• International Journal of Computer Science & Network Security
• /
• 제23권7호
• /
• pp.49-60
• /
• 2023

The amount of data generated by electronic systems through e-commerce, social networks, and data computation has risen. However, the security of data has always been a challenge. The problem is not with the quantity of data but how to secure the data by ensuring its confidentiality and privacy. Though there are several research on cloud data security, this study proposes a security scheme with the lowest execution time. The approach employs a non-linear time complexity to achieve data confidentiality and privacy. A symmetric algorithm dubbed the Non-Deterministic Cryptographic Scheme (NCS) is proposed to address the increased execution time of existing cryptographic schemes. NCS has linear time complexity with a low and unpredicted trend of execution times. It achieves confidentiality and privacy of data on the cloud by converting the plaintext into Ciphertext with a small number of iterations thereby decreasing the execution time but with high security. The algorithm is based on Good Prime Numbers, Linear Congruential Generator (LGC), Sliding Window Algorithm (SWA), and XOR gate. For the implementation in C, thirty different execution times were performed and their average was taken. A comparative analysis of the NCS was performed against AES, DES, and RSA algorithms based on key sizes of 128kb, 256kb, and 512kb using the dataset from Kaggle. The results showed the proposed NCS execution times were lower in comparison to AES, which had better execution time than DES with RSA having the longest. Contrary, to existing knowledge that execution time is relative to data size, the results obtained from the experiment indicated otherwise for the proposed NCS algorithm. With data sizes of 128kb, 256kb, and 512kb, the execution times in milliseconds were 38, 711, and 378 respectively. This validates the NCS as a Non-Deterministic Cryptographic Algorithm. The study findings hence are in support of the argument that data size does not determine the execution.

• 한국정보전자통신기술학회논문지
• /
• 제9권5호
• /
• pp.439-444
• /
• 2016

본 논문에서는 위치기반 스마트 관광 서비스를 이용하는 사용자들의 개인 정보 중에서 위치정보를 보호하기 위한 기법을 제안한다. 제안하는 프라이버시 보호 기법은 첫째, 사용자와 관광 서버간에 정보 교환없이 OTK(One Time Key)인 공유 비밀키를 생성하고, 이 공유 비밀키로 데이터를 암호화하여 전달함으로써 사용자와 관광 서버 사이의 메시지 기밀성을 제공한다. 둘째, 사용자와 관광 서버는 사용자 ID, 로그인 시간(timestamp), 그리고 랜덤하게 생성된 난수를 연접하고 해시함수로 해싱하여 OTK를 생성하고, 이 OTK와 XOR 연산을 이용하여 사용자의 위치 정보와 질의어를 암호화하여 전송하므로 사용자와 관광 서버 사이의 메시지 기밀성을 제공한다. 셋째, OTK에 타임스탬프를 추가하여 메시지 재전송공격을 방지한다. 그 결과, 제안하는 개인 프라이버시 보호 기법은 데이터의 기밀성과 사용자의 프라이버시 보호를 제공할 뿐만 아니라 사용자의 위치정보와 행동 패턴 데이터의 안전성도 보장할 수 있다.

• Journal of Preventive Medicine and Public Health
• /
• 제40권2호
• /
• pp.122-129
• /
• 2007

During the last decade, genomic cohort study has been developed in many countries by linking health data and genetic data in stored samples. Genomic cohort study is expected to find key genetic components that contribute to common diseases, thereby promising great advance in genome medicine. While many countries endeavor to build biobank systems, biobank-based genome research has raised important ethical concerns including genetic privacy, confidentiality, discrimination, and informed consent. Informed consent for biobank poses an important question: whether true informed consent is possible in population-based genomic cohort research where the nature of future studies is unforeseeable when consent is obtained. Due to the sensitive character of genetic information, protecting privacy and keeping confidentiality become important topics. To minimize ethical problems and achieve scientific goals to its maximum degree, each country strives to build population-based genomic cohort research project, by organizing public consultation, trying public and expert consensus in research, and providing safeguards to protect privacy and confidentiality.

• 연구윤리
• /
• 제4권1호
• /
• pp.1-7
• /
• 2023

Purpose: Poor anonymity and confidential strategies by a researcher not only develop unprecedented and precedented harm to participants but also impacts the overall critical appraisal of the research outcomes. Therefore, understanding and applying anonymity and confidentiality in research is key for credible research. As such, this research expansively presents the importance of anonymity and confidentiality for research surveys through critical literature reviews of past works. Research design, data and methodology: This research has selected the literature content approach to obtain proper literature dataset which was proven by high degree of validity and reliability using only books and peer-reviewed research articles. The current authors have conducted screening procedure thoroughly to collect better fitted resources. Results: Research findings consistently mentioned the confidentiality and anonymity principles are preserved and implemented as a means of protecting the privacy of all individuals, establishing trust and rapport between researchers and study participants, as a way of critically upholding research ethical standards, and preserving the integrity of research processes. Conclusions: Confidentiality and anonymity are research ethical principles that help in providing informed consent to participants assuring subjects of the privacy of their personal data. As provided by research bodies and organizations, every research process has to incorporate the principles to meet credibility.

