• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.25-36
• /
• 2019

With the development of information and communication technology, hospitals that electronically process and manage medical information of patients are increasing. However, if medical information is processed electronically, there is still room for infringing personal information of the patient or medical staff. Accordingly, in 2017, the International Organization for Standardization (ISO) published ISO TS 25237 Health Information - Pseudonymization[1]. In this paper, we examine the re - identification process based on ISO TS 25237, the procedure and the problems of our proposed method. In addition, we propose a new processing scheme that adds a re-identification procedure to our secure differential privacy method [2] by keeping a mapping table between de-identified data sets and original data as ciphertext. The proposed method has proved to satisfy the requirements of ISO TS 25237 trust service providers except for some policy matters.

• Journal of Labour Economics
• /
• v.30 no.1
• /
• pp.31-53
• /
• 2007

This paper, using the sample of male workers in manufacturing industry from the HCCP (Human Capital Corporate Panel) data, analyzes the effects of trade union on the level and dispersion of wages. One of the advantages of the HCCP data is that it enables a researcher to control the effect of individual firm's 'ability to pay' on wage. All relevant variables controlled, the union effect is estimated to be 5-8%. Yet this figure seriously underestimates the wage advantage enjoyed by union workers, because union sets the "price" for experience low and the price for tenure high and at the same time extends tenure of workers by adopting strong employment protection policy. The paper also analyzes the effects of union on the wage inequality. The results are mixed: overall wage inequality is smaller in union sector while standard deviation is larger when all the personal characteristics are controlled.

• Journal of the Korean Society of Fisheries and Ocean Technology
• /
• v.56 no.2
• /
• pp.155-162
• /
• 2020

The adjudication of Korean Maritime Safety Tribunal (KMST) was analyzed to collect basic data to identify the cause of the risk that did not appear in the current data provided by the fishermen's occupational accidents of the National Federation of Fisheries Cooperative (NFFC) in stow net fishing vessel from 2015 to 2019. The personnel's carelessness was the most common in 29 out of 33 accidents (87.9%), followed by 25 cases (75.8%) of inadequacy of instructions, 24 cases (72.7%) of inadequacy of education on hazard factor, 20 cases (60.6%) of no personal protection equipment, 18 cases (54.5%) of poor guard, 17 cases (51.5%) of inadequacy of work method, 16 cases (48.5%) of absence of emergency stop button, 14 cases (42.4%) of work practice of poor safety precautions that affected more than 40% of all accidents as accident causes. These causes had a strong influence on each other, and the ratio of accident causes is high. With this relationship, accidents can be prevented or the severity of human injury can be reduced if types of accident process can be estimated with a scenario, and the key points before the accident in the scenario are switched to safe points.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.8
• /
• pp.2827-2848
• /
• 2021

Mobile Crowdsourcing (MCS) has become an emerging paradigm evolved from crowdsourcing by employing advanced features of mobile devices such as smartphones to perform more complicated, especially spatial tasks. One of the key procedures in MCS is to collect answers from mobile users (workers), which may face several security issues. First, authentication is required to ensure that answers are from authorized workers. In addition, MCS tasks are usually location-dependent, so the collected answers could disclose workers' location privacy, which may discourage workers to participate in the tasks. Finally, the overhead occurred by authentication and privacy protection should be minimized since mobile devices are resource-constrained. Considering all the above concerns, in this paper, we propose a lightweight and privacy-preserving answer collection scheme for MCS. In the proposed scheme, we achieve anonymous authentication based on traceable ring signature, which provides authentication, anonymity, as well as traceability by enabling malicious workers tracing. In order to balance user location privacy and data availability, we propose a new concept named current location privacy, which means the location of the worker cannot be disclosed to anyone until a specified time. Since the leakage of current location will seriously threaten workers' personal safety, causing such as absence or presence disclosure attacks, it is necessary to pay attention to the current location privacy of workers in MCS. We encrypt the collected answers based on timed-release encryption, ensuring the secure transmission and high availability of data, as well as preserving the current location privacy of workers. Finally, we analyze the security and performance of the proposed scheme. The experimental results show that the computation costs of a worker depend on the number of ring signature members, which indicates the flexibility for a worker to choose an appropriate size of the group under considerations of privacy and efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.565-577
• /
• 2019

In recent years, biometric authentication has been used for various applications. Since biometric features are unchangeable and cannot be revoked unlike other personal information, there is increasing concern about leakage of biometric information. Recently, Jin et al. proposed a new cancelable biometric scheme, called "Index-of-Max" (IoM) to protect fingerprint template. The authors presented two realizations, namely, Gaussian random projection-based and uniformly random permutation-based hashing schemes. They also showed that their schemes can provide high accuracy, guarantee the security against recently presented privacy attacks, and satisfy some criteria of cancelable biometrics. However, the authors did not provide experimental results for other biometric features (e.g. finger-vein, iris). In this paper, we present the results of applying Jin et al.'s scheme to iris data. To do this, we propose a new method for processing iris data into a suitable form applicable to the Jin et al.'s scheme. Our experimental results show that it can guarantee favorable accuracy performance compared to the previous schemes. We also show that our scheme satisfies cancelable biometrics criteria and robustness to security and privacy attacks demonstrated in the Jin et al.'s work.

