• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.7
• /
• pp.3699-3719
• /
• 2017

Conjunctive keyword search encryption is an important technique for protecting sensitive personal health records that are outsourced to cloud servers. It has been extensively employed for cloud storage, which is a convenient storage option that saves bandwidth and economizes computing resources. However, the process of searching outsourced data may facilitate the leakage of sensitive personal information. Thus, an efficient data search approach with high security is critical. The multi-user search function is critical for personal health records (PHRs). To solve these problems, this paper proposes a novel multi-user conjunctive keyword search scheme (mNCKS) without a secure channel against keyword guessing attacks for personal health records, which is referred to as a secure channel-free mNCKS (SCF-mNCKS). The security of this scheme is demonstrated using the Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions in the standard model. Comparisons are performed to demonstrate the security advantages of the SCF-mNCKS scheme and show that it has more functions than other schemes in the case of analogous efficiency.

• Journal of Korean Society for Quality Management
• /
• v.45 no.3
• /
• pp.583-594
• /
• 2017

Purpose: The purpose of this study is how personal information protection risks affect the intention to use domestic smart banking services. VAM(Value based Adoption Model) model is validated as a theoretical background, selecting ease of use, usefulness and perceived security as a benefit factor, and considers perceived cost, technical complexity, and risk of personal information leakage as a sacrifice factor. Methods: The method of this study used questionnaire survey to collect 365 data on suer's perception on smart banking services, and also performed a structural equation modeling method using by AMOS 23. Results: The result of this paper shows that all hypothesis are accepted statistically significant except 1 hypothesis. Conclusion: This research is concluded that perceived value is affected on statistically positive impact on ease of use, usefulness and perceived security, and negative impact on perceived cost and risk of personal information violation, not statistically technical complexity.

• The Journal of Information Systems
• /
• v.23 no.3
• /
• pp.99-125
• /
• 2014

Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations's information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.109-116
• /
• 2014

Personal information leakage in financial corporations including three card corporations has occurred constantly this year. It is due to incomplete encryption system and negligent personal security. Solicitors are known as a cause of information leakage because they operate with leaked information. Information leakage can cause secondary damage with mental demage to person and result in a drop in reliability as well as an operating loss in financial corporations. Also because it can destroy a base of credit society, prevention of recurrence is badly needed. The government finally announced 'general measures for prevention of information leakage in the field of finance' with sanctions reinforcement and restriction to collect, possess, provide personal information as the main agenda. And a related law revision is going in the National Assembly. In this paper, effectiveness of government measures is weighed with the cause analysis of information leakage and countermeasure for prevention of information leakage is found.

• Journal of Internet Computing and Services
• /
• v.5 no.1
• /
• pp.99-111
• /
• 2004

Two general security measures in computing networks are secure data transmission and user authentication, These problems are still critical in the wireless LAN environments. Thus security becomes most significant issue in personal network environments and ubiquitous networks based on wireless LANs. We purpose a new authentication system for these kind of environments, and coined it UPMA(Ubiquitous Personal Mutual Authen-tication) model. UPMA supports authenticating configurations which provides personal verification for each system. It guarantees secure communications through the session key setup, and provides mutual authentication by verifying each user and his/her station. UPMA solves security problems in ubiquitous networks without accessing authentication server, Instead it performs mutual authentication between terminals or between systems. It is a global authentication system which enables global roaming service through the Internet or other public networks, It can be used to guarantee safe and convenient access to a company Intranet or to a home network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.637-651
• /
• 2017

In order for a financial company to collect personal information, it explicitly notifies consumers of the contents stipulated by law and gets consent beforehand. As a result, as financial products became more complicated and diverse, and the contents of 'Consent form for providing personal information' became more complicated and more. In particular, in the case of internet or mobile, the letter became smaller as the screen size limit, making it more difficult to understand. This is because almost all companies that collecting personal information are in a similar situation, In the position of consumers who use services are, contradictions arise that habitually agree without understanding the consent contents. In this research, in order to present a consent policy establishment decision-making model to rationally collect and use personal information through the Internet website of financial companies, consider the domestic and foreign legal system Then, derive a problem To present improvement measures. In addition, the evaluation factors selected through the research are verified by presenting decision making models and formulas using AHP (Analytic Hierarchy Process) method.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.29-38
• /
• 2019

