• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2674-2697
• /
• 2019

Identity authentication is a crucial line of defense for network security, and passwords are still the mainstream of identity authentication. So far trawling password attacking has been extensively studied, but the research related with personal information is always sporadic. Probabilistic context-free grammar (PCFG) and Markov chain-based models perform greatly well in trawling guessing. In this paper we propose a systematic targeted attacking model based on structure partition and string reorganization by migrating the above two models to targeted attacking, denoted as TG-SPSR. In structure partition phase, besides dividing passwords to basic structure similar to PCFG, we additionally define a trajectory-based keyboard pattern in the basic grammar and introduce index bits to accurately characterize the position of special characters. Moreover, we also construct a BiLSTM recurrent neural network classifier to characterize the behavior of password reuse and modification after defining nine kinds of modification rules. Extensive experimental results indicate that in online attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 275%, and respectively outperforms its foremost counterparts, Personal-PCFG, TarGuess-I, by about 70% and 19%; In offline attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 90%, outperforms Personal-PCFG and TarGuess-I by 85% and 30%, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.299-308
• /
• 2019

As the utilization value of personal information becomes higher, discussions about providing personal information are being conducted actively. One of the most common methods of providing personal information is that a group obtains a personal information with a consent of individual. However, the above method has 2 problems. First, more information is exposed than the information required by organization for utilization of personal information. Second, trusted party should provide organization with an authentication of personal information whenever they require personal information. To solve these problems, we propose a personal information management system with blockchain using zk-SNARK(zero-knowledge Succinct Non-interactive ARgument of Knowledge) for privacy. Our proposal enables individuals to guarantee reliability of their information and protect their privacy concurrently using zk-SNARK when they provid organization with their personal information. In addition, it is possible to manage the personal information data while ensuring the integrity of the data using blockchain and it is possible to share the personal information more conveniently than existing systems.

• Information Systems Review
• /
• v.17 no.1
• /
• pp.141-169
• /
• 2015

Electronic financial accidents are constantly happening and these accidents are taking place by a combination of several causes such as technique, human, and structure. Among electronic financial accidents, personal information disclosure is most frequently happening and becomes big problems, because secondary damage like voice phishing causes great loss to society. This research model is that financial information security compliance affects the crisis response of financial institutions and financial authorities and these crisis responses affect financial information security trust. Research target is people who experienced the disclosure of their own financial information. For empirical verification, survey questionnaires were distributed and total 103 questionnaires were collected and analyzed. As results of data analysis, all hypotheses were accepted. First, financial information security compliance influenced the crisis response of financial institutions and authorities. Second, the crisis response of financial institutions and authorities affect financial information security trust. Third, at the moderating effect analysis, the importance of personal financial information moderated the effect of the crisis response of financial institutions on financial information security trust. And the disclosure level of personal financial information moderated the effect of the crisis response of financial authorities on financial information security trust.

• The Journal of the Korea Contents Association
• /
• v.14 no.6
• /
• pp.1-10
• /
• 2014

Through the development of internet mobile devices and online business activation, sensitive data of unspecified user is being easily exposed. In such an open business environment, the outflow of sensitive personal information has often been remarked on recently for which adoption of encryption solution for database became top priority in terms of importance. In 2011, government also legislated for the protection of personal information as an information network law, and is now applying the law to a variety of industries. Firms began to comply with these regulations by establishing various measures for protection of personal information and are now quickly introducing encryption solution to reinforce security of personal information they are managing. In this paper, I present architecture and technological parts that should be considered when introducing security solution.

• Journal of Information Management
• /
• v.36 no.1
• /
• pp.125-154
• /
• 2005

Due to the development of Internet and the collection and usage of the individual information, the infringements of the personal data have been increased rapidly. Regarding the personal data protection in the medical industry, it is clearly described in 'Act on Promotion of Information and Communication Network Utilization and information Protection, etc.'. the law is ratified on the basis of the service provider, therefore, it has its own limitation to be applied to medical industry. Therefore, this paper is to set the security standard and to discuss the range of legal application and considerations on its basis for the domestic medical institution at the electronic medical record system. We exemplify specific applicable content of the electronic signature in the electronic medical record also, present a security assessment item in electronic medical system and set the criteria for the security standard in the medical industry.

• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.231-242
• /
• 2020

In the case of damages caused by personal information infringement accidents caused by information infringer such as hackers, the information subject will usually claim damages to the information controller rather than the information infringer who is the perpetrator, and the information controller who has been claimed will claim damages again to the information security enterprise that has entrusted the information protection business. These series of claims for damages, which are expected to be carried out between the information subject, the information controller and the information security enterprise, are nothing but quarrels for transferring of liability among themselves who are also victims of infringement. So the problem of damage compensation should be discussed from the perspective of multi-faceted rational distribution of the damages among the subjects who make up the information security industry ecosystem rather than the conventional approach. In addition, due to the nature of personal information infringement accidents, if a large amount of personal information infringement occurs, the amount of compensation can be large enough to affect the survival of the company and so this study insist that a concrete and realistic alternatives for society to share damages is needed.

• KSCI Review
• /
• v.15 no.1
• /
• pp.65-75
• /
• 2007

Analyzed about a matter and requirements to intimidate security of ubiquitous and home network threatening various security for personal information protection in ubiquitous home networks at these papers, and studied. Got authentication procedures and verification procedures acid user approach to be reasonable through designs to the home security gateway which strengthened a security function in the outsides, and strengthened protection of a home network. Also, execute a DoS, DDoS, IP Spoofing attack protective at home network security gateways proved, and security regarding an external denial of service attack was performed, and confirmed. Strengthen appliances and security regarding a user, and confirm a defense regarding an external attack like DoS, DDoS, IP Spoofing, and present a home network security model of this paper to the plans that can strengthen personal information protection in ubiquitous home networks in ubiquitous home networks through experiment.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.31-39
• /
• 2016

The biometrics information is very useful by the convenience of ownership and using. but the risk of crime of malicious re-uses and infringement of personal privacy exist because the biometrics information is impossible to change typically when the illegal interception occurred from others. therefore the importance of security on stored management of biometrics information has been increased steadily. the existing biometric authentication system has been stored only encrypted complete template at a single storage place. In this paper, we designed the Distributed Stored of Multiple Split bio_Template System that a template is divided in different ways by each user and stored in other storage places from personal information to relieve user's anxiety about the saved template and illegally leaked through restored only template to authenticate and then delete.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.173-180
• /
• 2015

The advent of personal healthcare record(PHR) technology has been changing the uses as well as the paradigm of internet services, and emphasizing the importance of services being personalization. But the problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, we propose a security labeling scheme for privacy protection in PHR system. In the proposed scheme, PHR data can be labeled also manually based on patient's request or the security labelling rules. The proposed scheme can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.