• Informatization Policy
• /
• v.21 no.4
• /
• pp.20-39
• /
• 2014

The age of big data has not only opened new opportunities for economic growth in various industries, but it has also created new problems related to personal information protection and privacy invasion. Given this situation, Korea's communications commission has proposed a big data guideline that specifies how companies should collect and utilize personal information in the big data environment. However, this guideline is more focused on industrial development than personal information protection, and it contains many features that conflict with personal information protection law as it currently exists. As a result, civic groups strongly oppose the guideline, as it may create serious privacy issues for subjects of information gathering. Thus, this paper analyses the limitations of the guideline by comparing it with domestic and foreign laws about personal information protection and privacy. We also discuss the direction of legalization and institutionalization with respect to the secure use of big data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.869-878
• /
• 2018

Digital Evidence Data in cyberspace is easy to modify or delete, and changes are reflected in real time, so it is necessary to acquire evidence data quickly. Collecting evidence on the client side is advantageous in that data can be acquired without time delay due to additional administrative procedures, but collection of large data is likewise vulnerable to collection time delay problem. Therefore, this paper proposes an automated evidence collection method on the client side, focusing on the major web-based services in cyberspace, and enables efficient evidence collection for large volumes of data. Furthermore, we propose a digital evidence collection system in cyberspace that guarantees the integrity of the collected digital evidence until the court submission.

• The Journal of the Korea Contents Association
• /
• v.21 no.9
• /
• pp.42-50
• /
• 2021

As the Internet environment develops, data-analysis-based applications have been widely and extensively used in the past decade. However, these applications potentially have a privacy problem in that users' personal information may be leaked to unauthorized parties. To tackle such a problem, researchers have suggested several techniques including data perturbation and cryptography. The homomorphic encryption algorithm is a relatively new cryptography technology that allows arithmetic operations for encrypted values as it is without decryption. Since original values are not required, we believe that this method provides better privacy protection than other existing solutions. In this work, we propose to apply a homomorphic encryption algorithm that protects personal information while enabling data analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.69-80
• /
• 2007

To protect personal information when releasing data, a general privacy-protecting technique is the removal of all the explicit identifiers, such as names and social security numbers. De-identifying data, however, provides no guarantee of anonymity because released information can be linked to publicly available information to identify them and to infer information that was not intended for release. In recent years, two emerging concepts in personal information protection are k-anonymity and $\ell$-diversity, which guarantees privacy against homogeneity and background knowledge attacks. While these solutions are signigicant in static data environment, they are insufficient in dynamic environments because of vulnerability to inference. Specially, the problem appeared in record deletion is to deconstruct the k-anonymity and $\ell$-diversity. In this paper, we present an approach to securely anonymizing a continuously changeable dataset in an efficient manner while assuring high data quality.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.63-74
• /
• 2023

In order to ensure safety to invasion of privacy, Federated Learning(FL) that learns using parameters is emerging. However a paper that leaks training data using gradients was recently published. Our paper implements an experiment to leak training data using gradients in a federated learning environment, and proposes a method to improve reconstruction performance by improving existing attacks that leak training data. Experiments using Yale face database B, MNIST dataset on the proposed method show that federated learning is not safe from invasion of privacy by reconstructing up to 100 data out of 100 training data when performance of federated learning is high at accuracy=99~100%. In addition, by comparing the performance (MSE, PSNR, SSIM) of pixels and the performance of identification by Human Test, we want to emphasize the importance of the performance of identification rather than the performance of pixels.

• Journal of Information Technology Services
• /
• v.17 no.3
• /
• pp.157-169
• /
• 2018

This study aims to examine the factors influencing user attitude toward Smart Home service as the demand of Smart Home service is increasing and it somewhat involves privacy risk. To this end, the research model includes five independent variables, trust in service provider, perceived privacy risk, self efficacy, interpersonal influence, and external influence, influencing the attitude toward Smart Home service. So, this study aims to analyze which variable is the most critical and influential among the five factors and suggest the direction of Smart Home industries. This study first reviews the literature on Smart Home services and describes its Korean situation. Data were collected from residents living in a smart apartment complex. The results show that (1) users have a very positive attitude toward Smart Home service in total, (2) trust in service providers, self efficacy, and interpersonal influence positively impact user attitude toward Smart Home service and interpersonal influence is the most influential variable, however, (3) perceived privacy risk and external influence dose not significantly impact it. These results imply that the role of service providers, self efficacy, and interpersonal influence are important factors on the user attitude toward Smart Home service. Finally, the study's findings and limitations are discussed and potential avenues for future research are suggested.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.1
• /
• pp.65-71
• /
• 2012

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

• Knowledge Management Research
• /
• v.16 no.3
• /
• pp.1-21
• /
• 2015

The mobile market has introduced unprecedented shopping opportunities to customers and is expected to grow rapidly over time. However, little is known about how customers make purchase decisions in the mobile market. The purpose of this study is to investigate the drivers of mobile VOD purchases and to deliver valuable insights to mobile business operators. We focus on the purchase of VOD contents that have to be purchased and consumed using mobile devices and examine how individual-level purchase decisions are determined by three factors: perceived usefulness, usage behavior, and privacy concern. We obtained the panel data from a leading market research company that contains the mobile logs and survey results. Our main results suggest the followings. First, the perceived usefulness affects customers' mobile VOD contents purchases positively whereas the usage behavior exerts no influence on mobile contents purchases. Moreover, the privacy concern lowers the positive effect of perceived usefulness on mobile content purchases; however, it enhances the effect of the usage behavior on mobile contents purchases. These empirical findings indicate that mobile business operators should pay more attention to potential differences in perception and behavior using mobile devices and keep in mind that the privacy concern plays an additional key role in driving mobile contents purchases.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.12
• /
• pp.1353-1358
• /
• 2014

Tremendous amount of dummy packets are generally generated for faking over a wireless sensor network so as to keep the location privacy of nodes on the communication paths against the global eavesdropping. In this paper, a scoped-flooding protocol is designed for transferring data between each source and mobile sink(aka, basestation) where, the only nodes within the scope are allowed to issue dummy packets at every idle time so that the location privacy of the nodes on the paths is kept and the amount of dummy packets is reduced to the extend of the flooding scope. The size of the flooding diameter can be taken into consideration of the privacy level and the communication cost. We design a detailed specification of the protocol and verify several properties.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1229-1248
• /
• 2016

With the feature of convenience and low cost, remote healthcare monitoring (RHM) has been extensively used in modern disease management to improve the quality of life. Due to the privacy of health data, it is of great importance to implement RHM based on a secure and dependable network. However, the network connectivity of existing RHM systems is unreliable in disaster area because of the unforeseeable damage to the communication infrastructure. To design a secure RHM system in disaster area, this paper presents a Secure VANET-Assisted Remote Healthcare Monitoring System (SVC) by utilizing the unique "store-carry-forward" transmission mode of vehicular ad hoc network (VANET). To improve the network performance, the VANET in SVC is designed to be a two-level network consisting of two kinds of vehicles. Specially, an innovative two-level key management model by mixing certificate-based cryptography and ID-based cryptography is customized to manage the trust of vehicles. In addition, the strong privacy of the health information including context privacy is taken into account in our scheme by combining searchable public-key encryption and broadcast techniques. Finally, comprehensive security and performance analysis demonstrate the scheme is secure and efficient.