• Journal of Information Technology Applications and Management
• /
• v.16 no.4
• /
• pp.79-92
• /
• 2009

With the rising reliance on market estimation through customer analysis in customer-centered marketing, there is a rapid increase in the amount of personal data owned by corporations. There has been a corresponding rise in the customers' interest in personal information protection, and the problem of personal information leakage has risen as a serious issue. The purpose of this research is to develop a diagnosis model for personal information protection that is suited to our country's corporate environment, and on this basis, to present diagnostic instruments that can be applied to domestic corporations. This diagnosis model is a structural equation model that schematizes the degree of synthetic effect that administration factors and estimation items have on the protection of personal information owned by corporations. We develop the model- consisting of the administration factors for personal information protection and the measurement items of each factor- using the development method of standardized structural equation model. We then present a tool through which the administration factors and estimation items verified through this model can be used in the diagnosis for personal information protection in corporations. This diagnostic tool can be utilized as a useful instrument to prevent in advance the leakage of personal information in corporations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5556-5573
• /
• 2017

As a main component of Internet of Things (IoTs), the wireless sensor networks (WSNs) have been widely applied to various areas, including environment monitoring, health monitoring of human body, farming, commercial manufacture, reconnaissance mission in military, and calamity alert etc. Meanwhile, the privacy concerns also arise when the users are required to get the real-time data from the sensor nodes directly. To solve this problem, several user authentication and key agreement schemes with a smart card and a password have been proposed in the past years. However, these schemes are vulnerable to some attacks such as offline password guessing attack, user impersonation attack by using attacker's own smart card, sensor node impersonation attack and gateway node bypassing attack. In this paper, we propose an improved scheme which can resist a wide variety of attacks in WSNs. Cryptanalysis and performance analysis show that our scheme can solve the weaknesses of previously proposed schemes and enhance security requirements while maintaining low computational cost.

• KIEAE Journal
• /
• v.9 no.5
• /
• pp.21-28
• /
• 2009

In apartment buildings, casualties, especially fatalities have occurred in balcony areas in fires if residents fail to escape to the main entrance. Potential consequences of a particular infrequent event should be considered. In attempting to design apartment buildings for fire safety, alternative escape methods such as vertical penetration could be considered. The purpose of this study is to investigate present building regulations regarding apartment buildings and examine pros and cons of the current escape method and alternative escape methods. Focus group interview was conducted to discuss problems of fire escape methods. In addition, questionnaires were distributed to field professionals working in architecture, construction and related industries. Among 500 questionnaires distributed, 192 questionnaires were collected. Usable 162 questionnaires were analyzed using SPSS 15. Regarding alternative fire escape methods, several concerns were mentioned. Safety, privacy, security, effectiveness of escape, water proof problems were raised. Based on the opinions, vertical penetration between apartment unit appeared more safe, secure, effective than horizontal penetration. However, both methods have its own pros and cons under specific contexts. Alternative escape methods need be considered for a selective options for residents in case of fire.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.6B
• /
• pp.962-969
• /
• 2010

Recently, RFID technology can successfully be used to reduce medical errors. This technology can aid in the accurate matching of patients with their medications and treatments. The enthusiasm for using RFID technology in medical settings has been tempered by privacy concerns. In this paper, we propose a secure and efficient RFID authentication system to not only authenticate patients' authenticity but also protect patients' personal medical informations. The proposed system consists of RFID-based patient authentication protocol and database security protocol. As a result, since the proposed RFID authentication system provides strong security and efficiency, it can be used practically for patient authentication and personal medical information protection on the high technology medical environments such as u-Hospital and u-Healthcare.

• Journal of Digital Convergence
• /
• v.11 no.10
• /
• pp.445-451
• /
• 2013

Cyber terrorism has lately aimed at major domestic financial institutions and broadcasters. A large number of PCs have been infected, so normal service is difficult. As a result, the monetary damage was reported to be very high. It is important to recognize the importance of big data. But security and privacy efforts for big data is at a relatively low level, therefore the marketing offort is very active. This study concerns the analysis of Big Data industry and Big data security threats that are intelligent and the changes in defense technology. Big data, security countermeasures for the future are also presented.

