• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권2호
• /
• pp.450-470
• /
• 2023

Traditional cloud computing faces some challenges such as huge energy consumption, network delay and single point of failure. Edge computing is a typical distributed processing platform which includes multiple edge servers closer to the users, thus is more robust and can provide real-time computing services. Although outsourcing data to edge servers can bring great convenience, it also brings serious security threats. In order to provide image retrieval while ensuring users' data privacy, a privacy preserving image retrieval scheme in edge environment is proposed. Considering the distributed characteristics of edge computing environment and the requirement for lightweight computing, we present a privacy-preserving image retrieval scheme in edge computing environment, which two or more "honest but curious" servers retrieve the image quickly and accurately without divulging the image content. Compared with other traditional schemes, the scheme consumes less computing resources and has higher computing efficiency, which is more suitable for resource-constrained edge computing environment. Experimental results show the algorithm has high security, retrieval accuracy and efficiency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권5호
• /
• pp.1471-1483
• /
• 2023

One of the fastest-growing mobile services accessible today is mobile payments. For the safety of this service, the Near Field Communication (NFC) technology is used. However, NFC standard protocol has prioritized transmission rate over authentication feature due to the proximity of communicated devices. Unfortunately, an adversary can exploit this vulnerability with an antenna that can eavesdrop or alter the exchanged messages between NFC-enabled devices. Many researchers have proposed authentication methods for NFC connections to mitigate this challenge. However, the security and privacy of payment transactions remain insufficient. We offer a privacy-preserving, anonymity-based, safe, and efficient authentication protocol to protect users from tracking and replay attacks to guarantee secure transactions. To improve transaction security and, more importantly, to make our protocol lightweight while ensuring privacy, the proposed protocol employs a secure offline session key generation mechanism. Formal security verification is performed to assess the proposed protocol's security strength. When comparing the performance of current protocols, the suggested protocol outperforms the others.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권12호
• /
• pp.5189-5208
• /
• 2015

To address the contradiction between data aggregation and data security in wireless sensor networks, a Recoverable Privacy-preserving Integrity-assured Data Aggregation (RPIDA) scheme is proposed based on privacy homomorphism and aggregate message authentication code. The proposed scheme provides both end-to-end privacy and data integrity for data aggregation in WSNs. In our scheme, the base station can recover each sensing data collected by all sensors even if these data have been aggregated by aggregators, thus can verify the integrity of all sensing data. Besides, with these individual sensing data, base station is able to perform any further operations on them, which means RPIDA is not limited in types of aggregation functions. The security analysis indicates that our proposal is resilient against typical security attacks; besides, it can detect and locate the malicious nodes in a certain range. The performance analysis shows that the proposed scheme has remarkable advantage over other asymmetric schemes in terms of computation and communication overhead. In order to evaluate the performance and the feasibility of our proposal, the prototype implementation is presented based on the TinyOS platform. The experiment results demonstrate that RPIDA is feasible and efficient for resource-constrained sensor nodes.

• 인터넷정보학회논문지
• /
• 제10권2호
• /
• pp.29-40
• /
• 2009

인터넷 등의 정보기술의 발전은 기존의 의료기술에 빠른 변화를 가져오면서 e-Healthcare가 사회적 이슈로 등장하고 있다. 의료정보화 패러다임의 새로운 전환점이라 할 수 있는 e-Healthcare는 국내에서 의료정책방안이나 기술개발을 하고 있지만, 아직 의료정보화의 기반이 되는 인프라는 부족한 수준이며 개방된 인터넷 환경 내 역공학적 측면으로 민감한 의료정보 유출 및 프라이버시 침해에 대한 문제가 대두되는 실정이다. 본 논문에서는 앞서 제시한 문제점의 해결방안으로 e-Healthcare환경 내 개인의 의료정보 보호를 위한 역할기반의 접근제어 시스템(HPIP - Health Privacy Information Protection)을 네 가지 주요 메커니즘(사용자 신분확인, 병원 권한확인, 진료기록 접근제어, 환자진단)으로 제안하였으며, 실 환경에서 효과적으로 활용될 수 있도록 프로토타이핑을 통해 그 가능성을 타진해 보았다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권6호
• /
• pp.3199-3218
• /
• 2019

