First, the information privacy risk, information privacy experience, information privacy policy, and information control have positive effects upon the information privacy concern. Second, the information privacy concern has the negative effects upon the provision intention of personal information.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7C
• /
• pp.667-673
• /
• 2007

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. The stored data have some slight differences among each subject. Even though the same attribute information leaks out, the personal privacy violation is different according to personal sensitivity. However, currently the organizations or the companies protect all the information as the same level. This paper reflects the sensitive attribute information of the information subject to each personal policy by the encrypting techniques. And then we propose a policy-based access control mechanism for the personal information which strictly prevents unauthorized information users from illegally accessing the personal information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the database. For the access control, information subjects set up their own access control policy for their sensitive personal information. Then it is possible to control the information access by providing the information to the information users according to personal and organizational privacy policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1141-1147
• /
• 2017

An unmanned aerial vehicle(UAV), commonly known as a drone, is an aircraft without a human pilot aboard, which is operated by wireless device. A drone provides the capability for the aerial search and traffic control as a police equipment. It has benefits for the missions for the aerial photography with the high resolution camera which can replace eye-dependent search processes. Moreover it has advantage of retrieving several times for the recorded videos. However, if the law enforcement agency misuse and overuse a drone for investigations and search missions without certain regulations and principles, it breaches privacy and personal information infringement. In this paper, we issue a lawful challenges on drone operations and discuss solutions to those challenges.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.1012-1015
• /
• 2011

IPv4 의 주소 고갈 문제를 해결하고 더 개선된 서비스를 제공하기 위해 IPv6 가 개발되었다. IPv4 와 달리 IPv6 는 보안을 고려하며 설계되어 기본적으로 IPSec 를 제공한다. 하지만 IPv6 에도 보안상의 취약점이 있어서 여러 공격과 보안 문제에 노출되어 있다. 그 중에서도 프라이버시 침해 문제가 존재하는데, 이 문제는 IPv6 에서 제공하는 주소 자동 설정 방식(Stateless address autoconfiguration)에서 발생한다. 이 주소 자동 설정 방식은 주소 공간의 효율적인 관리를 위해 제안되었다. 주소 자동 설정 방식에서 프라이버시 침해 문제가 발생하는데, 개인 식별 프라이버시와 위치 프라이버시로 분류할 수 있다. 본 논문에서는 프라이버시 위협과 그에 따른 해결 방안을 기술하고, 해결 방안에 따라 고려해야 할 사항들을 설명함으로써 프라이버시 침해 문제를 해결하는 데 도움을 주고자 한다.