• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.695-697
• /
• 2013

Medical data sharing is increasing due to treatment duplication which increases the cost of medication. Medical healthcare system has been improved to combine with cloud computing. It reduces treatment delay and the medical data error. However, the concern about the privacy protection of medical information is also significant. Medical information is more sensitive than other information because involuntary disclosure can affect in both personal and social life. Privacy cloud brokerage has conquered great attention for solving these problems. Our method provides a security model in the cloud computing environment that facilitates the exchange of medical records between assigned custodians. It allows doctors to obtain a complete patient medical records which can help to avoid duplication, reduce the medical error and healthcare cost as well. In addition, our method offers a trustworthy solution against the privacy violence.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.669-685
• /
• 2003

Nowadays mobile phones and PDAs are part and parcel of our lives. By carrying a portable mobile device with us all the time we are already living in partial Pervasive Computing Environment (PCE) that is waiting to be exploited very soon. One of the advantages of pervasive computing is that it strongly supports the deployment of Location-Based Service(s) (LBSs). In PCE, there would be many competitive service providers (SPs) trying to sell different or similar LBSs to users. In order to reserve a particular service, it becomes very difficult for a low-computing and resource-poor mobile device to handle many such SPs at a time, and to identify and securely communicate with only genuine ones. Our paper establishes a convincing trust model through which secure job delegation is accomplished. Secure Job delegation and cost effective cryptographic techniques largely help in reducing the burden on the mobile device to securely communicate with trusted SPs. Our protocol also provides users privacy protection, replay protection, entity authentication, and message authentication, integrity, and confidentiality. This paper explains our protocol by suggesting one of the LBSs namely“Secure Automated Taxi Calling Service”.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.791-792
• /
• 2012

RFID security protocol is widely discussed as an important issue, while the mutual authentication with the security agreement is mostly discussed enthusiastically. In this paper we improve HB family to achieve the property of mutual authentication, so that the user privacy can be protected. The future direction is to adapt the protocol for cloud computing.

• The Journal of the Korea Contents Association
• /
• v.13 no.11
• /
• pp.877-884
• /
• 2013

As the Cloud Computing services are growing fast in the world, the number of Cloud Computing service users are being increased enormously in China. Studies on Intention-to-Use have been one of the interesting topics in the field of marketing. In this paper we investigate the factors influencing the intention-to-use of Cloud Computing services in China. Our research model is based on Technology Acceptance Model and includes 'privacy', 'information needs', 'service types', 'service appropriation', 'system quality', and 'system security'. We surveys the Chinese Cloud Computing service users and analyzes with Structural Equation Model. The results show that 'privacy', 'service appropriation', 'system quality', and 'system security' give positive effects to 'intention-to-use'. However, 'information needs' and 'service types' does not give positive effects.

• Journal of Information Technology Applications and Management
• /
• v.24 no.1
• /
• pp.81-91
• /
• 2017

In Korea, "Act on the Development of Cloud Computing and Protection of its Users" has been enforced since September 28, 2015. Many countries implemented 'Cloud First' policies and global companies such as Amazon, Microsoft, IBM started cloud services in Korea. Under these circumstance, the Act was established for developing the cloud computing industry. The Act includes clauses for encouraging the use of private cloud computing by public organizations, supporting small- and medium-size cloud service providers, and utilizing secure cloud computing services by users. However, some terms appear to be similar but have different meanings from "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and "Personal Information Protection Act". This generated some confusion and conflicts in relation to providing user information to a 3rd party and notifying the intrusion in the Cloud Computing Act. This paper discusses these issues and suggestions for revision of the Cloud Computing Act.