• International Journal of Computer Science & Network Security
• /
• 제22권3호
• /
• pp.364-374
• /
• 2022

Health information systems (HIS) are facing security challenges on data privacy and confidentiality. These challenges are based on centralized system architecture creating a target for malicious attacks. Blockchain technology has emerged as a trending technology with the potential to improve data security. Despite the effectiveness of this technology, still HIS are suffering from a lack of data privacy and confidentiality. This paper presents a blockchain-based data storage security architecture integrated with an e-Health care system to improve its security. The study employed a qualitative research method where data were collected using interviews and document analysis. Execute-order-validate Fabric's storage security architecture was implemented through private data collection, which is the combination of the actual private data stored in a private state, and a hash of that private data to guarantee data privacy. The key findings of this research show that data privacy and confidentiality are attained through a private data policy. Network peers are decentralized with blockchain only for hash storage to avoid storage challenges. Cost-effectiveness is achieved through data storage within a database of a Hyperledger Fabric. The overall performance of Fabric is higher than Ethereum. Ethereum's low performance is due to its execute-validate architecture which has high computation power with transaction inconsistencies. E-Health care system administrators should be trained and engaged with blockchain architectural designs for health data storage security. Health policymakers should be aware of blockchain technology and make use of the findings. The scientific contribution of this study is based on; cost-effectiveness of secured data storage, the use of hashes of network data stored in each node, and low energy consumption of Fabric leading to high performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2768-2780
• /
• 2019

Ciphertext-policy attribute-based encryption (CP-ABE) is one of the practical technologies to share data over cloud since it can protect data confidentiality and support fine-grained access control on the encrypted data. However, most of the previous schemes only focus on data confidentiality without considering data receiver privacy preserving. Recently, Li et al.(in TIIS, 10(7), 2016.7) proposed a CP-ABE with hidden access policy and testing, where they declare their scheme achieves privacy preserving for the encryptor and decryptor, and also has high decryption efficiency. Unfortunately, in this paper, we show that their scheme fails to achieve hidden access policy at first. It means that any adversary can obtain access policy information by a simple decisional Diffie-Hellman test (DDH-test) attack. Then we give a method to overcome this shortcoming. Security and performance analyses show that the proposed scheme not only achieves the privacy protection for users, but also has higher efficiency than the original one.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권1호
• /
• pp.323-342
• /
• 2021

Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

• 한국산학기술학회논문지
• /
• 제9권3호
• /
• pp.787-793
• /
• 2008

본 연구는 대전광역시에 소재한 A대학교 병원 의무기록실에서 2006년 1월부터 2006년 3월까지의 3개월간 의무기록사본 발급 받은 환자 및 환자 보호자를 대상으로 사본발급특성을 구조방정식한 결과 "의무기록 사본 발급시간대"는 "의무기록 사본 발급 특성"에 대한 경로계수가 -0.01로 (-)의 직접 효과가 있었고, "일반적 특성"에 대한 경로계수가 0.86으로 정(+)의 직접 효과가 있었다. 이는 소비자의 권리의식의 향상과 각종 민간보험업계의 보험금 지급업무와 관련된 진료내용의 확인요구 등의 이유로 인하여 환자 본인, 보호자 및 보험회사 직원 등 다양한 대리인이 환자 개인의 진료기록에 대한 열람이나 사본교부를 요구한 결과로 사료된다. 이상과 같은 결과, 의무기록 관리에 있어서 사생활 보호(privacy)와 비밀 보호(confidentiality)는 가장 중요한 핵심으로 의무기록 저장 매체가 종이든 전자 매체든 관계없이 지켜져야 할 것으로 사료된다.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.89-95
• /
• 2023

Cloud computing today provides huge computational resources, storage capacity, and many kinds of data services. Data sharing in the cloud is the practice of exchanging files between various users via cloud technology. The main difficulty with file sharing in the public cloud is maintaining privacy and integrity through data encryption. To address this issue, this paper proposes an Enhanced RSA encryption schema (ERSA) for data sharing in the public cloud that protects privacy and strengthens data integrity. The data owners store their files in the cloud after encrypting the data using the ERSA which combines the RSA algorithm, XOR operation, and SHA-512. This approach can preserve the confidentiality and integrity of a file in any cloud system while data owners are authorized with their unique identities for data access. Furthermore, analysis and experimental results are presented to verify the efficiency and security of the proposed schema.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2011년도 춘계학술대회
• /
• pp.754-756
• /
• 2011

Most of the sources of security and privacy issues in RFID technology arise from the violation of the air interface between a tag and its reader. This paper will approach the security risk analysis is process from the perspective of the RFID tag life cycle, identify the tag usage processes, identify the associated vulnerability and threat to the confidentiality, integrity and availability of the information assets and its implications for privacy, and then mitigate the risks.