• Journal of KIISE
• /
• v.44 no.9
• /
• pp.918-931
• /
• 2017

Recently, the spread of smartphones and various wearable devices has led to increases in the accumulation and usage of personal information. As a result, privacy protection has become an issue. Even though there have been studies and efforts to improve legal and technological security measures for protecting privacy, personal information leakage accidents still occur. Rather than privacy requirements, analysts mostly focus on the implementation of security technology within software development. Previous studies of security requirements strongly focused on supplementing the basic principles and laws for privacy protection and securing privacy requirements without understanding the relationship between privacy and security. As a result, personal information infringement occurs continuously despite the development of security technologies and the revision of the Personal Information Protection Act. Therefore, we need a method for eliciting privacy requirements based on related privacy protection laws that are applicable to software development. We also should clearly specify the relationship between privacy and security. This study aims to elicit privacy requirements and create privacy assurances cases for Privacy Friendly System development.

• Journal of Internet Computing and Services
• /
• v.10 no.4
• /
• pp.139-149
• /
• 2009

In order to verify that a lot of legal requirements and regulations are correctly translated into software, this paper provides a solution for formal and computable representations of rules and requirements in data protection legislations with a DSML (Domain Specific Modeling Language). All policies are formally specified through Prolog and then integrated with DSML, According to the time of policy verification, this solution has two kinds of policies: static policies, dynamic policies.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.652-663
• /
• 2015

Due to the popularity of location-based services, the amount of generated spatial data in daily life has been dramatically increasing. Therefore, spatial database outsourcing has become popular for data owners to reduce the spatial database management cost. The most important consideration in database outsourcing is meeting the privacy requirements and guarantying the integrity of the query result. However, most of existing database transformation techniques do not support both of the data privacy and integrity of the query result. To solve this problem, we propose a spatial data transformation scheme that utilizes the shearing transformation with rotation shifting. In addition, we described the attack models to measure the data privacy of database transformation schemes. Finally, we demonstrated through the experimental evaluations that our scheme provides high level of data protection against different kinds of attack models, compared to the existing schemes, while guaranteeing the integrity of the query result sets.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.241-244
• /
• 2003

공중 무선랜 서비스의 확산으로 무선랜은 무선 인터넷의 중요한 매체로 이용되고 있다. 그러나 사용자의 프라이버시(Privacy) 문제나 접근제어(Access Control) 같은 인증 (Authentication) 문제와 함께 과금(Accounting) 및 빌링(Billing)의 문제가 중요한 이슈로 대두되고 있다. 본 논문에서는 공중 무선랜의 이동환경을 위한 Diameter 기반 선불 과금 모델을 제안하고, 그에 대한 검증 결과를 함께 제시한다. 최종적으로 제안된 선불 과금 모델은 공중 무선랜에서의 패킷과금을 지원하기 위한 요구사항들을 충족시키고, 글로벌 로밍 서비스를 위한 이동성을 향상하는 기반 기술로서 이용되기를 기대한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.6B
• /
• pp.618-630
• /
• 2011

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. Although the users can get the information about a certain product anytime anywhere, there is high probability that their privacy may be violated because their belongings with RFID tags can be scanned by other mobile readers at any time. Several RFID authentication schemes have been proposed to deal with these privacy issues. However, since the existing solutions require heavy computation on the tag side, most of them is not applicable to the general low-cost passive tags which do not have any processing unit. In this paper, we propose the efficient authentication scheme for mobile RFID system applicable to the passive tags as well as the active ones by the best use of computing capability of mobile devices. The proposed scheme satisfies the import security issues such as tag protection, untraceability, anti-traffic analysis. We also implement the proposed scheme on top of real smartphone for feasibility and show the experimental results from it.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2004.05a
• /
• pp.139-142
• /
• 2004

전자화폐는 전자상거래의 발달로 인해 이용이 높아지고 있다. 전자화폐는 실질 화폐의 가치를 가지고 있으므로, 여러 가지의 보안 사항 및 요구 사항이 필요하다. 그 중에서 익명성의 제공은 사용자의 프라이버시를 제공할 수 있는 방안이다. 보안 기술로는 은닉 서명 방식을 이용하는데 서명자가 메시지의 내용을 알 수 없는 상태에서 서명을 하는 것으로 사용자만이 값을 알고 있다. 그러나 서명 받을 메시지의 정당성을 확인하는 연산을 수행하여야 한다 본 논문에서 제안하는 것은 수신자 지정 서명방식을 이용하여, 전자화폐를 발급받고 이를 이용한다. 수신자 지정 서명은 서명자가 선택하는 검증자만이 확인 가능하므로, 전자화폐를 다른 제 3자가 이용할 수 없게 된다. 그러나 익명성을 제공할 수 없으므로, 변형이 필요하다. 제안 방식은 사용자의 지정을 통해 정당한 사용자만이 검증 할 수 있으며, 익명성의 제공을 위해 사용자가 선택한 임의 값을 삭제한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.2
• /
• pp.215-222
• /
• 2019

