• The Journal of Bigdata
• /
• v.5 no.2
• /
• pp.43-52
• /
• 2020

With the development of data technology, storing and sharing of data has increased, resulting in privacy invasion. Although de-identification technology has been introduced to solve this problem, it has been proved many times that identifying individuals using de-identified data is possible. Even if it cannot be completely safe, sufficient de-identification is necessary. But current laws and regulations do not quantitatively specify the degree of how much de-identification should be performed. In this paper, we propose an appropriate de-identification criterion considering the time required for re-identification. We focused on the case of using the k-anonymity model among various privacy models. We analyzed the time taken to re-identify data according to the change in the k value. We used a re-identification method based on linkability. As a result of the analysis, we determined which k value is appropriate. If the generalized model can be developed by results of this paper, the model can be used to define the appropriate level of de-identification in various laws and regulations.

• Journal of KIISE
• /
• v.44 no.1
• /
• pp.21-26
• /
• 2017

In recent years, new technologies such as Internet of Things, Cloud Computing and Big Data are being widely used. And the type and amount of data is dramatically increasing. This makes security an important issue. In terms of leakage of sensitive personal information. In order to protect confidential information, a method called anonymization is used to remove personal identification elements or to substitute the data to some symbols before distributing and sharing the data. However, the existing method performs anonymization by generalizing the level of quasi-identifier hierarchical. It requires a higher level of generalization in case where k-anonymity is not satisfied since records in data table are either added or removed. Loss of information is inevitable from the process, which is one of the factors hindering the utility of data. In this paper, we propose a novel anonymization technique using decision tree based machine learning to improve the utility of data by minimizing the loss of information.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.10
• /
• pp.2750-2759
• /
• 2009

In this paper, we analyze vulnerabilities in a remote authentication protocol using smartcards which was proposed by Bindu et al. and propose an improved scheme. The proposed scheme can prevent from restricted replay attack and denial of service attack by replacing time stamp with random number. In addition, this protocol can guarantee user anonymity by transmitting encrypted user's ID using AES cipher algorithm. The computational load in our protocol is decreased by removing heavy exponentiation operations and user efficiency is enhanced due to addition of password change phase in which a user can freely change his password. Furthermore, we really implement the proposed authentication protocol using a STM smartcard and authentication server. Then we prove the correctness and effectiveness of the proposed remote authentication system.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2010.07a
• /
• pp.377-380
• /
• 2010

사이버명예훼손이란 사이버공간에서 행해지는 명예훼손으로, 기존 명예에 관한 죄가 인터넷 등 사이버공간에서 행해지는 것을 말한다. 즉 오늘날 글로벌 커뮤니케이션 수단으로 활용되고 있는 월드와이드웹을 통하여 동시성, 의사소통의 쌍방향성, 접근의 용이성, 익명성의 특징을 갖는 사이버공간에서 나타나는, 사이버공간의 대표적 반작용 중의 하나이다. 이 연구에서는 사이버명예훼손과 관련된 개념 및 유형과 특성을 살펴보고 선진 각국의 입법례를 살펴본 후, 우리나라의 대응 방안과 관련된 시사점을 제시하고자 한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.4
• /
• pp.51-62
• /
• 2010

This paper proposes RSA cryptosystem based anonymous electronic prescription which is issued from university and local hospitals by authorized medical professionals. Electronic prescription is now being used in domestic hospitals where sharing medical records and images are prevailing, facilitated by digitalizing medical information and building network infrastructure between the institutes. Proposed RSA based anonymous electronic prescription makes use of PKI protects the identity exposure of doctors and privacy of patients. While traditional prescription fails to protect identities to mandates party or to health insurance, the proposed RSA based prescription opens the contents of the prescription to health insurance authority only after its prescribing function is finished. The proposed approach along with soon to be deployed electronic ID card will help national health insurance corporation to increase the transparency of national prescription system.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.4 s.304
• /
• pp.25-32
• /
• 2005

