• KIISE Transactions on Computing Practices
• /
• v.21 no.1
• /
• pp.58-63
• /
• 2015

In this work, we present a novel fountain code-based hybrid P2P storage system that combines cloud storage with P2P storage. The proposed hybrid storage system minimizes data transmission time while guaranteeing high data retrieval and data privacy. In order to guarantee data privacy and storage efficiency, the user transmits encoded data after performing fountain code-based encoding. Also, the proposed algorithm guarantees the user's data retrieval by storing the data while considering each peer's survival probability. The simulation results show that the proposed algorithm enables fast completion of the upload transmission while satisfying the required data retrieval and supporting the privacy of user data under the system parameters.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.17-24
• /
• 2018

Today, we are living in the era of data and information. With the advent of Internet of Things (IoT), the popularity of social networking sites, and the development of mobile devices, a large amount of data is being produced in diverse areas. The collection of such data generated in various area is called big data. As the importance of big data grows, there has been a growing need to share big data containing information regarding an individual entity. As big data contains sensitive information about individuals, directly releasing it for public use may violate existing privacy requirements. Thus, privacy-preserving data publishing (PPDP) has been actively studied to share big data containing personal information for public use, while preserving the privacy of the individual. K-anonymity, which is the most popular method in the area of PPDP, transforms each record in a table such that at least k records have the same values for the given quasi-identifier attributes, and thus each record is indistinguishable from other records in the same class. As the size of big data continuously getting larger, there is a growing demand for the method which can efficiently anonymize vast amount of dta. Thus, in this paper, we develop an efficient k-anonymity method by using Spark distributed framework. Experimental results show that, through the developed method, significant gains in processing time can be achieved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1519-1534
• /
• 2017

Data de-identification is the one of the technique that preserves individual data privacy and provides useful information of data to the analyst. However, original de-identification techniques like k-anonymity have vulnerabilities to background knowledge attacks. On the contrary, differential privacy has a lot of researches and studies within several years because it has both strong privacy preserving and useful utility. In this paper, we analyze various models based on differential privacy and formalize a differentially private model on financial data. As a result, we can formalize a differentially private model on financial data and show that it has both security guarantees and good usefulness.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.7
• /
• pp.3375-3400
• /
• 2018

With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.261-269
• /
• 2023

We propose to design a Holochain-based security and privacy protection system for resource-constrained IoT healthcare systems. Through analysis and performance evaluation, the proposed system confirmed that these characteristics operate effectively in the IoT healthcare environment. The system proposed in this paper consists of four main layers aimed at secure collection, transmission, storage, and processing of important medical data in IoT healthcare environments. The first PERCEPTION layer consists of various IoT devices, such as wearable devices, sensors, and other medical devices. These devices collect patient health data and pass it on to the network layer. The second network connectivity layer assigns an IP address to the collected data and ensures that the data is transmitted reliably over the network. Transmission takes place via standardized protocols, which ensures data reliability and availability. The third distributed cloud layer is a distributed data storage based on Holochain that stores important medical information collected from resource-limited IoT devices. This layer manages data integrity and access control, and allows users to share data securely. Finally, the fourth application layer provides useful information and services to end users, patients and healthcare professionals. The structuring and presentation of data and interaction between applications are managed at this layer. This structure aims to provide security, privacy, and resource efficiency suitable for IoT healthcare systems, in contrast to traditional centralized or blockchain-based systems. We design and propose a Holochain-based security and privacy protection system through a better IoT healthcare system.

• Asia pacific journal of information systems
• /
• v.18 no.1
• /
• pp.145-162
• /
• 2008

