• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7B
• /
• pp.438-447
• /
• 2007

In the Internet, an identity service must to obtain permission from a user to allow them to share data with requesting service. For that, the privacy policy, which reflects legal regulations and preferences made by the user, is needed. Also, the management interface that aids the user to make the privacy policy and the PDP system that makes admission control and policy decisions in response to a request from an entity wanting to access the personal information are needed. In this paper, the privacy controller system model handled under the internet Identity management system environment is proposed. The system has the easy interface of policy generation and the efficient policy decision process. The system applies and modifies to the XACML of OASIS group. We propose that the privacy policy is divided into the three policies, which are the user policy, the domain policy and the basic offering policy. To resolve the collision between the policies, we also propose the collision resolution policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.53-68
• /
• 2008

We study on the practical privacy-preserving techniques by matrix-based randomization approach. We clearly examine the relationship between the two parameters associated with the measure of privacy breach and the condition number of matrix in order to achieve the optimal transition matrix. We propose a simple formula for efficiently calculating the inverse of transition matrix which are needed in the re-construction process of random substitution algorithm, and deduce some useful connections among standard error and another parameters by obtaining condition numbers according to norms of matrix and the expectation and variance of the transformed data. Moreover we give some experimental results about our theoretical expressions by implementing random substitution algorithm.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.8
• /
• pp.2083-2100
• /
• 2023

The rise of Industry 5.0 has led to a smarter and more digital way of doing business, but with it comes the issue of user privacy and security. Only when privacy and security issues are addressed, will users be able to transact online with greater peace of mind. Thus, to address the security and privacy problems associated with industry blockchain technology, we propose a privacy protection scheme for online financial transactions based on verifiable ring signatures and blockchain by comparing and combining the unconditional anonymity provided by ring signatures with the high integrity provided by blockchain technology. Firstly, we present an algorithm for verifying ring signature based on distributed key generation, which can ensure the integrity of transaction data. Secondly, by using the block chain technique, we choose the proxy node to send the plaintext message into the block chain, and guarantee the security of the asset transaction. On this basis, the designed scheme is subjected to a security analysis to verify that it is completely anonymous, verifiable and unerasable. The protection of user privacy can be achieved while enabling online transactions. Finally, it is shown that the proposed method is more effective and practical than other similar solutions in performance assessment and simulation. It is proved that the scheme is a safe and efficient online financial transaction ring signature scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1653-1670
• /
• 2022

The fear that location privacy may be compromised greatly hinders the development of location-based service. Accordingly, some schemes based on the distributed architecture in peer-to-peer network for location privacy protection are proposed. Most of them assume that mobile terminals are mutually trusted, but this does not conform to realistic scenes, and they cannot make requirements for the level of location privacy protection. Therefore, this paper proposes a scheme for location attribute-based security authentication and private sharing data group, so that they trust each other in peer-to-peer network and the trusted but curious mobile terminal cannot access the initiator's query request. A new identifier is designed to allow mobile terminals to customize the protection strength. In addition, the caching mechanism is introduced considering the cache capacity, and a cache replacement policy based on deep reinforcement learning is proposed to reduce communications with location-based service server for achieving location privacy protection. Experiments show the effectiveness and efficiency of the proposed scheme.

• Asia pacific journal of information systems
• /
• v.22 no.4
• /
• pp.7-29
• /
• 2012

