• JSTS:Journal of Semiconductor Technology and Science
• /
• v.16 no.4
• /
• pp.470-480
• /
• 2016

The reversal of a silicon chip to find out its security structure is common and possible at the present time. Thanks to reversing, it is possible to use a probing attack to obtain useful information such as personal information or a cryptographic key. For this reason, security-related blocks such as DES (Data Encryption Standard), AES (Advanced Encryption Standard), and RSA (Rivest Shamir Adleman) engines should be located in the lower layer of the chip to guard against a probing attack; in this regard, the addition of a silicon-surface-protection layer onto the chip surface is a crucial protective measure. But, for manufacturers, the implementation of an additional silicon layer is burdensome, because the addition of just one layer to a chip significantly increases the overall production cost; furthermore, the chip size is increased due to the bulk of the secure logic part and routing area of the silicon protection layer. To resolve this issue, this paper proposes a practical silicon-surface-protection method using a metal layer that increases the security level of the chip while minimizing its size and cost. The proposed method uses a shift register for the alternation and variation of the metal-layer data, and the inter-connection area is removed to minimize the size and cost of the chip in a more extensive manner than related methods.

• Informatization Policy
• /
• v.27 no.3
• /
• pp.82-111
• /
• 2020

Recently, increasing use of big data have caused regulation factors of personal information and combination of pseudonymized information to emerge as key policy measures. Therefore, this study empirically analyzed the mediating effect and moderating effect of pseudonymized information combination as the third variable in the relationship between regulation factors of personal information and big data utilization. The analysis showed the following results: First, among personal information regulation factors, definition regulation, consent regulation, supervisory authority regulation, and punishment intensity regulation showed a positive(+) relationship with the big data utilization, while among pseudonymized information combination factors, non-identification of combination, standardization of combined pseudonymized information, and responsibility of combination were also found to be in a positive relationship with the use of big data. Second, among the factors of pseudonymized information combination, non-identification of combination, standardization of combined pseudonymized information, and responsibility of combination showed a positive(+) mediating effect in relation to regulation factors of personal information and big data utilization. Third, in the relationship between personal information regulation factors and big data utilization, the moderating effect hypothesis that each combination institution type of pseudonymized information (free-type, intermediary-type, and designated-type) would play a different role as a moderator was rejected. Based on the results of the empirical research, policy alternatives of 'Good Regulation' were proposed, which would maintain balance between protection of personal information and big data utilization.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.109-115
• /
• 2016

Life log started with the simple purpose of recording or sharing mainly data regarding one's personal life, but with the introduction of advanced specialized analytic methods by many corporations, a new type of business based on the life log recently emerged, with an aim of improving the quality of people's personal lives. In spite of the indispensable advantages, however, personal health lifelog service brings critical challenges that cannot be avoided from user side if the security of the data is concerned. The problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the revitalization of personal health lifelog services. In this paper, we propose an information security reference model for the personal health lifelog services. Our proposal can contribute to increase the related industry to cultivate new market by suggesting the clear announcement of the guidelines using privacy protection reference model for user-specific healthcare services which uses personal lifelog.

• Journal of Information Technology Applications and Management
• /
• v.19 no.3
• /
• pp.31-47
• /
• 2012

As the dependence on information is increasing, the protection of personal information (PI) becomes a critical issue for the organizations, causing not only financial loss but also negative impacts on corporate images and reputations. To date, academic research in this area is scarce. This study analyzes the factors affecting the establishment and/or implementation of Personal Information Management System (PIMS) and provides direction for the practice. In this study, we assume that PIMS is one of the new technology adopted by organizations, and Unified Theory of Acceptance and Use of Technology (UTAUT) model is selected as a base model for the study. Using structural equation modeling technique, both measurement and structural models are validated, and hypotheses are tested. Major findings of the study include (1) the major driver of the organizations attempting to adopt PIMS seems to be the improvement of the business outcomes, (2) organizational capability and resource are important in the establishment of PIMS, and (3) the perceived difficulty of the establishment of PIMS is not affecting the intention to adopt PIMS. Since the importance of personal information security is high, establishment of PIMS is becoming one of the critical issues in the organizations. The establishment of PIMS should be encouraged to strengthen the competitiveness of businesses and to enhance the security level of the entire nation. It is expected that this study may contribute to developing plans and policies for establishment of PIMS in practice, and to providing a foundation for further research in this area.

