• ETRI Journal
• /
• v.35 no.3
• /
• pp.501-511
• /
• 2013

Protecting privacy is an important goal in designing location-based services. Service providers want to verify legitimate users and allow permitted users to enjoy their services. Users, however, want to preserve their privacy and prevent tracking. In this paper, a new framework providing users with more privacy and anonymity in both the authentication process and the querying process is proposed. Unlike the designs proposed in previous works, our framework benefits from a combination of three important techniques: k-anonymity, timed fuzzy logic, and a one-way hash function. Modifying and adapting these existing schemes provides us with a simpler, less complex, yet more mature solution. During authentication, the one-way hash function provides users with more privacy by using fingerprints of users' identities. To provide anonymous authentication, the concept of confidence level is adopted with timed fuzzy logic. Regarding location privacy, spatial k-anonymity prevents the users' locations from being tracked. The experiment results and analysis show that our framework can strengthen the protection of anonymity and privacy of users by incurring a minimal implementation cost and can improve functionality.

• Journal of Information Processing Systems
• /
• v.5 no.1
• /
• pp.19-24
• /
• 2009

Many researchers have developed frameworks that are capable of handling context information and can be adapted and used by any Web service. However, no research involving the systematic analysis of existing frameworks has yet been conducted. This paper examines the Context Framework, an example of existing frameworks, using a Petri net, and analyzes its advantages and disadvantages. Then, a Petri net model - with its disadvantages removed - is introduced, and a new framework is presented on the basis of that model. The proposed PAWS (Privacy Aware Web Services) framework has a expendability for context management and communicates flexible context information for every session. The proposed framework can solve overhead problems of context in SOAP messages. It also protects user privacy according to user preferences.

• Journal of Intelligence and Information Systems
• /
• v.15 no.2
• /
• pp.97-111
• /
• 2009

Context-aware computing, as a core of smart space development, has been widely regarded as useful in realizing individual service provision. However, most of context-aware services so fat are in its early stage to be dispatched for actual usage in the real world, caused mainly by user's privacy concerns. Moreover, since legacy context-aware services have focused on acquiring in an automatic manner the extra-personal context such as location, weather and objects near by, the services are very limited in terms of quality and variety if the service should identify intra-personal context such as attitudes and privacy concern, which are in fact very useful to select the relevant and timely services to a user. Hence, the purpose of this paper is to propose a novel methodology to infer the user's privacy concern as intra-personal context in an intelligent manner. The proposed methodology includes a variety of stimuli from outside the person and then performs model-based reasoning with social theory models from model base to predict the user's level of privacy concern semi-automatically. To show the feasibility of the proposed methodology, a survey has been performed to examine the performance of the proposed methodology.

• Asia pacific journal of information systems
• /
• v.18 no.1
• /
• pp.145-162
• /
• 2008

One of the big concerns in e-society is privacy issue. In special, in developing robust ubiquitous smart space and corresponding services, user profile and preference are collected by the service providers. Privacy issue would be more critical in context-aware services simply because most of the context data themselves are private information: user's current location, current schedule, friends nearby and even her/his health data. To realize the potential of ubiquitous smart space, the systems embedded in the space should corporate personal privacy preferences. When the users invoke a set of services, they are asked to allow the service providers or smart space to make use of personal information which is related to privacy concerns. For this reason, the users unhappily provide the personal information or even deny to get served. On the other side, service provider needs personal information as rich as possible with minimal personal information to discern royal and trustworthy customers and those who are not. It would be desirable to enlarge the allowable personal information complying with the service provider's request, whereas minimizing service provider's requiring personal information which is not allowed to be submitted and user's submitting information which is of no value to the service provider. In special, if any personal information required by the service provider is not allowed, service will not be provided to the user. P3P (Platform for Privacy Preferences) has been regarded as one of the promising alternatives to preserve the personal information in the course of electronic transactions. However, P3P mainly focuses on preserving the buyers' personal information. From time to time, the service provider's business data should be protected from the unintended usage from the buyers. Moreover, even though the user's privacy preference could depend on the context happened to the user, legacy P3P does not handle the contextual change of privacy preferences. Hence, the purpose of this paper is to propose a mutual P3P-based negotiation mechanism. To do so, service provider's privacy concern is considered as well as the users'. User's privacy policy on the service provider's information also should be informed to the service providers before the service begins. Second, privacy policy is contextually designed according to the user's current context because the nomadic user's privacy concern structure may be altered contextually. Hence, the methodology includes mutual privacy policy and personalization. Overall framework of the mechanism and new code of ethics is described in section 2. Pervasive platform for mutual P3P considers user type and context field, which involves current activity, location, social context, objects nearby and physical environments. Our mutual P3P includes the privacy preference not only for the buyers but also the sellers, that is, service providers. Negotiation methodology for mutual P3P is proposed in section 3. Based on the fact that privacy concern occurs when there are needs for information access and at the same time those for information hiding. Our mechanism was implemented based on an actual shopping mall to increase the feasibility of the idea proposed in this paper. A shopping service is assumed as a context-aware service, and data groups for the service are enumerated. The privacy policy for each data group is represented as APPEL format. To examine the performance of the example service, in section 4, simulation approach is adopted in this paper. For the simulation, five data elements are considered: $\cdot$ UserID $\cdot$ User preference $\cdot$ Phone number $\cdot$ Home address $\cdot$ Product information $\cdot$ Service profile. For the negotiation, reputation is selected as a strategic value. Then the following cases are compared: $\cdot$ Legacy P3P is considered $\cdot$ Mutual P3P is considered without strategic value $\cdot$ Mutual P3P is considered with strategic value. The simulation results show that mutual P3P outperforms legacy P3P. Moreover, we could conclude that when mutual P3P is considered with strategic value, performance was better than that of mutual P3P is considered without strategic value in terms of service safety.

