• Journal of Internet Computing and Services
• /
• v.21 no.3
• /
• pp.1-9
• /
• 2020

Along with the growth of Blockchain, DApp (Distributed Application) is getting attention. As interest in DApp grows, market size continues to grow and many developers participate in development. Many developers are using API(Application Programming Interface) services to mediate Blockchain nodes, such as Infura, for DApp development. However, when using such a service, there is a serious risk that the API service operator can violate the user's privacy by 1 to 1 matching the account address of the Transaction executed by the DApp user with the IP address of the DApp user. It can have an adverse effect on the reliability of public Blockchains that need to provide users with a secure DApp service environment. The proposed Blockchain platform is expected to provide user privacy protection from API services and provide a reliable DApp use environment that existing Blockchain platforms did not provide. It is also expected to help to activate DApp and increase the number of DApp users, which has not been activated due to the risk of an existing privacy breach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1205-1219
• /
• 2019

As the ability to use data becomes competitive power in the data-driven economy, the effort to create economic value by using personal data is emphasized as much as to protect personal data. EU's PSD2(the second Payment Service directive) became the initiative of the Open Banking trends all over the world, as it is the Mydata policy which protects the data subject's right by empowering the subject to control over the personal data with the right to data portability and promotes personal data usages and transfer. Korean government is now fast adopting EU's PSD2 in financial sector, but there is growing concerns in personal data abuse and misuse, and data breach. This study analyzes domestic financial Mydata policy in comparison with EU's PSD2 and focus on Personal information life-cycle risks of financial Mydata policy. Some suggestions on how to promote personal information and privacy in domestic financial Mydata Policy will be given.

• Convergence Security Journal
• /
• v.14 no.3_1
• /
• pp.11-19
• /
• 2014

As both medical and IT technologies advance, convergent medical technologies such as implantable medical devices are receiving a lot of attentions from the research and medical appliance market. On the other hand, such a new medical service is facing several new security threats including patient privacy breach since the service is based on the wireless communication. Especially, the new security threat could induce the patient's life threatening accident, so that more secure measures should be provided. In this paper, a variety of security threats associated with the implantable medical devices are pinpointed and a new security mechanism against such threats is proposed.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.27
• /
• pp.129-161
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• International Commerce and Information Review
• /
• v.7 no.3
• /
• pp.27-51
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.431-434
• /
• 2014

This paper shows the users' birthplace information can be inferred with only the public information in FaceBook SNS. Through experiments with various machine learning algorithms and various parameters, we have found that SVM algorithm with the location of the highschool, the current address, and the graduate year of highschool performs best for the inference, as this can infer 78% of users' birthplaces correctly. Since the birthplace information is used for various security purpose such as questions for getting the forgotten password and a part of korean residence registration number, this is a non-trival security breach and users need be cautious about it.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.3-10
• /
• 2018

Each online user should perform a separate registration and manage his ID and password for each online commerce or SNS service. Since a common secret is shared between the user and the SNS server, the server compromise induces the user privacy breach and financial loss. In this paper, it is considered that the user's authentication material is shared between multiple SNS servers for user authentication. A blockchain service architecture based on Hyperledger Fabric is proposed for each user to utilize an identical ID and OTP using the enhanced hash-chain-based OTP.

• Journal of KIISE:Databases
• /
• v.32 no.3
• /
• pp.243-253
• /
• 2005

Dissemination of XML data on the internet could breach the privacy of data providers unless access to the disseminated XML data is carefully controlled. Recently, the methods using encryption have been proposed for such access control. However, in these methods, the performance of processing queries has not been addressed. A query processor cannot identify the contents of encrypted XML data unless the data are decrypted. This limitation incurs overhead of decrypting the parts of the XML data that would not contribute to the query result. In this paper, we propose the notion of query-aware decryption for efficient processing of queries against encrypted XML data. Query-aware decryption allows us to decrypt only those parts that would contribute to the query result. For this purpose, we disseminate an encrypted XML index along with the encrypted XML data. This index, when decrypted, informs us where the query results are located in the encrypted XML data, thus preventing unnecessary decryption for other parts of the data. Since the size of this index is much smaller than that of the encrypted XML data, the cost of decrypting this index is negligible compared with that for unnecessary decryption of the data itself. The experimental results show that our method improves the performance of query processing by up to 6 times compared with those of existing methods. Finally, we formally prove that dissemination of the encrypted XML index does not compromise security.

• Journal of the Korea Convergence Society
• /
• v.8 no.9
• /
• pp.1-7
• /
• 2017

As the network environment develops and speeds up, a lot of smart devices is developed, and a high-speed smart society can be realized while allowing people to interact with objects. As the number of things Internet has surged, a wide range of new security risks and problems have emerged for devices, platforms and operating systems, communications, and connected systems. Due to the physical characteristics of IoT devices, they are smaller in size than conventional systems, and operate with low power, low cost, and relatively low specifications. Therefore, it is difficult to apply the existing security solution used in the existing system. In addition, IoT devices are connected to the network at all times, it is important to ensure that personal privacy exposure, such as eavesdropping, data tampering, privacy breach, information leakage, unauthorized access, Significant security issues can arise, including confidentiality and threats to facilities. In this paper, we investigate cases of security threats and cases of network of IoT, analyze vulnerabilities, and suggest ways to minimize property damage by Internet of things.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.223-232
• /
• 2012

Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.