Smartphone and its applications (i.e. apps) are increasingly penetrating consumer markets. According to a recent report from Korea Communications Commission, nearly 50% of mobile subscribers in South Korea are smartphone users that accounts for over 25 million people. In particular, the importance of smartphone has risen as a geospatially-aware device that provides various location-based services (LBS) equipped with GPS capability. The popular LBS include map and navigation, traffic and transportation updates, shopping and coupon services, and location-sensitive social network services. Overall, the emerging location-based smartphone apps (LBA) offer significant value by providing greater connectivity, personalization, and information and entertainment in a location-specific context. Conversely, the rapid growth of LBA and their benefits have been accompanied by concerns over the collection and dissemination of individual users' personal information through ongoing tracking of their location, identity, preferences, and social behaviors. The majority of LBA users tend to agree and consent to the LBA provider's terms and privacy policy on use of location data to get the immediate services. This tendency further increases the potential risks of unprotected exposure of personal information and serious invasion and breaches of individual privacy. To address the complex issues surrounding LBA particularly from the user's behavioral perspective, this study applied the privacy calculus model (PCM) to explore the factors that influence the adoption of LBA. According to PCM, consumers are engaged in a dynamic adjustment process in which privacy risks are weighted against benefits of information disclosure. Consistent with the principal notion of PCM, we investigated how individual users make a risk-benefit assessment under which personalized service and locatability act as benefit-side factors and information privacy risks act as a risk-side factor accompanying LBA adoption. In addition, we consider the moderating role of trust on the service providers in the prohibiting effects of privacy risks on user intention to adopt LBA. Further we include perceived ease of use and usefulness as additional constructs to examine whether the technology acceptance model (TAM) can be applied in the context of LBA adoption. The research model with ten (10) hypotheses was tested using data gathered from 98 respondents through a quasi-experimental survey method. During the survey, each participant was asked to navigate the website where the experimental simulation of a LBA allows the participant to purchase time-and-location sensitive discounted tickets for nearby stores. Structural equations modeling using partial least square validated the instrument and the proposed model. The results showed that six (6) out of ten (10) hypotheses were supported. On the subject of the core PCM, H2 (locatability ${\rightarrow}$ intention to use LBA) and H3 (privacy risks ${\rightarrow}$ intention to use LBA) were supported, while H1 (personalization ${\rightarrow}$ intention to use LBA) was not supported. Further, we could not any interaction effects (personalization X privacy risks, H4 & locatability X privacy risks, H5) on the intention to use LBA. In terms of privacy risks and trust, as mentioned above we found the significant negative influence from privacy risks on intention to use (H3), but positive influence from trust, which supported H6 (trust ${\rightarrow}$ intention to use LBA). The moderating effect of trust on the negative relationship between privacy risks and intention to use LBA was tested and confirmed by supporting H7 (privacy risks X trust ${\rightarrow}$ intention to use LBA). The two hypotheses regarding to the TAM, including H8 (perceived ease of use ${\rightarrow}$ perceived usefulness) and H9 (perceived ease of use ${\rightarrow}$ intention to use LBA) were supported; however, H10 (perceived effectiveness ${\rightarrow}$ intention to use LBA) was not supported. Results of this study offer the following key findings and implications. First the application of PCM was found to be a good analysis framework in the context of LBA adoption. Many of the hypotheses in the model were confirmed and the high value of $R^2$ (i.,e., 51%) indicated a good fit of the model. In particular, locatability and privacy risks are found to be the appropriate PCM-based antecedent variables. Second, the existence of moderating effect of trust on service provider suggests that the same marginal change in the level of privacy risks may differentially influence the intention to use LBA. That is, while the privacy risks increasingly become important social issues and will negatively influence the intention to use LBA, it is critical for LBA providers to build consumer trust and confidence to successfully mitigate this negative impact. Lastly, we could not find sufficient evidence that the intention to use LBA is influenced by perceived usefulness, which has been very well supported in most previous TAM research. This may suggest that more future research should examine the validity of applying TAM and further extend or modify it in the context of LBA or other similar smartphone apps.

