• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.51-59
• /
• 2008

As the innovative IT are being developed and applied in the e-business environment, firms are recognizing the fact that amount of customer information is providing care competitive edge. However, sensitive privacy information are abused and misused, and it is affecting the firms to require appropriate measures to protect privacy information and implement security techniques to safeguard carparate resources. This research analyzes the threat of privacy information exposure in the e-business environment, suggest the IPM-Trusted Privacy Policy Model in order to resolve the related problem, and examines 4 key mechanisms (CAM, SPM, RBAC Controller, OCM) focused on privacy protection. The model is analyzed and designed to enable access management and control by assigning user access rights based on privacy information policy and procedures in the e-business environment. Further, this research suggests practical use areas by applying TPM to CRM in e-business environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1187-1199
• /
• 2015

Recently, as high-quality sensors are being developed, it is available to conveniently measure any kind of data. Healthcare services are being combined with Internet of things (IoTs). And applications that use user's data which are remotely measured, such as heart rate, blood oxygen level, temperature are emerging. The typical example is applications that find ideal spouse by using a user's genetic information, or indicate the presence or absence of a disease. Such information is closely related to the user's privacy, so biometric information must be protected. That is, service provider must provide the service while preserving user's privacy. In this paper, we propose a scheme which enables privacy-preserving outlier detection in Healthcare Service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1439-1448
• /
• 2018

Many electronic document files, including Microsoft Office Word (MS Word), have become a major issue in various legal disputes such as privacy, contract forgery, and trade secret leakage. The internal metadata of OOXML (Office Open XML) format, which is used since MS Word 2007, stores the unique Revision Identifier (RSID). The RSID is a distinct value assigned to a corresponding word, sentence, or paragraph that has been created/modified/deleted after a document is saved. Also, document history, such as addition/correction/deletion of contents or the order of creation, can be tracked using the RSID. In this paper, we propose a methodology to investigate discrimination between the original document and copy as well as possible document file leakage by utilizing the changes of the RSID according to the user's behavior.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.13-26
• /
• 2006

RFID technology is evaluated as one of core technologies for ubiquitous environment, because of its various characteristics which barcode systems don't have. However, RFID systems have consumer's privacy infringement problems, such like information leakage and location tracing. We need RFID privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect consumer's privacy perfectly. The most secure protocol, that satisfies all of the three essential security requirements, among existing protocols, is the hash-chain based protocol that Ohkubo proposed. Unfortunately this protocol has a big disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the original scheme of Ohkubo protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.291-307
• /
• 2021

There has been global efforts to prevent the further spread of the COVID-19 and get society back to normal. 'Contact tracing' is a crucial way to detect the infected person. However the contact tracing makes another concern about the privacy violation of the personal data of infected people, released by governments. Therefore Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. However, in order to provide the improved tracing application, it is necessary to identify potential security threats and investigate vulnerabilities for systematically. In this paper, we provide security analysis of Privacy-Preserving COVID-19 Contact Tracing App with STRIDE and LINDDUN threat models. Based on the analysis, we propose to adopt a verifiable computation scheme, Zero-knowledge Succinctness Non-interactive Arguments of Knowledges (zkSNARKs) and Public Key Infrastructure (PKI) to ensure both data integrity and privacy protection in a more practical way.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.49-60
• /
• 2023

The amount of data generated by electronic systems through e-commerce, social networks, and data computation has risen. However, the security of data has always been a challenge. The problem is not with the quantity of data but how to secure the data by ensuring its confidentiality and privacy. Though there are several research on cloud data security, this study proposes a security scheme with the lowest execution time. The approach employs a non-linear time complexity to achieve data confidentiality and privacy. A symmetric algorithm dubbed the Non-Deterministic Cryptographic Scheme (NCS) is proposed to address the increased execution time of existing cryptographic schemes. NCS has linear time complexity with a low and unpredicted trend of execution times. It achieves confidentiality and privacy of data on the cloud by converting the plaintext into Ciphertext with a small number of iterations thereby decreasing the execution time but with high security. The algorithm is based on Good Prime Numbers, Linear Congruential Generator (LGC), Sliding Window Algorithm (SWA), and XOR gate. For the implementation in C, thirty different execution times were performed and their average was taken. A comparative analysis of the NCS was performed against AES, DES, and RSA algorithms based on key sizes of 128kb, 256kb, and 512kb using the dataset from Kaggle. The results showed the proposed NCS execution times were lower in comparison to AES, which had better execution time than DES with RSA having the longest. Contrary, to existing knowledge that execution time is relative to data size, the results obtained from the experiment indicated otherwise for the proposed NCS algorithm. With data sizes of 128kb, 256kb, and 512kb, the execution times in milliseconds were 38, 711, and 378 respectively. This validates the NCS as a Non-Deterministic Cryptographic Algorithm. The study findings hence are in support of the argument that data size does not determine the execution.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.896-899
• /
• 2009

The fear of unauthorized, hidden readouts has dominated the radio frequency identification (RFID) privacy debate. Therefor all published and previous works for privacy mechanisms so far require consumers to actively and explicitly protect read access to their tagged items. This paper introduces the underlying mechanism of our extension to considerations for security and analyzes its tracking resistance and identification performance, and discusses deployment aspects.

• Journal of Information Technology Services
• /
• v.13 no.2
• /
• pp.1-17
• /
• 2014

Social networking service (SNS) is a service that allows people to share information, manage relationships with others, and express themselves on the Internet. The number of SNS users have increased explosively with the growth of mobile devices such as smartphones. As the influence of SNS has grown extensively, potential threats to privacy have also become pervasive. The purpose of this study is to empirically examine the main factors that affect users' intentions to use security functions provided by their SNS. The main theories for this study include the rational choice theory and the theory of planned behavior. This study has identified the factors that affect intention to use security functions. In addition, security function awareness and information security awareness are found to be important antecedents for intention to use security functions. The results of this study implies that when SNS providers develop security policies, they should consider the ways to improve users information security awareness and security function awareness simultaneously.

• 한국경영정보학회:학술대회논문집
• /
• 2007.06a
• /
• pp.951-958
• /
• 2007

Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID may be viewed as a means of explicitly labeling objects to facilitate their "perception" by computing devices. RFlD systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFlD systems which could threat the technology s future. To successfully adopt RFID technology in various applications. we need to develop the solutions to protect the RFID system s data information. This study investigates important issues related to privacy and security of RF1D based on the recent literature and suggests solutions to cope with the problem.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.598-599
• /
• 2016

Today, embedded, mobile, and cyber-physical systems are ubiquitous and used in many applications, from industrial control systems, modern vehicles, to critical infrastructure. Current trends and initiatives, such as "Industry 4.0" and Internet of Things (IoT), promise innovative business models and novel user experiences through strong connectivity and effective use of next generation of embedded devices. We survey an introduction to Industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems in this paper.