• Asia pacific journal of information systems
• /
• v.24 no.3
• /
• pp.299-323
• /
• 2014

The reason location based service is drawing attention recently is because smart phones are being supplied increasingly. Smart phone, basically equipped with GPS that can identify location information, has the advantage that it can provide contents and services suitable for the user by identifying user location accurately. Offering such diverse advantages, location based services are increasingly used. In addition, for use of location based services, release of user's personal information and location data is essentially required. Regarding personal information and location data, in addition to IT companies, general companies also are conducting various profitable businesses and sales activities based on personal information, and in particular, personal location data, comprehending high value of use among personal information, are drawing high attentions. Increase in demand of personal information is raising the risk of personal information infringement, and infringements of personal location data also are increasing in frequency and degree. Therefore, infringements of personal information should be minimized through user's action and efforts to reinforce security along with Act on the Protection of Personal Information and Act on the Protection of Location Information. This study aimed to improve the importance of personal information privacy by empirically analyzing the effect of perceived values on the intention to strengthen location information security and continuously use location information for users who received location-based services (LBS) in mobile environments with the privacy calculation model of benefits and risks as a theoretical background. This study regarded situation-based provision, the benefit which users perceived while using location-based services, and the risk related to personal location information, a risk which occurs while using services, as independent variables and investigated the perceived values of the two variables. It also examined whether there were efforts to reduce risks related to personal location information according to the values of location- based services, which consumers perceived through the intention to strengthen security. Furthermore, it presented a study model which intended to investigate the effect of perceived values and intention of strengthening security on the continuous use of location-based services. A survey was conducted for three hundred ten users who had received location-based services via their smartphones to verify study hypotheses. Three hundred four questionnaires except problematic ones were collected. The hypotheses were verified, using a statistical method and a logical basis was presented. An empirical analysis was made on the data collected through the survey with SPSS 12.0 and SmartPLS 2.0 to verify respondents' demographic characteristics, an exploratory factor analysis and the appropriateness of the study model. As a result, it was shown that the users who had received location-based services were significantly influenced by the perceived value of their benefits, but risk related to location information did not have an effect on consumers' perceived values. Even though users perceived the risk related to personal location information while using services, it was viewed that users' perceived value had nothing to do with the use of location-based services. However, it was shown that users significantly responded to the intention of strengthening security in relation to location information risks and tended to use services continuously, strengthening positive efforts for security when their perceived values were high.

• Journal of Convergence for Information Technology
• /
• v.12 no.5
• /
• pp.1-14
• /
• 2022

This study tried to suggest crisis management compliance to prevent personal information infringement accidents that may occur in the process because the data including personal information is being processed in the artificial intelligence (AI) service process. To this end, first, the AI service provision process is divided into 3 processes such as service planning/data design and collection process, data pre-processing and purification process, and algorithm development and utilization process. And 3 processes are subdivided into 9 stages following to personal information processing stages to infringe personal information. All processes were investigated with literature and experts' Delphi. Second, the investigated personal information infringement factors were selected through FGI, Delphi, etc. for experts. Third, a survey was conducted with experts on the severity and possibility of each personal information infringement factor, and the validity and adequacy of the 94 responses were verified. Fourth, to present appropriate risk management compliance for personal information infringement factors in AI services, a method for calculating the risk level of personal information infringement is prepared by utilizing the asset value of personal information, personal information infringement factors, and the possibility of infringement accidents. Through this, the countermeasures for personal information infringement incidents were suggested according to the scored risk level.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.4
• /
• pp.103-110
• /
• 2013

