• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6092-6115
• /
• 2017

This paper demonstrates a case for an end-to-end pure Application Security Layer for reliable and confidential communications within an Internet of Things (IoT) constrained environment. To provide a secure key exchange and to setup a secure data connection, Transport Layer Security (TLS) is used, which provides native protection against replay attacks. TLS along with digital signature can be used to achieve non-repudiation within app-to-app communications. This paper studies the use of TLS over the JavaScript Object Notation (JSON) via a The Constrained Application Protocol (CoAP) RESTful service to verify the hypothesis that in this way one can provide end-to-end communication flexibility and potentially retain identity information for repudiation. As a proof of concept, a prototype has been developed to simulate an IoT software client with the capability of hosting a CoAP RESTful service. The prototype studies data requests via a network client establishing a TLS over JSON session using a hosted CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages was intercepted and verified against simulated MITM attacks. The experimental results confirm that TLS over JSON works as hypothesised.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2004.05b
• /
• pp.717-720
• /
• 2004

Jini is a middle ware supposed in Sun Microsystems. The goal of lil is the establishment of dynamic distributed system, which can share information and control of other Jini technology-enabled services or devices in the same Jini system. Jini is one of the best middleware together UPnP and HAVi. Hone network security, soch as privacy protection, crime prevention, and etc, is very important. So Jini 2.0 adds security mechanism in 11. 2003. This paper describes the analysis of Jini 2.0 security mechanism, and home network security.

• Journal of Korea Multimedia Society
• /
• v.17 no.10
• /
• pp.1182-1188
• /
• 2014

Recently, the research on database outsourcing has been actively done with the popularity of cloud computing. However, because users' data may contain sensitive personal information, such as health, financial and location information, the data encryption methods have attracted much interest. Existing data encryption schemes process a query without decrypting the encrypted databases in order to support user privacy protection. On the other hand, to efficiently handle the large amount of data in cloud computing, it is necessary to study the distributed index structure. However, existing index structure and query processing algorithms have a limitation that they only consider single-column query processing. In this paper, we propose a grid-based multi column indexing scheme and an encrypted query processing algorithm. In order to support multi-column query processing, the multi-dimensional index keys are generated by using a space decomposition method, i.e. grid index. To support encrypted query processing over encrypted data, we adopt the Hilbert curve when generating a index key. Finally, we prove that the proposed scheme is more efficient than existing scheme for processing the exact and range query.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.812-815
• /
• 2011

통신기술이 발달하면서 차량 통신에 대한 연구가 활발히 진행되고 있다. 주 연구 분야로 라우팅 및 위치정보 기반의 주소 설정과 통신, 보안 문제 해결 등이 있다. 차량은 지극히 개인적인 공간이므로 운전자의 위치 및 식별정보에 대한 보호가 필요하다. 이러한 연구는 운전자 프라이버시 보호 측면에서 보안기능과는 별도로 연구가 진행되고 있다. 기존의 프라이버시 보호 기술들은 각 계층별 프라이버시 보호는 만족하고 있지만, 계층별 정보들의 연결을 통해 프라이버시를 공격하는 연관 공격(Relation Attack)에 대하여서는 취약함을 보이고 있다. 따라서 본 논문에서는 MAC Security 기술을 이용하여 운전자의 프라이버시를 보호하는 기법을 제안하려 한다. 제안하는 기법은 네트워크 접속 계층 주소를 제외한 나머지 정보를 암호화 하기 때문에 물리 주소로 인한 프라이버시가 침해가 발생 하더라도 다른 계층의 정보를 알 수 없으므로 네트워크 계층의 위치 정보 및 응용계층의 사용자의 식별 정보 등을 보호 함으로 상관 공격에 안전하다. 물리 주소 역시 해당 도메인에서 유일한 식별 정보 이므로 멀티 도메인 통신이 이루어 지는 인터넷 상에서는 운전자의 프라이버시를 보호 할 수 있다.

• Asia pacific journal of information systems
• /
• v.21 no.3
• /
• pp.71-96
• /
• 2011

Within the traditional medical delivery system, patients residing in medically vulnerable areas, those with body movement difficulties, and nursing facility residents have had limited access to good healthcare services. However, Information and Communication Technology (ICT) provides us with a convenient and useful means of overcoming distance and time constraints. ICT is integrated with biomedical science and technology in a way that offers a new high-quality medical service. As a result, rapid technological advancement is expected to play a pivotal role bringing about innovation in a wide range of medical service areas, such as medical management, testing, diagnosis, and treatment; offering new and improved healthcare services; and effecting dramatic changes in current medical services. The increase in aging population and chronic diseases has caused an increase in medical expenses. In response to the increasing demand for efficient healthcare services, a telehealth service based on ICT is being emphasized on a global level. Telehealth services have been implemented especially in pilot projects and system development and technological research. With the service about to be implemented in earnest, it is necessary to study its overall acceptance by consumers, which is expected to contribute to the development and activation of a variety of services. In this sense, the study aims at positively examining the structural relationship among the acceptance factors for telehealth services based on the Technology Acceptance Model (TAM). Data were collected by showing audiovisual material on telehealth services to online panels and requesting them to respond to a structured questionnaire sheet, which is known as the information acceleration method. Among the 1,165 adult respondents, 608 valid samples were finally chosen, while the remaining were excluded because of incomplete answers or allotted time overrun. In order to test the reliability and validity of the assessment scale items, we carried out reliability and factor analyses, and in order to explore the causal relation among potential variables, we conducted a structural equation modeling analysis using AMOS 7.0 and SPSS 17.0. The research outcomes are as follows. First, service quality, innovativeness of medical technology, and social influence were shown to affect perceived ease of use and perceived usefulness of the telehealth service, which was statistically significant, and the two factors had a positive impact on willingness to accept the telehealth service. In addition, social influence had a direct, significant effect on intention to use, which is paralleled by the TAM used in previous research on technology acceptance. This shows that the research model proposed in the study effectively explains the acceptance of the telehealth service. Second, the research model reveals that information privacy concerns had a insignificant impact on perceived ease of use of the telehealth service. From this, it can be gathered that the concerns over information protection and security are reduced further due to advancements in information technology compared to the initial period in the information technology industry, and thus the improvement in quality of medical services appeared to ensure that information privacy concerns did not act as a prohibiting factor in the acceptance of the telehealth service. Thus, if other factors have an enormous impact on ease of use and usefulness, concerns over these results in the initial period of technology acceptance may become irrelevant. However, it is clear that users' information privacy concerns, as other studies have revealed, is a major factor affecting technology acceptance. Thus, caution must be exercised while interpreting the result, and further study is required on the issue. Numerous information technologies with outstanding performance and innovativeness often attract few consumers. A revised bill for those urgently in need of telehealth services is about to be approved in the national assembly. As telemedicine is implemented between doctors and patients, a wide range of systems that will improve the quality of healthcare services will be designed. In this sense, the study on the consumer acceptance of telehealth services is meaningful and offers strong academic evidence. Based on the implications, it can be expected to contribute to the activation of telehealth services. Further study is needed to assess the acceptance factors for telehealth services, such as motivation to remain healthy, health care involvement, knowledge on health, and control of health-related behavior, in order to develop unique services according to the categorization of customers based on health factors. In addition, further study may focus on various theoretical cognitive behavior models other than the TAM, such as the health belief model.

