• 한국컴퓨터정보학회논문지
• /
• 제28권9호
• /
• pp.81-92
• /
• 2023

프라이버시 모델이란 프라이버시 공격을 통한 개인정보의 유출 가능성과 위험 정도를 정량적으로 제한하는 기법이다. 대표적인 모델로 k-익명성, l-다양성, t-근접성, 차분 프라이버시 등이 있다. 지금까지 많은 프라이버시 모델들이 연구되어 왔지만, 주어진 데이터에 대해 가장 적합한 모델을 선택하는 문제에 대한 연구는 미흡하다. 본 연구에서는 개인정보 유출 문제를 막기 위한 최적의 프라이버시 모델 추천 시스템을 개발한다. 본 논문에서는 프라이버시 모델 선택 시 고려해야 할 데이터 특성(예: 데이터 타입, 분포, 빈도, 범위 등)을 분석하고 데이터 특성과 모델 간의 연관관계정보를 포함하는 프라이버시 모델 배경지식에 기반한 최적 모델을 추천한다. 마지막으로 타당성과 유용성을 검증하기 위해 추천 프로토타입 시스템을 구현하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권3호
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.1020-1042
• /
• 2019

Reversible data hiding in encrypted images (RDHEI) provides some real-time cloud applications; i.e. the cloud, acting as a data-hider, automatically embeds timestamp in the encrypted image uploaded by a content owner. Many existing methods of RDHEI only satisfy user privacy in which the data-hider does not know the original image, but leaks owner privacy in which the receiver can obtains the original image by decryption and extraction. In the literature, the method of Zhang et al. is the one providing weak content-owner privacy in which the content-owner and data-hider have to share a data-hiding key. In this paper, we take care of the stronger notion, called strong content-owner privacy, and achieve it by presenting a new reversible data hiding in encrypted images. In the proposed method, image decryption and message extraction are separately controlled by different types of keys, and thus such functionalities are decoupled to solve the privacy problem. At the technique level, the original image is segmented along a Hilbert filling curve. To keep image privacy, segments are transformed into an encrypted image by using random permutation. The encrypted image does not reveal significant information about the original one. Data embedment can be realized by using pixel histogram-style hiding, since this property, can be preserved before or after encryption. The proposed method is a modular method to compile some specific reversible data hiding to those in encrypted image with content owner privacy. Finally, our experimental results show that the image quality is 50.85dB when the averaged payload is 0.12bpp.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권8호
• /
• pp.3852-3864
• /
• 2016

Patients' health data is very sensitive and the access to individual's health data should be strictly restricted. However, many data consumers may need to use the aggregated health data. For example, the insurance companies needs to use this data to setup the premium level for health insurances. Therefore, privacy-preserving data aggregation solutions for health data have both theoretical importance and application potentials. In this paper, we propose a privacy-preserving health data aggregation scheme using differential privacy. In our scheme, patients' health data are aggregated by the local healthcare center before it is used by data comsumers, and this prevents individual's data from being leaked. Moreover, compared with the existing schemes in the literature, our work enjoys two additional benefits: 1) it not only resists many well known attacks in the open wireless networks, but also achieves the resilience against the human-factor-aware differential aggregation attack; 2) no trusted third party is employed in our proposed scheme, hence it achieves the robustness property and it does not suffer the single point failure problem.

• 정보보호학회논문지
• /
• 제30권3호
• /
• pp.503-512
• /
• 2020

데이터 3법으로 인해 개인정보를 가명처리 후 데이터를 공개할 수 있게 되었다. 이렇게 익명화된 데이터는 연구 및 서비스 분야 등에서 유용하게 활용될 전망이나, 익명화된 데이터로부터 정보의 주체를 재식별하는 등 프라이버시 침해에 대한 우려가 크다. 본 논문에서는 공공 데이터에서 개인을 식별해내는 것이 크게 어렵지 않음을 보이고, 또한 공개된 데이터의 신뢰성에 의문을 제기한다. 사용자들이 데이터 공개와 프라이버시 보호 사이의 상충관계를 잘 이해하여 데이터 3법 시대에 데이터를 안전하게 활용할 수 있는 방안에 대해 제언한다.

• International Journal of Computer Science & Network Security
• /
• 제21권7호
• /
• pp.43-55
• /
• 2021

The amount of Big Data generated from multiple sources is continuously increasing. Traditional storage methods lack the capacity for such massive amounts of data. Consequently, most organizations have shifted to the use of cloud storage as an alternative option to store Big Data. Despite the significant developments in cloud storage, it still faces many challenges, such as privacy and security concerns. This paper discusses Big Data, its challenges, and different classifications of security and privacy challenges. Furthermore, it proposes a new classification of Big Data security and privacy challenges and offers some perspectives to provide solutions to these challenges.