One of the big concerns in e-society is privacy issue. In special, in developing robust ubiquitous smart space and corresponding services, user profile and preference are collected by the service providers. Privacy issue would be more critical in context-aware services simply because most of the context data themselves are private information: user's current location, current schedule, friends nearby and even her/his health data. To realize the potential of ubiquitous smart space, the systems embedded in the space should corporate personal privacy preferences. When the users invoke a set of services, they are asked to allow the service providers or smart space to make use of personal information which is related to privacy concerns. For this reason, the users unhappily provide the personal information or even deny to get served. On the other side, service provider needs personal information as rich as possible with minimal personal information to discern royal and trustworthy customers and those who are not. It would be desirable to enlarge the allowable personal information complying with the service provider's request, whereas minimizing service provider's requiring personal information which is not allowed to be submitted and user's submitting information which is of no value to the service provider. In special, if any personal information required by the service provider is not allowed, service will not be provided to the user. P3P (Platform for Privacy Preferences) has been regarded as one of the promising alternatives to preserve the personal information in the course of electronic transactions. However, P3P mainly focuses on preserving the buyers' personal information. From time to time, the service provider's business data should be protected from the unintended usage from the buyers. Moreover, even though the user's privacy preference could depend on the context happened to the user, legacy P3P does not handle the contextual change of privacy preferences. Hence, the purpose of this paper is to propose a mutual P3P-based negotiation mechanism. To do so, service provider's privacy concern is considered as well as the users'. User's privacy policy on the service provider's information also should be informed to the service providers before the service begins. Second, privacy policy is contextually designed according to the user's current context because the nomadic user's privacy concern structure may be altered contextually. Hence, the methodology includes mutual privacy policy and personalization. Overall framework of the mechanism and new code of ethics is described in section 2. Pervasive platform for mutual P3P considers user type and context field, which involves current activity, location, social context, objects nearby and physical environments. Our mutual P3P includes the privacy preference not only for the buyers but also the sellers, that is, service providers. Negotiation methodology for mutual P3P is proposed in section 3. Based on the fact that privacy concern occurs when there are needs for information access and at the same time those for information hiding. Our mechanism was implemented based on an actual shopping mall to increase the feasibility of the idea proposed in this paper. A shopping service is assumed as a context-aware service, and data groups for the service are enumerated. The privacy policy for each data group is represented as APPEL format. To examine the performance of the example service, in section 4, simulation approach is adopted in this paper. For the simulation, five data elements are considered: $\cdot$ UserID $\cdot$ User preference $\cdot$ Phone number $\cdot$ Home address $\cdot$ Product information $\cdot$ Service profile. For the negotiation, reputation is selected as a strategic value. Then the following cases are compared: $\cdot$ Legacy P3P is considered $\cdot$ Mutual P3P is considered without strategic value $\cdot$ Mutual P3P is considered with strategic value. The simulation results show that mutual P3P outperforms legacy P3P. Moreover, we could conclude that when mutual P3P is considered with strategic value, performance was better than that of mutual P3P is considered without strategic value in terms of service safety.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.7
• /
• pp.3356-3374
• /
• 2018

The healthcare and fitness wearable-device market is considered as the driving force of the entire wearable device market. However, there are concerns with respect to information privacy because wearable devices constantly collect sensitive data such as individuals' health information. Thus, there is a need for a comprehensive understanding from the perspective of information privacy concerns and related behavior. This study investigates factors considered in the privacy calculus of wearable fitness devices, and verifies differences obtained by the privacy calculus process according to the frequency of exercise. The results obtained from a survey of 248 undergraduate students in Korea revealed that service providers should consider users' interests and exercise characteristics in order to mitigate their privacy concerns and encourage continuous use of wearable devices. This study provides useful insights pertaining to users of wearable fitness devices, and targets researchers and practitioners.

• Knowledge Management Research
• /
• v.19 no.1
• /
• pp.19-39
• /
• 2018

With the development of information technology, social network services (SNS) such as Facebook and Twitter became popular and many users disclose their personal and sensitive information like private story, photographs and location information through posting and sharing. Despite the privacy concerns in SNSs, individuals continue to disclose their identity online. This phenomenon is called 'privacy paradox'. The purpose of this study is to examine the role of collective efficacy on self-disclosure in SNS context and to explain privacy paradox phenomenon. Drawing upon the communication privacy management theory, research model was developed and empirically tested with cross-sectional data from 306 individuals. Results revealed that collective efficacy has a direct positive effect on self-disclosure while privacy risk is negatively related to self-disclosure. However, privacy concern is not directly related to self-disclosure. The relationship between privacy concern and self-disclosure was moderated by collective efficacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.923-939
• /
• 2012

In the information society, to serve the normal economic activity and to delivery the public service is to secure the privacy information. The government endeavors to support with the privacy protection laws and public organizations. This paper is to study the privacy protection policy in the major countries by analyzing the laws and organizations. At last, The study is to examine the policy tasks to support the privacy protection policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.987-999
• /
• 2021

Recently, Federated learning has become an issue due to privacy invasion caused by data. Federated learning is safe from privacy violations because it does not need to be collected into a server and does not require learning data. As a result, studies on application methods for utilizing distributed devices and data are underway. However, Federated learning is no longer safe as research on the reconstruction attack to restore learning data from gradients transmitted in the Federated learning process progresses. This paper is to verify numerically and visually how well data reconstruction attacks work in various data situations. Considering that the attacker does not know how the data is constructed, divide the data with the class from when only one data exists to when multiple data are distributed within the class, and use MNIST data as an evaluation index that is MSE, LOSS, PSNR, and SSIM. The fact is that the more classes and data, the higher MSE, LOSS, and PSNR and SSIM are, the lower the reconstruction performance, but sufficient privacy invasion is possible with several reconstructed images.