Location-based services (LBSs) have become popular in recent years due to the ever-increasing usage of smart mobile devices and mobile applications through networks. Although LBS application provides great benefits to mobile users, it also raises a sever privacy concern of users due to the untrusted service providers. In the lack of privacy enhancing mechanisms, most applications of the LBS may discourage the user's acceptance of location services in general, and endanger the user's privacy in particular. Therefore, it is a great interest to discuss on the recent privacy-preserving mechanisms in LBSs. Many existing location-privacy protection-mechanisms (LPPMs) make great efforts to increase the attacker's uncertainty on the user's actual whereabouts by generating a multiple of fake-locations together with user's actual positions. In this survey, we present a study and analysis of existing LPPMs and the state-of-art privacy measures in service quality aware LBS applications. We first study the general architecture of privacy qualification system for LBSs by surveying the existing framework and outlining its main feature components. We then give an overview of the basic privacy requirements to be considered in the design and evaluation of LPPMs. Furthermore, we discuss the classification and countermeasure solutions of existing LPPMs for mitigating the current LBS privacy protection challenges. These classifications include anonymization, obfuscation, and an encryption-based technique, as well as the combination of them is called a hybrid mechanism. Finally, we discuss several open issues and research challenges based on the latest progresses for on-going LBS and location privacy research.

• 대한가정학회지
• /
• 제45권5호
• /
• pp.95-119
• /
• 2007

The purpose of this study was to investigate the shopping values(utilitarian and hedonic values) sought and the risks(economic, functional, socio-psychological, and privacy) perceived by consumers who participate in Internet auctions by determining the factors that affect their shopping values and risk perceptions. Empirical data were collected by an Internet survey of netizens who were interested in and had experience in Internet auctions. Questionnaires were distributed to the subjects through an Internet survey site and at an Internet auction cafe. A total of 300 questionnaires were analyzed. The results showed that consumers showed a slightly greater pursuit of a utilitarian value than a hedonic outcome in their Internet auction practices; however the outcomes pursued by consumers in their teens and twenties tended to be more hedonic than utilitarian. Consumers with a higher level of innovation, self-confidence in purchase, and need for information searching showed a greater pursuit of utilitarian and hedonic outcomes. The group of consumers with a higher expectation for legal protection pursued a more utilitarian outcome, whereas the group of consumers with higher influence from the reference group pursued a more hedonic outcome. The consumers showed that they perceived functional risk as boing most serious, followed by privacy risk, economic risk, and socio-psychological risk. Subjects with higher degrees of innovation, self-confidence in purchase and self-control perceived economic risk as critical. Functional risk was perceived to be highest in the group of consumers with self-control and a need for information searching, whereas socio-psychological risk was perceived to be highest in the group of consumers showing more self-control. Privacy risk was perceived to be highest in the group of consumers with a higher degree of innovation and lowest in both groups of higher and lower affection. Both economic and privacy risks were perceived to be lower in the group of lower pursuit of a hedonic outcome.

• 한국콘텐츠학회논문지
• /
• 제16권9호
• /
• pp.329-338
• /
• 2016

물리적인 세계의 모든 사물들이 디지털화되고 통신이 이루어지는 사물인터넷(Internet of Things; IoT) 기술은 새로운 패러다임으로 부각되고 있고 편리하고 효율적인 생활을 제공할 것으로 기대되고 있다. 그러나 성공적인 기술의 실현을 위해서는 IoT 보안이라는 중요한 선결 이슈가 존재하며, 특히 인간과 직접 관계된 사물 통신이라는 점에서 프라이버시 보호는 더욱 중요시 될 것으로 예상된다. 본 논문에서는 IoT 환경에서의 보안과 프라이버시 위협에 대해 기술하고, 쇼단(인터넷에 연결된 라우터, 스위치, 공유기, 웹캠, IoT기기 등을 찾아주는 합법적인 백도어 검색엔진)을 통한 IoT 장비의 보안과 프라이버시 노출 가능성을 지적한다. 마지막으로 현재 많이 사용되고 있는 네트워크 카메라의 실제 사례들을 통해 프라이버시 보안 위협들을 비교하며 대응방안에 대해 기술한다.