For that reason, trend research has been actively conducted to identify and analyze the key topics in large amounts of data and information. Also personal information protection field is increasing activities in order to identify prospects and trends in advance for preemptive response. However, only research based on technology such as trends in information security field and personal information protection solution is broadly taking place. In this study, threat-based trends in personal information protection field is analyzed through text mining method. This will be the key to deduct undiscovered issues and provide visibility of current and future trends. Policy formulation is possible for companies handling personal information and for that reason, it is expected to be used for searching direction of strategy establishment for effective response.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.77-82
• /
• 2010

Cloud computing is defined as numerous concepts by research institutions and scholars. However, due to the present business trend in the IT sector, emphasizing on cost and efficiency, cloud computing has been defined as a form of computing which can provide extendable mass storage components in the virtual environment. As a result, security issues have been arising due to the variety of cloud computing services provided by the industries. This paper aims to analyze the weaknesses such as security techniques and inquiries, and personal information protection required for various cloud computing services.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.591-594
• /
• 2014

Due to the spread of personal computers and the development of network, the information age has come and a variety of information has been flooded. Accordingly, individuals and companies have been a lot of attention to information security. However personal information leaks have been happening constantly in Korea. Nevertheless, awareness of security of personal information have been treated carelessly in society. In this paper, we will survey foreign awareness of personal information, specific cases for information leaks, and coping methods.

• Asia pacific journal of information systems
• /
• v.24 no.3
• /
• pp.299-323
• /
• 2014

The reason location based service is drawing attention recently is because smart phones are being supplied increasingly. Smart phone, basically equipped with GPS that can identify location information, has the advantage that it can provide contents and services suitable for the user by identifying user location accurately. Offering such diverse advantages, location based services are increasingly used. In addition, for use of location based services, release of user's personal information and location data is essentially required. Regarding personal information and location data, in addition to IT companies, general companies also are conducting various profitable businesses and sales activities based on personal information, and in particular, personal location data, comprehending high value of use among personal information, are drawing high attentions. Increase in demand of personal information is raising the risk of personal information infringement, and infringements of personal location data also are increasing in frequency and degree. Therefore, infringements of personal information should be minimized through user's action and efforts to reinforce security along with Act on the Protection of Personal Information and Act on the Protection of Location Information. This study aimed to improve the importance of personal information privacy by empirically analyzing the effect of perceived values on the intention to strengthen location information security and continuously use location information for users who received location-based services (LBS) in mobile environments with the privacy calculation model of benefits and risks as a theoretical background. This study regarded situation-based provision, the benefit which users perceived while using location-based services, and the risk related to personal location information, a risk which occurs while using services, as independent variables and investigated the perceived values of the two variables. It also examined whether there were efforts to reduce risks related to personal location information according to the values of location- based services, which consumers perceived through the intention to strengthen security. Furthermore, it presented a study model which intended to investigate the effect of perceived values and intention of strengthening security on the continuous use of location-based services. A survey was conducted for three hundred ten users who had received location-based services via their smartphones to verify study hypotheses. Three hundred four questionnaires except problematic ones were collected. The hypotheses were verified, using a statistical method and a logical basis was presented. An empirical analysis was made on the data collected through the survey with SPSS 12.0 and SmartPLS 2.0 to verify respondents' demographic characteristics, an exploratory factor analysis and the appropriateness of the study model. As a result, it was shown that the users who had received location-based services were significantly influenced by the perceived value of their benefits, but risk related to location information did not have an effect on consumers' perceived values. Even though users perceived the risk related to personal location information while using services, it was viewed that users' perceived value had nothing to do with the use of location-based services. However, it was shown that users significantly responded to the intention of strengthening security in relation to location information risks and tended to use services continuously, strengthening positive efforts for security when their perceived values were high.