• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.14 no.3
• /
• pp.175-183
• /
• 2021

As concerns about users' privacy infringement on Online Behavioral Advertising(OBA) increase, regulators are taking measures such as drawing up guidelines for OBAs, and websites provide OBA guidance in compliance with such guidelines. As a result of reviewing the status of providing OBA guidance on websites, access to OBA guidance pages was rather complicated. In order to analyze the issue from the UI/UX perspective, following the "Guidelines for Privacy in Online Behavioral Advertising" applied to all types of OBA transmitted on websites, this study aims to structuralize a navigation of page movement from two starting points, 1) Main Page, 2) The page where OBA is delivered, to OBA guidance pages. Also, with understanding the problems found in the access and navigation of OBA guidance pages by analyzing features found during the page navigation, such as hyperlinks containing keywords, and movement pages.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.125-135
• /
• 2002

The electronic payment system based on blind signature is susceptible to the blackmailing attack as opposed to keep the lifestyle of users private. In this paper. we suggest an efficient electronic cash system using a blind XTR-DSA scheme, which improves the method of defeating blackmailing in online electronic cash systems of ［6,9］. In case of blackmailing, to issue the marked coins we use the blind XTR-DSA scheme at withdrawal. In ［6,9］, to cheat the blackmailer who takes the marked coins the decryption key of a user had to be transferred to the Bank. But in our proposed method the delivery of the decryption key is not required. Also, in the most serious attack of blackmailing. kidnapping, we can defeat blackmailing with a relatively high probability of 13/18 compared with 1/2 in ［9］ and 2/3 in ［6］. If an optimal extension field of XTR suggested in ［7］ is used, then we can implement our system more efficiently.

• The Journal of Society for e-Business Studies
• /
• v.18 no.1
• /
• pp.1-12
• /
• 2013

With the increases of requirement for user identification in Internet services, we should let the service companies know my personal information. If the shared personal information with them are used in not-allowed area or delivered to un-authorized persons, we may have practical harms in several fields such as financial related operations. Korean Government has introduced new management method for personal information, but it is not hard to find the personal information management issues from Korean news papers. The proper measurement should be delivered to related companies to help them to decide investment for security. This paper review the indirect measurement method of demages by check the stock prices of related company for personal information management issue. We check the relationship between change of stock price and the information management issue. The result shows there are no changes in stock market. Korean government added strong regulations for personal information management though. To prevent further personal information issues, we should recognize the indirect damages properly and let the company pay higher reparations for any personal information abuse.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.27-37
• /
• 2012

Internet privacy has become a significant issue in recent years in light of the sharp increase in internet-based social and economic activities. The technology which collects, processes and disseminates personal information is improving significantly and the demand for personal information is rising given its inherent value in regard to targeted marketing and customized services. The high value placed on personal information has turned it into a commodity with economic worth which can be transacted in the marketplace. Therefore, it is strongly required to approach the issue of privacy from economic perspective in addition to the prevailing approaches. This article analyzes the behaviors of consumers and firms in gathering personal information, and shielding it from unauthorized access, using a game theory framework in which players strive to do their best under the given conditions. The analysis shows that there exist no market forces which require all firms to respect consumer privacy, and that government intervention in the form of a nudging incentive for information sharing and/or strict regulation is necessary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.53-63
• /
• 2011

An SNS(Social Network Service) enables people to form a social network on online as in the real world. With the rising popularity of the service, side effects of SNSs were issued. Therefore we propose and implement a policy-based privacy protection module and access control policy language for ensuring the right of control of personal information and sharing data among SNSs. The policy language for protecting privacy is based on an attribute-based access control model which grants an access to personal information based on a user's attributes. The policy language and the privacy protection module proposed to give the right of control of personal information to the owner, they can be adopted to other application domains in which privacy protection is needed as well as secure sharing data among SNSs.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.15-26
• /
• 2010

Social Networks such as 'Facebook' and 'Myspace' are regarded as useful tools for people to share interests and maintain or expand relationships with other people. However, they pose the risk that personal information can be exposed to other people without explicit permission from the information owner. Therefore, we need a solution for this problem. Although existing social network sites allow users to specify the exposing range or users who can access their personal information, this cannot be a practical solution because the information can still be revealed to third parties through the permitted users albeit unintentionally. Usually, people allow the access of unknown person to personal data in online social networks and this implies the possibility of information leakage. We could use an access control method based on trust value, but this has the limitation that it cannot reflect the quantitative risk of information leakage. As a solution to this problem, this paper proposes an access control method based on a synthesized metric from trust and risk factors. Our various experiments show that the risk of information leakage can play an important role in the access control of online social networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.505-514
• /
• 2012

Because people usually establish their online social network based on their offline relationship, the social networks (i.e., the graph of friendship relationships) are often used to share contents. Mobile devices let it easier in these days, but it also increases the privacy risk such as access control of shared data and relationship exposure to untrusted server. To control the access on encrypted data and protect relationship from the server, M. Atallah et al. proposed a hop-based scheme in 2009. Their scheme assumed a distributed environment such as p2p, and each user in it shares encrypted data on their social network. On the other hand, it is very inefficient to keep their relationship private, so we propose an improved scheme. In this paper, among encrypted contents and relationships, some authenticated users can only access the data in distributed way. For this, we adopt 'circular-secure symmetric encryption' first. Proposed scheme guarantees the improved security and efficiency compared to the previous work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1115-1122
• /
• 2015

In recent years, the use of game bots by illegal programs has been expanded from individual to group scale; this brings about serious problems in online game industry. The gold farmers group creates an in-game social community so-called "guild" to obtain a large amount of game money and manage game bots efficiently. Although game developers detect game bots by detection algorithms, the algorithms can detect only part of the gold farmers group. In this paper, we propose a detection method for the gold farmers group on a basis of normal and bot guilds characteristic analysis. In order to differentiate normal and bots guild, we analyze transaction patterns for individuals, auction house and chatting. With the analyzed results, we can detect game bot guilds. We demonstrate the feasibility of the proposed methods with real datasets from one of the popular online games named AION in Korea.

• Journal of KIISE:Databases
• /
• v.37 no.4
• /
• pp.209-219
• /
• 2010

Online social network services that are rapidly growing recently store tremendous data and analyze them for many research areas. To enhance the effectiveness of information, companies or public institutions publish their data and utilize the published data for many purposes. However, a social network containing information of individuals may cause a privacy disclosure problem. Eliminating identifiers such as names is not effective for the privacy protection, since private information can be inferred through the structural information of a social network. In this paper, we consider a new complex attack type that uses both the content and structure information, and propose a model, $\ell$-degree diversity, for the privacy preserving publication of the social network data against such attacks. $\ell$-degree diversity is the first model for applying $\ell$-diversity to social network data publication and through the experiments it shows high data preservation rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.735-744
• /
• 2016

Recently, personal information leakage incidents with increased usage of mobile services are increasing. Personal information leakage incidents can have a significant impact on an individual's mobile banking services. Accordingly, we examine relationships among individual's psychological characteristics, intention and behavior regarding compliance in an individual's perception on personal information leakage incidents in mobile banking contexts. In this study, for explaining our research model and understanding with personal psychology and behavior in mobile banking contexts, we adopted two theories, theory of interpersonal behavior and stimulus-response theory. We collected the 55 data using online surveyor and then analyzed structural equation model in order to find causal relationships among research variables. The results of this study should be useful to the mobile banking services companies in promoting service users to follow the information privacy policies.