The spread of mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into 'Smart space' augmented with intelligence and enhanced with services. However, the deployment of this computing paradigm in real-life is disturbed by poor security, particularly, the lack of proper authentication and authorization techniques. Also, it is very important not only to find security measures but also to preserve user privacy in ubiquitous computing environments. In this Paper, we propose efficient user authentication and authorization model with anonymity for the privacy-preserving for ubiquitous computing environments. Our model is suitable for distributed environments with the computational constrained devices by using MAC-based anonymous certificate and security association token instead of using Public key encryption technique. And our Proposed Protocol is better than Kerberos system in sense of cryptographic computation processing.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.99-106
• /
• 2014

In this paper, we analyze weaknesses of the biometrics-based user authentication scheme proposed by An. The result of analysis An's authentication scheme by the login success scenario proposed in this paper, if the attacker successes to get user's random number, he/she can pass user authentication phase of the legal server. Also the biometrics guessing scenario proposed in this paper shows the legal user's the biometric information is revealed in lost smart card. Since An's authentication scheme submit user ID and biometrics in plain text to the server, it is very vulnerable to inner attack and it is not provide the user anonymity to the server as well as the one to the third by user ID in plain text. Besides An's authentication scheme is contextual error too, due to this, it has weakness and so on that it did not check the validity of the smart card holder.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.10
• /
• pp.2316-2322
• /
• 2013

Due to the development of ICT, with using hardwares such as WiFi, 3G and GPS and so on, smartphone could have provided a lot of applications with novel functions rapidly. Through such applications, lots of personal information such as personal location, personal images, and list of phone calls is created, saved and widely used. Because there is lots of leakage of the stored personal information due to loss of phone and application, privacy violation have been important issue nowadays. Smartphone with GPS and Internet provides location information. To protect the information, the technologies that only the authorized user can access it while inquiring the location information have been proposed. In this paper, to minimize the identification information for location information subject and information user and anonymize the identifiable information such as phone number, we proposed a model that can reduce the leakage of information and avoid the wrong usage of the stored information in the server. This technique will be used for protecting privacy when developing the application that provides routing service through location history information.

• CRM연구
• /
• v.4 no.1
• /
• pp.35-54
• /
• 2011

Organizing and maintaining customer-based online communities are becoming increasingly important in current business environment. Companies can utilize the member generated contents in developing their products and services and they can establish close relationships with their customers. This paper investigates how customer-based online communities increase individual members' contributive behaviors. Drawing on the social psychology literature, this study adopts the concept of self-discrepancy rooted in self-identity and derive an index for self-discrepancy by using the differences between actual and virtual self-identities. Furthermore, this study examines the relationship between the self-discrepancy and the anonymity-related psychological factors (autonomy, recovery, and catharsis), which in turn influence quality and quantity of contribution. Analysis of 114 respondents showed that self-discrepancy between actual and virtual selves has two different sub-dimensions (personal self-discrepancy and social sel f-discrepancy) and each dimension has different effect on the quality and quantity of contribution through the mediation of autonomy and recovery. Notably, catharsis negatively influenced quality of contribution. Theoretical and practical implications are discussed based on the major findings.

• Annual Conference of KIPS
• /
• 2005.11a
• /
• pp.67-70
• /
• 2005

현대사회에서는 자신도 알지못하는 많은 정보들이 유포된다. 이때 정보들은 개인의 익명성을 보장하기위해 성명, 성별, 주민등록번호와 같은 개인식별 애트리뷰트를 생략한채로 유포된다. 그러나 널리퍼져있는 이러한 정보들은 다른 외부 정보와 조인되므로써 유일하게 개인을 식별하게끔 하는 조인공격을 받을 수 있다. 하지만 이러한 조인공격시 여러데이터가나오게하므로써 개인식별을 어렵게 또는 불가능하게하는 방법을 k-anonymization이라고하고 이러한 k-anonymization을 지원하는 방법으로 이전부터 여러가지가 있다. 이전의 방법들로는 각 subset마다 k-anonymization을 검사해야했으나 Lefevre와 DeWitt가 제안한 Incognito 방법을 사용하면 한번의 검사로 모든k-anonymization을 보장할 수 있다. 이 논문에서는 이러한 Incognito를 bitmap index를 사용하므로써 성능을 개선시키는 기법을 제시한다.