• 한국정보컨버전스학회:학술대회논문집
• /
• 2008.06a
• /
• pp.47-52
• /
• 2008

A radio-frequency identification(RFID) tag is a small, inexpensive microchip that emits an identifier in response to a query from a nearby reader. The price of these tags promises to drop to the range of $0.05 per unit in the next several years, offering a viable and powerful replacement for barcodes. The challenge in providing security for low-cost RFID tags is that they are computationally weak devices, unable to perform even basic symmetric-key cryptographic operations. Security researchers often therefore assume that good privacy protection in RFID tags is unattainable. In this paper, we explore a notion of minimalist cryptography suitable for RFID tags. We consider the type of security obtainable in RFID devices with a small amount of rewritable memory, but very limited computing capability. Our aim is to show that standard cryptography is not necessary as a starting point for improving security of very weak RFID devices. Our contribution is threefold: 1. We propose a new formal security model for authentication and privacy in RFID tags. This model takes into account the natural computational limitations and the likely attack scenarios for RFID tags in real-world settings. It represents a useful divergence from standard cryptographic security modeling, and thus a new view of practical formalization of minimal security requirements for low-cost RFID-tag security. 2. We describe protocol that provably achieves the properties of authentication and privacy in RFID tags in our proposed model, and in a good practical sense. Our proposed protocol involves no computationally intensive cryptographic operations, and relatively little storage. 3. Of particular practical interest, we describe some reduced-functionality variants of our protocol. We show, for instance, how static pseudonyms may considerably enhance security against eavesdropping in low-cost RFID tags. Our most basic static-pseudonym proposals require virtually no increase in existing RFID tag resources.

• Informatization Policy
• /
• v.21 no.2
• /
• pp.49-66
• /
• 2014

In the last few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. However, as more and more information on individuals and companies are placed in the cloud, concerns on just how safe the computing environment is have gradually increased. In this study, it will be explored if key characteristics of cloud computing services would affect the behavioral intention to use public cloud computing services. A conceptual model is developed and seven research hypotheses are proposed for empirical testing. The proposed model is examined through structural equation analysis. The results show that perceived risk has statistically significant effect on the privacy concern of users and the privacy concern has a negative influence on the trust. Finally, the trust has a positive effect on the attitude and the attitude has statistically significant effect on use intention. Implications of these findings are discussed for both researchers and practitioners and future research issues are raised as well.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.1
• /
• pp.85-90
• /
• 2016

In this paper, the biometric data is transmitted in real time from the IoT environment is runoff, forgery, alteration, prevention of the factors that can be generated from a denial-of-service in advance, and the security strategy for the biometric data to protect the biometric data secure from security threats offer. The convenience of living in our surroundings to life with the development of ubiquitous computing and smart devices are available in real-time. And is also increasing interest in the IOT. IOT environment is giving the convenience of life. However, security threats to privacy also are exposed for 24 hours. This paper examines the security threats to biological data to be transmitted in real time from IOT environment. The technology for such security requirements and security technology according to the analysis of the threat. And with respect to the biometric data transmitted in real time on the IoT environment proposes a security strategy to ensure the stability against security threats and described with respect to its efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.25-35
• /
• 2006

Radio Frequency identification (RFID) will become an important technology in remotely object identification systems. However, the use of RFID tags may create new threats to the sniな and Privacy of individuals holding RFID tags. These threats bring several problems which are information leakage of a tag, location trace of individuals and impersonation of a tag. Low-cost RFID systems have much restrictions such as the limited computing power, passive power mechanism and low storage space. Therefore, the cost of tag's computation should be considered as an important factor in low-cost RFID systems. We propose an authentication protocol, OHLCAP which requires only one one-way hash function operation and hence is very efficient. Furthermore, our protocol is suitable to distribution database environment. Hence our scheme can be applied to ubiquitous computing environment.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.139-145
• /
• 2023

These days, protecting location privacy has become essential and really challenging, especially protecting it from smart applications and services that rely on Location-Based Services (LBS). As the technology and the services that are based on it are developed, the capability and the experience of the attackers are increased. Therefore, the traditional protection ways cannot be enough and are unable to fully ensure and preserve privacy. Previously, a hybrid approach to privacy has been introduced. It used an obfuscation technique, called Double-Obfuscation Approach (DOA), to improve the privacy level. However, this approach has some weaknesses. The most important ones are the fog nodes that have been overloaded due to the number of communications. It is also unable to prevent the Tracking and Identification attacks in the Mix-Zone technique. For these reasons, this paper introduces a developed and enhanced approach, called Multi-Obfuscation Approach (MOA that mainly depends on the communication between neighboring fog nodes to overcome the drawbacks of the previous approach. As a result, this will increase the resistance to new kinds of attacks and enhance processing. Meanwhile, this approach will increase the level of the users' privacy and their locations protection. To do so, a big enough memory is needed on the users' sides, which already is available these days on their devices. The simulation and the comparison prove that the new approach (MOA) exceeds the DOA in many Standards for privacy protection approaches.