Advances in technologies about 3D (three-dimensional) printing and smart factory related issues will have the effect of reducing the cost of building a smart factory and making various types of service available. Manufacturers and service providers of small assets work with outside experts to provide small amounts of customized ordering services. If customers have to disclose their private information to subscribe to a new service, they may be reluctant to use it and the availability of developed technology may cause slow progress. We propose a new protocol for customized order service for smart factory. The proposed approach is designed to meet requirements of security and based on smart contract in IoT convergence network. We analyzed the requirements of the proposed approach which provided anonymity, privacy, fairness, and non-repudiation. We compared it with closely related studies to show originality and differences.

• Journal of KIISE:Information Networking
• /
• v.37 no.6
• /
• pp.420-430
• /
• 2010

Due to increasing demand for improving road safety and optimizing road traffic, Vehicular Ad-Hoc Networks (VANET) have been subject to extensive attentions from all aspects of commercial industry and academic community. Security and user privacy are fundamental issues for all possible promising applications in VANET. Most of the existing security proposals for secure VANET concentrate authentication with privacy preservation in vehicle-to-vehicle (V2V) and vehicle-to-roadside infrastructure (V2I) communications and require huge storage and network capacity for management of revocation list. Motivated by the fact, we propose a new scheme with security and privacy preservation which combines V2V and V2I communication. With our proposed scheme, the communication and computational delay for authentication and overhead for management of revocation list can be significantly reduced due to mutual authentication between a vehicle and a Roadside Unit (RSU) requires only two messages, and the RSU issues the anonymous certificate for the vehicle on behalf of the Trust Authority (TA). We demonstrate that the proposed protocol cannot only guarantee the requirements of security and privacy but can also provide efficiency of authentication and management of revocation list.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.635-638
• /
• 2018

The Cost for introducing smart factory will decrease and the service type will change from a large scale to small quantity manufacturing, when 3D printing technologies have actively applied and smart factory related technologies have more stably developed. If customers have to provide private information, the availability of developed technology may cause slow progress. We propose a new protocol for custom manufacturing service of smart factory. The proposed approach is designed for smart contract based IoT convergence network. We analyzed the requirements of the proposed approach which provides anonymity, privacy, fairness, and non-repudiation. We compared it with closely related studies to show originality and differences.

• Management & Information Systems Review
• /
• v.38 no.1
• /
• pp.23-41
• /
• 2019

Smart Factory is different from existing factory automation in that it aims to produce personalized products with minimum time and cost through ICT. However, previous researches, not from consumers but from product suppliers, have focused on technology trends and technology application methods. In order for Smart Factory to be successful, it must go beyond supplier-focus to meet the needs of consumers. In this study, we surveyed the purchase intention of the personalized product manufactured by smart factory. Influencing factors of purchase intention were drawn as consumers' need for uniqueness, innovativeness, need for touch, and privacy concern, based on previous research. As results of data analysis, it was confirmed that respondents were willing to purchase personalized products, and that consumers' need for uniqueness, innovativeness, and need for touch had a significant impact on purchase intention of personalized products. Our findings can be summarized as follows. First, Consumers' need for uniqueness was found to have positive effects(${\beta}=0.168$) on purchase intention of personalized products. The desire to differentiate themselves from others will be reflected in their personalized products. Therefore, consumers with a higher desire for uniqueness tend to be more willing to purchase personalized products. Second, consumer innovativeness was found to have positive effects(${\beta}=0.233$) on purchase intention of personalized products. Personalized shoes suggested in this study is a new type of personalized product that is manufactured by the latest information and communication technologies such as multi-function robots and 3D printing. Therefore, consumers seeking innovative new experiences are more willing to purchase personalized products. Third, need for touch was found to have positive effects(${\beta}=0.299$) on purchase intention of personalized products. In a smart factory environment, prosuming participation is given to consumers. If consumers participate in the product development process and reflect their requirements on the product, they are expected to increase their purchase intention by virtually satisfying the need for touch. Fourth, privacy concern was found to have no significantly related to purchase intention of personalized products. This is interpreted as a willingness to tolerate the risk of exposing personal information such as home address, telephone number, body size, and preference for consumers who feel highly useful in personalized products.