• Journal of Korean Society of Disaster and Security
• /
• v.11 no.2
• /
• pp.75-82
• /
• 2018

The purpose of this study is designed to apply the model of the problem-based learning in the class of Disaster Psychology and then analyze the experiences that its students felt. The participants in this research are 56 undergraduates. The class of Disaster Psychology was conducted with blended learning using lecture and PBL. The PBL problem should be solved just for 3 weeks. The data collected after the class is an analysis of the PBL problem, log on group activities, personal reflection diary, Group evaluation. Then, each data should be collected and analyzed quantitatively through the repetitive comparison, and the triangle-measurement. The findings suggest that there is a remarkable educational learning experience in seven categories: acquire expertise, confidence, practical problem-solving skill, communication ability, roles of calling, efficacy, change in perspective. This study introduces a case of PBL course development and expects subsequent applications and research.

• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.21-30
• /
• 2021

With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.291-307
• /
• 2021

There has been global efforts to prevent the further spread of the COVID-19 and get society back to normal. 'Contact tracing' is a crucial way to detect the infected person. However the contact tracing makes another concern about the privacy violation of the personal data of infected people, released by governments. Therefore Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. However, in order to provide the improved tracing application, it is necessary to identify potential security threats and investigate vulnerabilities for systematically. In this paper, we provide security analysis of Privacy-Preserving COVID-19 Contact Tracing App with STRIDE and LINDDUN threat models. Based on the analysis, we propose to adopt a verifiable computation scheme, Zero-knowledge Succinctness Non-interactive Arguments of Knowledges (zkSNARKs) and Public Key Infrastructure (PKI) to ensure both data integrity and privacy protection in a more practical way.

• Journal of Digital Convergence
• /
• v.19 no.2
• /
• pp.1-12
• /
• 2021

With the recent 4th Industrial Revolution, the growth and value of big data are continuously increasing, and the government is also actively making efforts to open and utilize public data. However, the situation still does not reach the level of demand for public data use by citizens, At this point, it is necessary to identify research trends in the public data field and seek directions for development. In this study, in order to understand the research trends related to public data, the analysis was performed using topic modeling, which is mainly used in text mining techniques. To this end, we collected papers containing keywords of 'Public data' among domestic and foreign research papers (1,437 domestically, 9,607 overseas) and performed topic modeling based on the LDA algorithm, and compared domestic and foreign public data research trends. After analysis, policy implications were presented. Looking at the time series by topic, research in the fields of 'personal information protection', 'public data management', and 'urban environment' has increased in Korea. Overseas, it was confirmed that research in the fields of 'urban policy', 'cell biology', 'deep learning', and 'cloud·security' is active.

• The Journal of KAIRB
• /
• v.4 no.2
• /
• pp.36-41
• /
• 2022

Purpose: The purpose of this study is to evaluate how university hospital Institutional Review Boards (IRBs) in Korea classify risk when reviewing clinical trial protocols. Methods: IRB experts (IRB chairman, vice chairman, IRB administrator) in the university hospitals obtaining a Human research protection program (HRPP) or IRB accreditation in Korea were asked to fill out the Google Survey from September 1, 2020 to October 10, 2020. Result: Among the 23 responder hospitals, 8 were accredited by the American Association for Human Research Protection Program (AAHRPP) and 8 were accredited by the HRPP of Ministry of Food and Drug Safety (MFDS). Seven were accredited by Forum for Ethical Review Committees in Asia and the Western Pacific or Korea National Institution for Bioethics Policy. Thirteen of 23 hospitals (56.5%) had 4 levels (less than minimal, low, moderate, high risk), 4 hospitals had 3 levels (less than, slightly over, over than minimal risk), 1 hospital had 5 levels (4 levels plus required data safety monitoring board), and 1 hospital had 2 levels (less than, over than minimal risk) risk classification system. Thirteen of 23 hospitals (56.5%) had difficulty classifying the risk levels of research protocols. Fourteen hospitals (60.9%) responded that different standards among hospitals for risk level determination associated with clinical trials will affect the subject protection. Six hospitals (26.1%) responded that it will not. Three hospitals (13.0%) responded that it will affect the beginning of the clinical trial. To resolve differences in standards between hospitals, 14 hospitals (60.9%) responded that either the Korean Association of IRB or MFDS needs to provide a guideline for risk level determination in clinical trials: 5 hospitals (21.7%) responded education for IRB members and researchers is needed; 3 hospitals (13.0%) responded that difference among institutions needs to be acknowledged; and 1 hospital (4.3%) responded that there needs to be communication among IRB, investigator, and sponsor. Conclusion: After conducting a nationwide survey on how IRB in university hospital determines risk during review of clinical trials, it is reasonable to use 4-level risk classification (less than minimal, low, moderate, high risk); the most utilized method among hospitals. Moreover, personal information and conflict of interest associated with clinical trials have to be considered when reviewing clinical trial protocols.