• 한국전자거래학회지
• /
• 제23권4호
• /
• pp.1-17
• /
• 2018

최근 대다수 온라인 기업들이 고객의 개인정보에 기반한 맞춤형 서비스를 제공하기 위해 노력하고 있다. 하지만 고객들은 정보 유출에 대한 우려로 개인정보 제공을 꺼리고 있는 것이 현실이다. 이에 따라 기업들은 개인정보보호 인증마크 획득, 개인정보유출 배상책임보험 가입을 통해 고객들에게 개인정보보호를 보장함으로써 신뢰를 높이고자 한다. 이에 본 연구에서는 이러한 기업의 개인정보보호 활동이 소비자 행위에 어떠한 영향을 주는지 알아보고자 한다. 가상의 시나리오를 바탕으로 한 실험 연구 결과, 기업의 개인정보보호 인증마크 획득 혹은 개인정보유출 배상책임보험 가입이 프라이버시 신뢰를 높여주는 것으로 나타났다. 그리고 개인정보보호 인증마크의 경우, 프라이버시 신뢰를 매개로 개인정보 제공의도에 긍정적인 영향을 미치는 것으로 밝혀졌다. 마지막으로 신뢰 성향이 높은(낮은) 집단의 경우에는 개인정보보호 인증마크(개인정보유출 배상책임보험)를 통해 보다 높은 신뢰가 형성되는 것으로 나타났다. 본 연구결과는 개인정보보호 인증마크와 개인정보유출 배상책임보험의 필요성을 입증함으로써 기업 경영진의 정보보호 투자 관련 의사결정에 도움을 줄 수 있을 것으로 기대한다.

• ETRI Journal
• /
• 제43권5호
• /
• pp.812-824
• /
• 2021

Recently, with an increase in Internet usage, users of online social networks (OSNs) have increased. Consequently, privacy leakage has become more serious. However, few studies have investigated the difference between privacy and actual behaviors. In particular, users' desire to change their privacy status is not supported by their privacy literacy. Presenting an accurate measurement of users' privacy status can cultivate the privacy literacy of users. However, the highly interactive nature of interpersonal communication on OSNs has promoted privacy to be viewed as a communal issue. As a large number of redundant users on social networks are unrelated to the user's privacy, existing algorithms are no longer applicable. To solve this problem, we propose a structural similarity measurement method suitable for the characteristics of social networks. The proposed method excludes redundant users and combines the attribute information to measure the privacy status of users. Using this approach, users can intuitively recognize their privacy status on OSNs. Experiments using real data show that our method can effectively and accurately help users improve their privacy disclosures.

• 정보보호학회논문지
• /
• 제23권1호
• /
• pp.33-43
• /
• 2013

정보의 양이 많아짐에 따라 많은 양의 정보를 효과적으로 관리, 운용할 수 있는 데이터 마이닝 기법의 연구가 활발해졌다. 다양한 데이터 마이닝 기법들이 연구되었는데 그 중에는 프라이버시를 보호할 수 있는 프라이버시 보호 데이터 마이닝(Privacy Preserving Data Mining) 연구도 진행됐다. 프라이버시 보호 데이터 마이닝은 크게 연관규칙, 군집화, 분류 등의 알고리즘이 존재한다. 그 중 연관규칙 알고리즘은 데이터간의 연관규칙을 찾아내는 알고리즘으로 주로 마케팅에 주로 사용된다. 본 논문에서는 Shamir의 비밀 분배 기법을 이용하여 다자간 프라이버시 보호 데이터 마이닝 환경에서 단일 비트가 아닌 멀티 비트 정보를 공유할 수 있는 내적연산 기법을 제안한다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제26권2호
• /
• pp.43-62
• /
• 2017

Purpose This study provided empirical support for the model that explain the formation of privacy concerns in the perspective of Information Boundary Theory. This study investigated an integrated model suggesting that privacy concerns are formed by the individual's disposition to value privacy, privacy awareness, awareness of privacy policy, and government legislation. The Information Boundary Theory suggests that the boundaries of information space dependends on the individual's personal characteristics and environmental factors of e-commerce. When receiving a request for personal information from e-commerce websites, an individual assesses the risk depending on the risk-control assessment, the perception of intrusion give rise to privacy concerns. Design/methodology/approach This study empirically tested the hypotheses with the data collected in a survey that included the items measuring the constructs in the model. The survey was aimed at university students. and a causal modeling statistical technique(PLS) is used for data analysis in this research. Findings The results of the survey indicated significant relationships among environmental factors of e-commerce websites, individual's personal privacy characteristics and privacy concerns. Both individual's awareness of institutional privacy assurance on e-commerce and the privacy characteristics affect the risk-control assessment towards information disclosure, which becomes an essential components of privacy concerns.