• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.113-120
• /
• 2021

The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.78-85
• /
• 2013

The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.

• The Journal of Society for e-Business Studies
• /
• v.18 no.1
• /
• pp.107-127
• /
• 2013

The evolution of IT facilitated the communication and knowledge sharing between the social network service (SNS) users. When the more information about SNS users had been posted in SNS site, SNS users had sometimes exposed in the risk of privacy invasion. To remedy this problem, we had introduced the information control mechanisms from the prior studies in data management to the SNS area and empirically validated the effect of these mechanisms in this research. Three information control mechanisms had been elected as access control, reference control and diffusion control. We had conducted a survey to the Facebook users which is the most famous SNS site. 459 data had been gathered and analyzed by PLS algorism. As the results, reference control and diffusion control has significantly increased the trust on SNS providers and decrease the privacy concern. This change could significantly affect on the satisfaction with the SNS site and knowledge sharing intention of SNS users. This study could introduce the new perspective about privacy protection issues in SNS area. Also, the information control mechanisms suggested in this study could contribute to make more robust privacy protection mechanisms in SNS site in practice.

• ETRI Journal
• /
• v.35 no.5
• /
• pp.889-899
• /
• 2013

Wireless sensor networks (WSNs) are used for many real-time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security-performance-balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end-party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real-world WSNs applications.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.7
• /
• pp.1715-1722
• /
• 2010

In this paper we consider methods for selecting the next tracing node that take advantage of the history of traced positions during the packet-tracing. In the meantime, the proposed routing strategy that counters the tracing is to design the routing path is such a way that nodes on it are not close to the nodes whose location privacy is needed and zigzag or back-and-forth movements hardly take place. In simulations, the ratios of successful tracing were largely improved. It was shown that our routing scheme allows more data packets to be delivered to the destination while, enticing the tracer to move more long distances in the presence of multiple assets.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.2
• /
• pp.219-226
• /
• 2013

Against the global eavesdropping in wireless sensor networks, tremendous amount of dummy packets for faking are likely to be continuously generated in order to keep the location privacy of the communication source and destination. In our approach only certain disk-shaped zones of encompassing sources and destination are allowed to issue dummy packets during the data transfer so that the amount of generated packets is reduced while the location privacy of the source and destination remains secret. To this end we design a routing protocol and propose a detailed formal specification of it, and verify major characteristics.

• The Journal of Korean Association of Computer Education
• /
• v.18 no.1
• /
• pp.69-79
• /
• 2015

This research aims to empirically explore the antecedents that could impact on internet users' information protection behavior. 282 of sample data collected from internet users was used to test the hypotheses. The results of this research reveal that the internet users' information privacy concerns has a significant impact on self-efficacy, perceived usefulness, and information protection behavior. In addition, we found that perceived usefulness and information protection behavior are significantly influenced by self-efficacy. However, contrary to expectations, perceived usefulness has no statistically significant effect on information protection behavior. These findings provide significant implications for online companies and internet uses as well as educational stakeholders that give educations about information protection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.10
• /
• pp.295-302
• /
• 2020

The study examines an empirical case that explores the key constructs of the Unified Theory of Acceptance and Use of Technology (UTAUT) (Venkatesh, Morris, Davis & Davis, 2003) and the relationship between security and privacy of the Theory of Perceived Risk (TPR) (Bauer, 1960). This study employs survey data of 200 young Internet users aged 18 to 25. The study was conducted through two steps: preliminary research by qualitative research method to form the official research scale then formal research by quantitative research method using CFA and SEM to test the research model. The research results show that performance expectancy and social influence significantly predict behavioral intention to use e-wallets in payment. In contrast, the factors, namely, security and privacy, and effort expectancy, are statistically insignificant on behavioral intention. Nevertheless, the facilitating conditions factor still affects the behavior of using e-wallets. The study proposes a model to generalize the online payment environment through the integration of UTAUT and TPR models that are important for online payment management and researchers in the technology environment. The findings of this study suggest that social influence significantly affects the intention of young people to use e-wallets instead of security and privacy.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.173-180
• /
• 2015

The advent of personal healthcare record(PHR) technology has been changing the uses as well as the paradigm of internet services, and emphasizing the importance of services being personalization. But the problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, we propose a security labeling scheme for privacy protection in PHR system. In the proposed scheme, PHR data can be labeled also manually based on patient's request or the security labelling rules. The proposed scheme can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.