• Journal of Information Processing Systems
• /
• v.14 no.1
• /
• pp.239-251
• /
• 2018

In existing cloud services, information security and privacy concerns have been worried, and have become one of the major factors that hinder the popularization and promotion of cloud computing. As the cloud computing infrastructure, the security of virtual machine systems is very important. This paper presents an immune-inspired intrusion detection model in virtual machines of cloud computing environment, denoted I-VMIDS, to ensure the safety of user-level applications in client virtual machines. The model extracts system call sequences of programs, abstracts them into antigens, fuses environmental information of client virtual machines into danger signals, and implements intrusion detection by immune mechanisms. The model is capable of detecting attacks on processes which are statically tampered, and is able to detect attacks on processes which are dynamically running. Therefore, the model supports high real time. During the detection process, the model introduces information monitoring mechanism to supervise intrusion detection program, which ensures the authenticity of the test data. Experimental results show that the model does not bring much spending to the virtual machine system, and achieves good detection performance. It is feasible to apply I-VMIDS to the cloud computing platform.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.516-519
• /
• 2014

Cloud computing is an up-and-coming paradigm shift transforming computing models from a technology to a utility. However, security concerns related to privacy, confidentiality and trust are among the issues that threaten the wide deployment of cloud computing. With the advancement of ubiquitous mobile-based clients, the ubiquity of the model suggests a higher integration in our day to day life and this leads to a rise in security issues. To strengthen the access control of cloud resources, most organizations are acquiring Identity Management Systems (IDM). This paper presents one of the most popular IDM systems, specifically OAuth, working in the scope of Mobile Cloud Computing which has many weaknesses in its protocol flow. OAuth is a Delegated Authorization protocol, and not an Authentication protocol and this is where the problem lies. This could lead to very poor security decisions around authentication when the basic OAuth flow is adhered to. OAuth provides an access token to a client, so that it can access a protected resource, based on the permission of the resource owner. Many researchers have opted to implement OpenlD alongside OAuth so as to solve this problem. But OpenlD similarly has several security flows. This paper presents scenarios of how insecure implementations of OAuth can be abused maliciously. We incorporate an authentication protocol to verify the identities before authorization is carried out.

• International Journal of Internet, Broadcasting and Communication
• /
• v.11 no.2
• /
• pp.59-66
• /
• 2019

The emergence of new IT technologies and convergence industries, such as artificial intelligence, bigdata and the Internet of Things, is another chance for South Korea, which has established itself as one of the world's top IT powerhouses. On the other hand, however, privacy concerns that may arise in the process of using such technologies raise the task of harmonizing the development of new industries and the protection of personal information at the same time. In response, the government clearly presented the criteria for deidentifiable measures of personal information and the scope of use of deidentifiable information needed to ensure that bigdata can be safely utilized within the framework of the current Personal Information Protection Act. It strives to promote corporate investment and industrial development by removing them and to ensure that the protection of the people's personal information and human rights is not neglected. This study discusses the strategy of deidentifying personal information protection based on the analysis of fake news. Using the strategies derived from this study, it is assumed that deidentification information that is appropriate for deidentification measures is not personal information and can therefore be used for analysis of big data. By doing so, deidentification information can be safely utilized and managed through administrative and technical safeguards to prevent re-identification, considering the possibility of re-identification due to technology development and data growth.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.157-158
• /
• 2013

Data privacy and access control policies in computer clouds are a prime concerns while talking about the sensitive data. Authorized access is ensured with the help of secret keys given to a range of valid users. Granting the role access is a trivial matter but revoking user access is tricky and compute intensive. To revoke a user and making his data access ineffective the data owner has to compute new set of keys for the rest of effective users. This situation is inappropriate where user revocation is a frequent phenomenon. Time based revocation is another way to deal this issue where key for data access expires automatically. This solution rests in a very strong assumption of time determination in advance. In this paper we have proposed a mutable encryption for oblivious data access in cloud storage where the access key becomes ineffective after defined number of threshold by the data owner. The proposed solution adds to its novelty by introducing mutable encryption while accessing the data obliviously.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.507-510
• /
• 2013

Cloud computing is an emerging technology, which allows the user to fulfill his needs by outsourcing the resources. With the passage of time, cloud computing has become an essential part of our lives. But it still requires some sort of standardization, specially in terms of user's trust, privacy, and security related things. This study presents different types of cloud computing services and their working domains along with some key virtualization related issues that are encountered by the cloud service provider as well as the user. Those key issues, related with virtual network are discussed in this paper. This study provides a basis to work further on those issues, so that the key concerns are addressed as soon as possible and cloud computing could become standardized and more prevalent.