• Korean journal of communication and information
• /
• v.38
• /
• pp.211-244
• /
• 2007

Article 17 and 18 of the Korean Constitution respectively prescribe the violation of individual's right to privacy and the secrecy of wire communication. Meanwhile, Article 20 of the Criminal Code provides that an act which is conducted within the ambit of laws or pursuant to accepted business practices or which does not violate the social norms shall not be punishable. In 1999, the Constitutional Court held that media reports on public matters of public figures must be given strong constitutional protection, and treated differently from reports on private matters of private figures. In accordance with the decision, the Supreme Court has expanded the scope of constitutional guarantee of freedom of expression since 2002. This study analyzes the issue of media liability for publication of illegally intercepted wire communication by a third person. Particularly, it reviews Seoul High Court's ruling on 'X-file scandal' which disclosed intercepted wire communications between notable public figures regarding a slush fund for a presidential candidate. In the light of this analysis, the study concludes that the media reporting of the intercepted communication does not violate social norms of Article 20, and therefore it is entitled to a constitutional privilege.

• Korean journal of communication and information
• /
• v.25
• /
• pp.103-133
• /
• 2004

Korean citizens enjoy not only the freedom of communication but also the secrecy of electronic communication. Article 18 of the Constitution of the Republic of Korea prescribes that the secrecy of correspondence should not be infringed. Namely, all citizens enjoy guaranteed privacy of correspondence. But many people have been experiencing the infringement of those rights. The purpose of this paper is to evaluate whether Paragraph 2, Article 13 of the Act on Protection of the Secrecy of Correspondence infringes on the constitutional rights of privacy of electronic communication. The results of this study indicate that the law violates the Constitution. Paragraph 3, Article 12 (Personal Liberty, Personal Integrity) of the constitution stipulates that "Warrants issued by a judge through due process (upon the request of a prosecutor) have to be presented in case of arrest, detention, seizure, or search." However, prosecutors, the police, and National Intelligence Service have made numerous inquiries calling for the journalists' telephone records without warrants issued by a judge. So, this study suggests that the paragraph should be amended to be compatible with the Constitution. Meanwhile, journalists should make a more concerted effort to protect their news sources in exercising constitutionally protected freedom of the press.

• The Korean Society of Law and Medicine
• /
• v.21 no.3
• /
• pp.145-178
• /
• 2020

This paper examines discussions surrounding cognitive liberty, neuro-privacy, and mental integrity from the perspective of Neuro-rights. The right to control one's neurological data entails self-determination of collection and usage of one's data, and the right to object to any way such data may be employed to negatively impact oneself. As innovations in neurotechnologies bear benefits and downsides, a novel concept of the neuro-rights has been suggested to protect individual liberty and rights. In Oct. 2020, the Chilean Senate presented the 'Proyecto de ley sobre neuroderechos' to promote the recognition and protection of neuro-rights. This new bill defines all data obtained from the brain as neuronal data and outlaws the commerce of this data. Neurotechnology, especially when paired with big data and artificial intelligence, has the potential to turn one's neurological state into data. The possibility of inferring one's intent, preferences, personality, memory, emotions, and so on, poses harm to individual liberty and rights. However, the collection and use of neural data may outpace legislative innovation in the near future. Legal protection of neural data and the rights of its subject must be established in a comprehensive way, to adapt to the evolving data economy and technical environment.

• Knowledge Management Research
• /
• v.25 no.1
• /
• pp.1-19
• /
• 2024

This study analyzed the changes in social media reactions of data subjects to major personal data breach incidents in South Korea from January 2014 to October 2022. We collected a total of 1,317 posts written on Naver Blogs within a week immediately following each incident. Applying the LDA topic modeling technique to these posts, five main topics were identified: personal data breaches, hacking, information technology, etc. Analyzing the temporal changes in topic distribution, we found that immediately after a data breach incident, the proportion of topics directly mentioning the incident was the highest. However, as time passed, the proportion of mentions related indirectly to the personal data breach increased. This suggests that the attention of data subjects shifts from the specific incident to related topics over time, and interest in personal data protection also decreases. The findings of this study imply a future need for research on the changes in privacy awareness of data subjects following personal data breach incidents.