• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.12
• /
• pp.1904-1913
• /
• 2021

With the proliferation of smart phones and the development of IoT technology, it has become possible to collect personal data for public purposes. However, users are afraid of voluntarily providing their private data due to privacy issues. To remedy this problem, mainly three techniques have been studied: data disturbance, traditional encryption, and homomorphic encryption. In this work, we perform simulations to compare them in terms of accuracy, message length, and computation delay. Experiment results show that the data disturbance method is fast and inaccurate while the traditional encryption method is accurate and slow. Similar to traditional encryption algorithms, the homomorphic encryption algorithm is relatively effective in privacy preserving because it allows computing encrypted data without decryption, but it requires high computation costs as well. However, its main cost, arithmetic operations, can be processed in parallel. Also, data analysis using the homomorphic encryption needs to do decryption only once at any number of data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.665-679
• /
• 2018

With the development of information and communication technology, especially wireless Internet technology and the spread of smart phones, digital data has increased. As a result, privacy issues which concerns about exposure of personal sensitive information are increasing. In this paper, we analyze the privacy vulnerability of online big data in domestic internet environment, especially focusing on portal service, and propose a measure to evaluate the possibility of privacy violation. For this purpose, we collected about 50 million user posts from the potal service contents and extracted the personal information. we find that potal service user can be identified by the extracted personal information even though the user id is partially anonymized. In addition, we proposed a risk measurement evaluation method that reflects the possibility of personal information linkage between service using partial anonymized ID and personal information exposure level.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.5
• /
• pp.439-444
• /
• 2016

This paper proposes the technique to protect the privacy of those who uses Smart Tourism Service based on location. The proposed privacy protection technique (1) generates a shared private key, OTK(One Time Key) without information exchanging Users with a Tourism Server and provides Users and a Tourism Server with message confidentiality by encrypting data with the key, (2) concatenates users' ID, login time(timestamp), and randomly-generated nonce, generates OTK by hashing with a hash function, encrypts users' location information and query by using the operation of OTK and XOR and provides Users and a Tourism Server with message confidentiality by sending the encrypted result. (3) protects a message replay attack by adding OTK and timestamp. Therefore, this paper not only provides data confidentiality and users' privacy protection but also guarantees the safety of location information and behavior pattern data.

• Journal of Computing Science and Engineering
• /
• v.5 no.3
• /
• pp.183-196
• /
• 2011

There has recently been a surge of interest in relational database mining that aims to discover useful patterns across multiple interlinked database relations. It is crucial for a learning algorithm to explore the multiple inter-connected relations so that important attributes are not excluded when mining such relational repositories. However, from a data privacy perspective, it becomes difficult to identify all possible relationships between attributes from the different relations, considering a complex database schema. That is, seemingly harmless attributes may be linked to confidential information, leading to data leaks when building a model. Thus, we are at risk of disclosing unwanted knowledge when publishing the results of a data mining exercise. For instance, consider a financial database classification task to determine whether a loan is considered high risk. Suppose that we are aware that the database contains another confidential attribute, such as income level, that should not be divulged. One may thus choose to eliminate, or distort, the income level from the database to prevent potential privacy leakage. However, even after distortion, a learning model against the modified database may accurately determine the income level values. It follows that the database is still unsafe and may be compromised. This paper demonstrates this potential for privacy leakage in multi-relational classification and illustrates how such potential leaks may be detected. We propose a method to generate a ranked list of subschemas that maintains the predictive performance on the class attribute, while limiting the disclosure risk, and predictive accuracy, of confidential attributes. We illustrate and demonstrate the effectiveness of our method against a financial database and an insurance database.