• Journal of Information Technology Services
• /
• v.12 no.2
• /
• pp.171-184
• /
• 2013

Frequently faced with dangerous situations, for evidentiary purpose in case of civil and criminal liability challenges, car drivers in Korea have been armed with so-called 'black boxes'; however, which are just video recorders in vehicles rather than real 'black boxes' that are equipped in the airplanes. In the United States, they are called EDRs(Event Data Recorders), more technically, which means that they record data of events happened while driving, such as velocity changes, airbags deployment, seatbelt wearing etc. just like in the airplanes. EDR technology is quickly becoming more advanced, more widely available, and less expensive; however, new concerns are emerging : the privacy of drivers. In U. S., vehicle manufacturers and insurance companies and the governmental agencies including the courts and legislatures are the main parties in terms of the EDR concerns. In order to determine the best way to regulate EDR, it is necessary to balance all the merits, such as safety, privacy, truth, justice and efficiency, to support a legal framework regulating the EDR concerns. This article, in light of the regulation of EDR and experience therof in the United States, examines EDR technology itself, particularly with respect to the automobile industry, describing its history, its current state, and trends that may change it in the future; and explains how the National Highway Transportation Safety Agency (NHTSA), legislatures, courts have approached EDR data. At the early stage of regulation on EDRs in Korea, examining U. S. legal framework and usages would help for successful establishment of legislation and regulation.

• Journal of Digital Convergence
• /
• v.14 no.6
• /
• pp.405-413
• /
• 2016

To solve various problems of the Internet as well as to enhance network performance, various future Internet architectures utilize cached data in network nodes or in proxy servers. Named-data networking (NDN), one of future Internet architectures, implements in-network data caching functionality, and then responds itself to request messages. However, it can cause users' privacy invasion that the publisher of data can not engage in the sharing/using process of the data anymore after the data was cached in-network. So NDN implements both encryption-based access control and group access control. But, since such access control schemes need to exchange additional messages in order to search for a proper access control list and keys, it causes inefficiency. This paper surveys the access control schemes of NDN, and then proposes an improved scheme.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.6
• /
• pp.103-110
• /
• 2016

The recent frequent cases of damage due to leakage of medical data and the privacy of medical patients is increasing day by day. The government says the Privacy Rule regulations established for these victims, such as prevention. Medical data guidelines can be seen 'national medical privacy guidelines' is only released. When replacing the image data between the institutions it has been included in the image file (JPG, JPEG, TIFF) there is exchange of data in common formats such as being made when the file is leaked to an external file there is a risk that the exposure key identification information of the patient. This medial image file has no protection such as encryption, This this paper, introduces a masking technique using a mosaic technique encrypting the image file contains the application to optical character recognition techniques. We propose pseudonymization technique of personal information in the image data.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.246-248
• /
• 2021

Recently data has been transformed into a data economy and society that acts as a catalyst for the development of all industries and the creation of new value, and COVID-19 is accelerating digital transformation. In the upcoming intelligent Internet of Things era, the availability of decentralized systems such as blockchain and mixnet is emerging to solve the security problems of centralized systems that makes it difficult to utilize data safely and efficiently. Blockchain manages data in a transparent and decentralized manner and guarantees the reliability and integrity of the data through agreements between participants, but the transparency of the data threatens the privacy of users. On the other hand, mixed net technology for protecting privacy protects privacy in distributed networks, but due to inefficient power consumption efficiency and processing speed issues, low cost, light weight, low power consumption Internet Hard to use. In this paper, we analyze the limitations of conventional mixed-net technology and propose a mixed-net technology method for low power consumption, high speed, and the Internet of things.

• The KIPS Transactions:PartC
• /
• v.14C no.5
• /
• pp.439-452
• /
• 2007

We study on the privacy preserving data mining, PPDM for short, by using randomization. The theoretical PPDM based on the secure multi-party computation techniques is not practical for its computational inefficiency. So we concentrate on a practical PPDM, especially randomization technique. We survey various privacy measures and study on the privacy preserving mining of association rules by using randomization. We propose a new randomization operator, binomial selector, for privacy preserving technique of association rule mining. A binomial selector is a special case of a select-a-size operator by Evfimievski et al.[3]. Moreover we present some simulation results of detecting an appropriate parameter for a binomial selector. The randomization by a so-called cut-and-paste method in [3] is not efficient and has high variances on recovered support values for large item-sets. Our randomization by a binomial selector make up for this defects of cut-and-paste method.