• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.895-896
• /
• 2015

With the development of sensor, wireless mobile communication, embedded system and cloud computing, the technologies of Internet of Things have been widely used in logistics, Smart devices security, intelligent building and o on. Bridging between wireless sensor networks with traditional communication networks or Internet, IoT gateway plays n important role in IoT applications, which facilitates the integration of wireless sensor networks and mobile communication networks or Internet, and the management and control with wireless sensor networks. The IoT Gateway is a key component in IoT application systems but It has lot of security issues. We analyzed the trends of security and privacy matters.

• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.51-59
• /
• 2008

As the innovative IT are being developed and applied in the e-business environment, firms are recognizing the fact that amount of customer information is providing care competitive edge. However, sensitive privacy information are abused and misused, and it is affecting the firms to require appropriate measures to protect privacy information and implement security techniques to safeguard carparate resources. This research analyzes the threat of privacy information exposure in the e-business environment, suggest the IPM-Trusted Privacy Policy Model in order to resolve the related problem, and examines 4 key mechanisms (CAM, SPM, RBAC Controller, OCM) focused on privacy protection. The model is analyzed and designed to enable access management and control by assigning user access rights based on privacy information policy and procedures in the e-business environment. Further, this research suggests practical use areas by applying TPM to CRM in e-business environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.636-639
• /
• 2013

With the development and rapid growth of cloud computing, lots of application services based on cloud computing have been developed. In addition, cloud-based DRM systems have been developed to support those services' copyright and privacy protection. In this paper, we propose a new cloud-based user-friendly DRM system, which allows users to execute the same contents bought at most n times at any devices with license enforcement, which checks the validation of licenses before every execution, having no smart card, which has to carry a smart card reader that seems troublesome to a user, and providing the copyright and privacy protection.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.2
• /
• pp.95-105
• /
• 2012

The widespread implementation of RFID in ubiquitous computing is constrained considerably by privacy and security unreliability of the wireless communication channel. This failure to satisfy the basic, security needs of the technology has a direct impact of the limited computational capability of the tags, which are essential for the implementation of RFID. Because the universal application of RFID means the use of low cost tags, their security is limited to lightweight cryptographic primitives. Therefore, EPCGen2, which is a class of low cost tags, has the enabling properties to support their communication protocols. This means that satisfying the security needs of EPCGen2 could ensure low cost security because EPCGen2 is a class of low cost, passive tags. In that way, a solution to the hindrance of low cost tags lies in the security of EPCGen2. To this effect, many lightweight authentication protocols have been proposed to improve the privacy and security of communication protocols suitable for low cost tags. Although many EPCgen2 compliant protocols have been proposed to ensure the security of low cost tags, the optimum security has not been guaranteed because many protocols are prone to well-known attacks or fall short of acceptable computational load. This paper proposes a remedy protocol to the flyweight RFID authentication protocol proposed by Burmester and Munilla against a desynchronization attack. Based on shared pseudorandom number generator, this protocol provides mutual authentication, anonymity, session unlinkability and forward security in addition to security against a desynchronization attack. The desirable features of this protocol are efficiency and security.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.1
• /
• pp.65-71
• /
• 2012

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

• Journal of Internet Computing and Services
• /
• v.24 no.4
• /
• pp.15-24
• /
• 2023

Digital therapeutics (DTx) are utilized to replace or supplement drug therapy to treat patients. DTx are developed as a mobile application for portability and convenience. The government requires security verification to be performed on digital medical devices that manage sensitive information during the transmission and storage of patient data. Although safety verification is included in the approval process for DTx, the cybersecurity checklist used as a reference does not reflect the characteristics of mobile applications. This poses the risk of potentially overlooking vulnerabilities during security verification. This study aims to address this issue by comparing and analyzing existing items based on the mobile tactics, techniques, and procedures of MITRE ATT&CK, which manages globally known and occurring vulnerabilities through regular updates. We identify 16 items that require improvement and expand the checklist to 29 items to propose improvement measures. The findings of this study may contribute to the safe development and advancement of DTx for managing sensitive patient information.

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.335-346
• /
• 2009

Mobile environments are evolving the main communication environment as a develops of communication technology. In mobile environments, sensitive information can be compromised on-line, so demand for security has increased. Also, mobile devices that provide various services are in danger from malware and illegal devices, phishing and sniffing etc, and the privacy. Therefore, MTM(Mobile Trusted Module) is developed and promoted by TCG(Trusted Computing Group), which is an industry standard body to enhance the security level in the mobile computing environment. MTM protects user privacy and platform integrity, because it is embedded in the platform, and it is physically secure. However, a security approach is required when secret data is migrated elsewhere, because MTM provides strong security functions. In this paper, we analyze the TCG standard and migration method for cryptographic key, then we propose a secure migration scheme for cryptographic key using key Backup/Recovery method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.1025-1026
• /
• 2015

With the development of sensor, wireless mobile communication, embedded system and cloud computing, the technologies of Internet of Things have been widely used in real word. Connecting wireless sensor networks with traditional communication networks or Internet, IoT gateway plays an important role in IoT applications. It facilitates the integration of wireless sensor networks and mobile communication networks or Internet. The IoT gateway is a key component in IoT application systems. But It has lot of security issues. We analyzed the issues of security and privacy.

• Journal of Information Processing Systems
• /
• v.18 no.2
• /
• pp.245-257
• /
• 2022

In the Internet of Things (IoT) era, the types of devices used by one user are becoming more diverse and the number of devices is also increasing. However, a forensic investigator is restricted to exploit or collect all the user's devices; there are legal issues (e.g., privacy, jurisdiction) and technical issues (e.g., computing resources, the increase in storage capacity). Therefore, in the digital forensics field, it has been a challenge to acquire information that remains on the devices that could not be collected, by analyzing the seized devices. In this study, we focus on the fact that multiple devices share data through account synchronization of the online platform. We propose a novel way of identifying the user's interest through analyzing the remnants of targeted advertising which is provided based on the visited websites or search terms of logged-in users. We introduce a detailed methodology to pick out the targeted advertising from cache data and infer the user's interest using deep learning. In this process, an improved learning model considering the unique characteristics of advertisement is implemented. The experimental result demonstrates that the proposed method can effectively identify the user interest even though only one device is examined.