• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.

• The Journal of Society for e-Business Studies
• /
• v.19 no.4
• /
• pp.135-150
• /
• 2014

As the collection and use of personal information increases, the accidents that abuse and leak personal information are continuously increasing. The nation has established new laws and strengthened related laws for the prevention of the mass leakage of personal information and the secondary damage due to the leaked personal information. The nation also established the guidelines that need to be implemented by the institutions handling personal information for the safety of the personal information. For the efficient implementation of guidelines under the limited time and resources, it is necessary to establish the priorities between guidelines. This paper compares the relative importance of the guidelines by AHP (Analytic Hierarchy Process) technique. We performed the analysis on two expert groups, the group of consultants working in information security consulting company and the group of information security staffs handling personal information directly in the company. We compared the differences between groups and recommended the relative importances of the guidelines.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.3
• /
• pp.23-28
• /
• 2016

As a large portal sites are beginning to replace the function of the mass media, new risks began to raise. It remained without being deleted that data written to the internet was a serious privacy problem occurs. The sensitive information was inferred based on the personal data recorded in the past and also another personal information leakage itself. Witch-hunt through the personally identifiable rob has emerged as a serious social problem and damage to the parties not be able to live a normal life. In this paper, we propose the study on the need for a 'right to be forgotten' to delete the personal information relating to on-line through international case studies and activation measures. At the same time, we proposed improvement measures, such as encryption management, ownership inheritance, and blind treatment.

• The Journal of Information Systems
• /
• v.23 no.3
• /
• pp.99-125
• /
• 2014

Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations's information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.

• Journal of KIISE
• /
• v.45 no.3
• /
• pp.294-302
• /
• 2018

With the emergence of the new service industry due to the development of information and communication technology, cyber space risks such as personal information infringement and industrial confidentiality leakage have diversified, and the security problem has emerged as a critical issue. In this paper, we propose a behavior-based anomaly detection method that is suitable for real-time and large-volume data analysis technology. We show that the proposed detection method is superior to existing signature security countermeasures that are based on large-capacity user log data according to in-company personal information abuse and internal information leakage. As the proposed behavior-based anomaly detection method requires a technique for processing large amounts of data, a real-time search engine is used, called Elasticsearch, which is based on an inverted index. In addition, statistical based frequency analysis and preprocessing were performed for data analysis, and the DBSCAN algorithm, which is a density based clustering method, was applied to classify abnormal data with an example for easy analysis through visualization. Unlike the existing anomaly detection system, the proposed behavior-based anomaly detection technique is promising as it enables anomaly detection analysis without the need to set the threshold value separately, and was proposed from a statistical perspective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1271-1282
• /
• 2012

Recently, security incidents occur continuously, resulting in the leakages of a large amount of the company's confidential and private information. For these reasons, the security technologies such as the authentication and the access control in order to prevent the information leakage are attracting attention. In particular, location-based authentication that utilizes the user's current location information which is used an authentication factor. And it provides more powerful authentication by controlling the users who attempt to access and blocks internal information leakage path. However, location information must be handled safely since it is the personal information. The location based authentication scheme proposed in this paper enhances the stability of the process location information compared with existing relevant location-based authentication protocol. Also it strengthens the end-user authentication by using one-time password. In addition, the proposed scheme provides authentication to prevent information leakage and employs the concept of the user's physical access control. Resultingly, the proposed scheme can provide higher security than the previous studies, while guarantee to low communication cost.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.11
• /
• pp.101-105
• /
• 2012

Various social problems through violating personal information and privacy are growing with the rapid spread of smartphones. For this reason, variety of researches and technology developments to protect personal information being made. The smartphone, contains almost all of the personal information, can cause data spill at any time. Collecting or analyzing evidence is not an easy job with forensic analyzing tool. Android forensics research has been focused on techniques to collect and analyze data from non-volatile memory but research for volatile data is very slight. Android log is the non-volatile data that can be collected by volatile storage. It is enough to use as a material to track the usage of the Android phone because all of the recent driven records from system to application are stored. In this paper, we propose a method to respond to determining the existence of personal information leakage by filtering logs without forensic analysis tools.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.559-560
• /
• 2017

Recently, as the problem of personal information leakage has emerged, studies on data collection and web document classification have been made. The existing system judges only the existence of personal information, and there is a problem in that unnecessary data is not filtered because classification of documents published by the same name or user is not performed. In this paper, we propose a system that can identify the types of data or homonyms using the crawler and morphological analyzer for solve the problem. The user collects personal information on the web through the crawler. The collected data can be classified through the morpheme analyzer, and then the leaked data can be confirmed. Also, if the system is reused, more accurate results can be obtained. It is expected that users will be provided with customized data.