• 정보화정책
• /
• 제17권1호
• /
• pp.43-62
• /
• 2010

우리나라의 대표적인 개인 정보는 주민등록번호라고 할 수 있다. 정보화의 급속한 진전과 발전 그리고 인터넷이 우리 생활의 일부가 되기 시작하면서 가상공간에서 개인 정보 보호에 대한 문제가 제기되기 시작하였다. 특히 가상 공간에서의 주민등록번호 사용은 개인 정보 오남용 등의 프라이버시 침해와 관련한 여러 가지 사회 문제들을 야기하고 있다. 가상 공간에서 주민등록번호 사용으로 발생하는 이와 같은 문제들을 해결하기 위해 정부는 2000년대 초반부터 가상 공간에서 주민등록번호를 대체할 수 있는 수단을 꾸준히 모색해 왔고, 그 결과 2006년 10월 이후부터 5개 민간 기관이 참여한 '인터넷 주민등록번호 대체 수단(i-PIN)' 서비스를 시행하고 있다. 하지만 i-PIN 도입 이후에도 개인 정보 침해 사건의 감소는 이루어 지지 않았고, 오히려 대형의 개인 정보 유출 사건이 빈번히 발생했다. 이런 상황들은 i-PIN의 성공적인 정착의 필요성, 가상공간에서의 개인 정보 보호의 중요성을 일깨워 주고 있다. 따라서 이 논문은 i-PIN 정책이 성공적으로 정착할 수 없었던 이유를 분석하고자 했다. 현재 정부의 주민등록번호 대체 수단인 i-PIN을 정책집행에 관한 이론 모형으로 분석하여 안전한 주민등록 번호 대체 수단의 효율적인 구현 방안을 모색하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권9호
• /
• pp.4442-4466
• /
• 2016

This paper proposes a privacy-preserving aggregation scheme based on the designed P-Gene (PAPG) for sensor networks. The P-Gene is constructed using the designed erasable data-hiding technique. In this P-Gene, each sensory data item may be hidden by the collecting sensor node, thereby protecting the privacy of this data item. Thereafter, the hidden data can be directly reported to the cluster head that aggregates the data. The aggregation result can then be recovered from the hidden data in the cluster head. The designed P-Genes can protect the privacy of each data item without additional data exchange or encryption. Given the flexible generation of the P-Genes, the proposed PAPG scheme adapts to dynamically changing reporting nodes. Apart from its favorable resistance to data loss, the extensive analyses and simulations demonstrate how the PAPG scheme efficiently preserves privacy while consuming less communication and computational overheads.

• 한국경영정보학회:학술대회논문집
• /
• 한국경영정보학회 2008년도 춘계학술대회
• /
• pp.493-517
• /
• 2008

The purpose of this research is to identify effect of communication strategy as effectively communication method which is decreasing Internet Web site users' perceived information privacy concerns as important factor affecting to positive behavior or behavioral intentions on long-term relational outcome perspectives. This study suggests alternatives concepts and causal relationship about information privacy issues. First, it addressed collaborative communication strategy (CCS) model of effective communication method for Web site's IPP to users. Second, it provided comparing and integrating streams of information privacy research on long-term relational outcomes perspective. Third, it assessed effectiveness of Web site's IPP on organization legitimacy ensured continuous survival of organization. A research model was proposed and subsequent hypotheses were empirically tested with partial least square (PLS) based on 684 responses from the users of 21 Internet Website among entirely finance, recruit, portal /e-store Web site. It was learned that CCS(as a communication method) and relationship quality(representing long-term relational outcomes)was positively associated with decreasing user's IPC more than privacy risk. Also, legitimacy to information privacy practice positively associated with willingness to information providing more than negative effect of IPC. Lastly, their association strength was partially moderated by the type of real information sensitivity.