In Information Technology era, various amazing IT technologies, for example Big Data, are appearing and are available as the amount of information increase. The number of counselling for violation of personal data protection is also increasing every year that it amounts to over 160,000 in 2012. According to Korean Privacy Act, in the case of treating unique personal identification information, appropriate measures like encipherment should be taken. The technologies of encipherment are the most basic countermeasures for personal data invasion and the base elements in information technology. So various cryptography algorithms exist and are used for encipherment technology. Therefore studies on safer new cryptography algorithms are executed. Cryptography algorithms started from classical replacement enciphering and developed to computationally secure code to increase complexity. Nowadays, various mathematic theories such as 'factorization into prime factor', 'extracting square root', 'discrete lognormal distribution', 'elliptical interaction curve' are adapted to cryptography algorithms. RSA public key cryptography algorithm which was based on 'factorization into prime factor' is the most representative one. This paper suggests algorithm utilizing telescoping series as a safer cryptography algorithm which can maximize the complexity. Telescoping series is a type of infinite series which can generate various types of function for given value-the plain text. Among these generated functions, one can be selected as a original equation. Some part of this equation can be defined as a key. And then the original equation can be transformed into final equation by improving the complexity of original equation through the command of "FullSimplify" of "Mathematica" software.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.81-88
• /
• 2023

In the present scenario, enormous amounts of data are produced every second. These data also contain private information from sources including media platforms, the banking sector, finance, healthcare, and criminal histories. Data mining is a method for looking through and analyzing massive volumes of data to find usable information. Preserving personal data during data mining has become difficult, thus privacy-preserving data mining (PPDM) is used to do so. Data perturbation is one of the several tactics used by the PPDM data privacy protection mechanism. In Perturbation, datasets are perturbed in order to preserve personal information. Both data accuracy and data privacy are addressed by it. This paper will explore and compare several perturbation strategies that may be used to protect data privacy. For this experiment, two perturbation techniques based on random projection and principal component analysis were used. These techniques include Improved Random Projection Perturbation (IRPP) and Enhanced Principal Component Analysis based Technique (EPCAT). The Naive Bayes classification algorithm is used for data mining approaches. These methods are employed to assess the precision, run time, and accuracy of the experimental results. The best perturbation method in the Nave-Bayes classification is determined to be a random projection-based technique (IRPP) for both the cardiovascular and hypothyroid datasets.

• The Journal of Bigdata
• /
• v.7 no.2
• /
• pp.75-90
• /
• 2022

Recently, complex and sophisticated analysis of transportation is required due to changes in the socioeconomic environment and the development of bigdata technology. Especially, the revision of 3 laws including PERSONAL INFORMATION PROTECTION ACT makes it possible to combine various types of mobility data. But strengthen personal information protection makes inefficiency in utilizing mobility bigdata. In this paper, we proposed the "Virtual fusion methdology via mobility bigdata" which is a methodology for indirect data fusion for various mobility bigdata such as mobile data and transportation card data, in order to resolve legal restrictions and enable various transportation analysis. And we also analyzed regional bus passenger in Seoul capital area and Cheongju city with aforementioned methodology for verification. This methdology could analyze behavioral pattern of passenger with the MCGM(Mobility Comprehensive Genetic Map), graph with position and time, making with mobile data. Consquently, using MCGM, which is a result for indirect data fusion, makes it possible to analyze various transportation problems.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.3
• /
• pp.23-28
• /
• 2016

As a large portal sites are beginning to replace the function of the mass media, new risks began to raise. It remained without being deleted that data written to the internet was a serious privacy problem occurs. The sensitive information was inferred based on the personal data recorded in the past and also another personal information leakage itself. Witch-hunt through the personally identifiable rob has emerged as a serious social problem and damage to the parties not be able to live a normal life. In this paper, we propose the study on the need for a 'right to be forgotten' to delete the personal information relating to on-line through international case studies and activation measures. At the same time, we proposed improvement measures, such as encryption management, ownership inheritance, and blind treatment.