• 한국HCI학회:학술대회논문집
• /
• 2006.02a
• /
• pp.970-975
• /
• 2006

There is a tradeoff between user's privacy and utility of context-aware services in ubiquitous computing environments. Many privacy models have been proposed to support the disclosure of personal information at different levels of detail, in ubiquitous computing environments. However, most of these models do not allow for explicit criteria to assess the benefit users are likely to reap by disclosing their personal information. In this paper, we propose an automated decision making mechanism that evaluates the "benefit of disclosure" for the users based on trust relationships between users and information requesters and manages the disclosure of user's personal information accordingly. Unlike other trust models, we do not regard the reputation of an information requester as sufficient to determine his/her trustworthiness. Instead, we represent trustworthiness as a function of information requester's reputation in the eyes of the user and his/her competence in a given context. To validate our mechanism, we apply it to context-aware healthcare application that monitors physiological condition of a user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.33-40
• /
• 2010

Recently, the spectrum scarcity is becoming a big issue because there are exponential growth of broadcasting and communication systems in the spectrum demand. Cognitive radio is a technology that is envisaged to solve the problems in wireless networks resulting from the limited available spectrum and the inefficiency in the spectrum usage by exploiting the existing wireless spectrum opportunistically. Kuroda et al. proposed a radio-independent authentication protocol for cognitive radio networks. This paper first shows the privacy weaknesses in the authentication protocol by Kuroda et al. and proposes a privacy aware authentication protocol to solve the weaknesses.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.213-225
• /
• 2019

Privacy paradox is a paradoxical behavior that provides personal information even though you are concerned about privacy. Social media users are also often concerned about their personal information exposure. It is even reluctant to describe personal information in profile. However, some users describe their personal information in detail on their profile, provide it freely when others request it, or post their own personal information. The survey was conducted using Google Docs centered on Facebook users. Structural equation model analysis was used for hypothesis testing. As an independent variable, we use personal information infringement experiences. As a mediator, we use privacy indifference, privacy concern, and the relationship with the act of providing personal information. Social media users have become increasingly aware of the fact that they can not distinguish between the real world and online world by strengthening their image and enhancing their image in the process of strengthening ties, sharing lots of information and enjoying themselves through various relationships. Therefore, despite the high degree of privacy indifference and high degree of privacy concern, the phenomenon of privacy paradox is also present in social media.

• Journal of Korean Library and Information Science Society
• /
• v.43 no.3
• /
• pp.353-384
• /
• 2012

This study was conducted on the observation that the filter bubble and privacy violation problems are related to the personalized services provided by libraries. This study discussed whether there is the possibility for invasion of privacy when libraries provide services utilizing state-of-the-art technology, such as location-based services, context aware services, RFID-based services, Cloud Services, and book recommendation services. In addition, this study discussed the following three aspects: whether or not users give up their right to privacy when they provide personal information for online services, whether or not there are discussions about users' privacy in domestic libraries, and what kind of risks the filter bubble problem can cause library users and what are possible solutions. This study represents early-stage research on library privacy in Korea, and can be used as basic data for privacy research.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6169-6187
• /
• 2017

With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.1-12
• /
• 2016

Today, with the popularity of smart phones and the proliferation of SNS, anyone is exposed to the risk of personal information leakage. Unlike the prior studies of privacy, this research aims to identify the privacy factors affecting the provision intention of individual information from the SNS Users. This study also analyses how the perceived privacy risks and corporate trust affect the provision intention of individual information. The analysis results of empirical data show that despite experiencing the privacy leakage such as direct hacking and being aware of the risk, people are providing firms with personal information. The most influential variables to perceived privacy risk are information privacy policy, information privacy concern, previous privacy experience and information privacy awareness in the decreasing order of importance. Those to the corporate trust are information privacy policy, information privacy awareness, previous privacy concern and information privacy experience. Besides, the corporate trust and the perceived privacy risk also affect the provision intention of personal information. Finally, this study proposes the implications for personal information privacy.