• Journal of Digital Convergence
• /
• v.11 no.4
• /
• pp.57-69
• /
• 2013

Progresses in ICT make the processing and exchange of personal data across international borders often necessary and relatively easy. The challenge lies in protecting fundamental rights and freedoms of individuals, notably the right to privacy and the right to personal information, while encouraging the free and secure flow of information across borders for the continued expansion of online transactions. The key to establishing a functioning international solution for personal data protection is to strike a right balance between the two camps which currently dominate the debate - the advocates of individual privacy rights on one side exemplified by the EU, and the proponents of self-regulation and economic efficiency on the other, represented by the U.S. In the face of a growing tension between the two sides each equipped with their own ideals, a practical solution may lie in utilizing established institutions of standardization such as ISO and IEC as a ground upon which an agreement can take its root.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.83-92
• /
• 2018

The GDPR implemented since 25 May 2018 is common to all EU Member States and is legally binding. It is also important and legally valuable in that it takes into account the latest trends related to privacy protection. The purpose of this study is to propose a comprehensive review and improvement direction of the personal information protection laws in South Korea through a comparative analysis of EU GDPR and privacy related laws in South Korea. As a result of this study, the differences between the GDPR and privacy related laws in South Korea are Definition of personal sensitive information, Right to data portability, Data protection officer, Transfers of personal data to third countries, Supervisory authority, and Punishment, etc. The differences in these regulations were necessary to protect the rights and interests of data subjects and to properly handle personal information of personal information controllers. Therefore, based on the results of the comparative analysis of this study and suggestions on improvement direction of the law related to personal information protection, it is expected that it will contribute to the overall inspection and improvement of the law related to personal information protection in South Korea.

• International Journal of Computer Science & Network Security
• /
• v.23 no.4
• /
• pp.25-31
• /
• 2023

Fog computing diversifies cloud computing by using edge devices to provide computing, data storage, communication, management, and control services. As it has a decentralised infrastructure that is capable of amalgamating with cloud computing as well as providing real-time data analysis, it is an emerging method of using multidisciplinary domains for a variety of applications; such as the IoT, Big Data, and smart cities. This present study provides an overview of the security and privacy concerns of fog computing. It also examines its fundamentals and architecture as well as the current trends, challenges, and potential methods of overcoming issues in fog computing.

• Information Systems Review
• /
• v.22 no.2
• /
• pp.101-120
• /
• 2020

This study investigates the effects of privacy psychological characteristics of B2C logistics services users on their willingness to comply with their logistics companies' information protection policy. Using cognitive valence theory as a theoretical framework, this study proposes a research model to examine the relationships between users' logistics security knowledge, privacy trust, privacy risk, privacy concern, and their willingness of information protection policy compliance. To test the proposed model, we conducted a survey from actual users of logistics services and collected valid 151 samples. We analyzed the data using a structural equation modeling software. The empirical results show that logistics security knowledge positively affects privacy trust; privacy concern positively influences privacy risk; privacy trust, privacy risk, and privacy concern positively influence behavioral willingness of compliance. However, logistics security knowledge does not affect behavioral willingness of compliance. The results of the study provide several contributions to the literature of B2C logistics services domain and managerial implications to logistics services companies.

• Journal of KIISE:Databases
• /
• v.37 no.6
• /
• pp.324-332
• /
• 2010

The majority of event detection in real-time embedded sensor network systems is based on data fusion that uses noisy sensor data collected from complicated real-world environments. Current research has produced several excellent low-level mechanisms to collect sensor data and perform aggregation. However, solutions that enable these systems to provide real-time data processing using readings from heterogeneous sensors and subsequently detect complex events of interest in real-time fashion need further research. We are developing real-time event detection approaches which allow light-weight data fusion and do not require significant computing resources. Underlying the event detection framework is a collection of real-time monitoring and fusion mechanisms that are invoked upon the arrival of sensor data. The combination of these mechanisms and the framework has the potential to significantly improve the timeliness and reduce the resource requirements of embedded sensor networks. In addition to that, we discuss about a privacy that is foundation technique for trusted embedded sensor network system and explain anonymization technique to ensure privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1401-1414
• /
• 2018

The k-means clustering algorithm groups input data with the number of groups represented by variable k. In fact, this algorithm is particularly useful in market segmentation and medical research, suggesting its wide applicability. In this paper, we propose a privacy-preserving clustering algorithm that is appropriate for outsourced encrypted data, while exposing no information about the input data itself. Notably, our proposed model facilitates encryption of all data, which is a large advantage over existing privacy-preserving clustering algorithms which rely on multi-party computation over plaintext data stored on several servers. Our approach compares homomorphically encrypted ciphertexts to measure the distance between input data. Finally, we theoretically prove that our scheme guarantees the security of input data during computation, and also evaluate our communication and computation complexity in detail.