• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권11호
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of Internet Technology
• /
• 제22권6호
• /
• pp.1287-1297
• /
• 2021

Data aggregation is the significant process in which the information is gathered and combines data to decrease the amount of data transmission in the WSN. The sensor devices are susceptible to node attacks and security issues such as data confidentiality and data privacy are extremely important. A novel technique called Ruzicka Index Regressive Homomorphic Ephemeral Key Benaloh Cryptography (RIRHEKBC) technique is introduced for enhancing the security of data aggregation and data privacy in WSN. By applying the Ruzicka Index Regressive Homomorphic Ephemeral Key Benaloh Cryptography, Ephemeral private and public keys are generated for each sensor node in the network. After the key generation, the sender node performs the encryption using the receiver public key and sends it to the data aggregator. After receiving the encrypted data, the receiver node uses the private key for decrypting the ciphertext. The key matching is performed during the data decryption using Ruzicka Indexive regression function. Once the key is matched, then the receiver collects the original data with higher security. The simulation result proves that the proposed RIRHEKBC technique increases the security of data aggregation and minimizes the packet drop, and delay than the state-of-the- art methods.

• 한국전자거래학회지
• /
• 제4권3호
• /
• pp.159-178
• /
• 1999

As Electronic Commerce is getting larger, the volume of Internet-based commerce by enterprise is also getting larger. This phenomenon applies to Internet EDI, Global Internet Business, and CALS information services. In this paper, a new type of cryptographic key recovery mechanism satisfying requirements of business environment is proposed. It is also applied to enterprise information infrastructure for managing employees' task related to handling official properties of electronic enterprise documents exchange. This technology needs to be complied to information management policy of a certain enterprise environment because behavior of cryptographic key recovery can cause interruption of the employees' privacy. However, the cryptographic key recovery mechanism is able to applied to any kind of information service, the application areas of key recovery technology must be seriously considered as not disturbing user's privacy It will depend on the policy of enterprise information management of a specific company.

• 지식경영연구
• /
• 제13권4호
• /
• pp.83-100
• /
• 2012

Given the prevalence of mobile social network services (SNS) such as Facebook and Kakaotalk, it has become important to understand user's continuance behavior in a mobile SNS environment. Although trust and privacy concerns play a key role in SNS users' decision-making processes, most studies on SNS have shed little light on the effects of trust and privacy concerns on SNS continuance intention. In this regard, this paper developed an integrated model to deeply understand the key antecedents of user's continuance intention to use mobile SNS by incorporating trust and privacy concerns into extended expectation-confirmation model. The proposed research model was tested by using survey data collected from 170 users who have experience with Kakaotalk. The findings of this study found that the proposed theoretical framework provides a statistically significant explanation of the variance in continuance intention of mobile SNS. The analysis results indicate that trust serves as the salient antecedent of continuance intention to use mobile SNS. However, it was found that privacy concerns negatively influence trust, whereas it is not significantly related to continuance intention of mobile SNS. The theoretical and practical implications of the findings were described.

• 디지털산업정보학회논문지
• /
• 제12권1호
• /
• pp.35-41
• /
• 2016

Internet of Things (IoT) services are widely used in appliances of daily life and industries. IoT services also provide various conveniences to users and are expected to affect value added of all industries and national competitiveness. However, a variety of security threats are increased in IoT environments and lowers reliability of IoT devices and services that make some obstacles for commercialization. The attacks arising in IoT environments are making industrial and normal life accidents unlike existing information leak and monetary damages, and can expand damage scale of leakage of personal information and privacy more than existing them. To solve these problems, we design a session key based access control scheme for secure communications in IoT environments. The proposed scheme reinforces message security by generating session key between device and access control network system. We analyzed the stability of the proposed access scheme in terms of data forgery and corruption, unauthorized access, information disclosure, privacy violations, and denial of service attacks. And we also evaluated the proposed scheme in terms of permission settings, privacy indemnity, data confidentiality and integrity, authentication, and access control.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• 정보보호학회논문지
• /
• 제19권5호
• /
• pp.35-44
• /
• 2009

민감한 개인정보를 보호하기 위해 데이터를 암호화하는 것은 필수적이다. 하지만 복호화 과정 없이 암호화된 데이터를 검색하기 위해서는 암호화된 데이터에서 검색이 가능한 효율적인 기법이 필요하다. 지금까지 수많은 검색 가능한 암호화 기법이 제안되었지만, 아직까지 이러한 기법들은 암호화된 데이터를 공유하기 위해 접근 권한을 갖고 있는 동적인 사용자(dynamic user)에 대해서 적합하지 않다. 기존의 검색 가능한 암호화 기법들에서는 특정 사용자(대칭키 환경에서의 데이터 제공자, 공개키 환경에서 데이터를 암호화한 공개키에 대응되는 비밀키를 갖고 있는 사용자)에 대해서만 암호화된 데이터에 접근이 가능하였다. 이러한 문제를 해결하기 위해 Stephen S. Yau 등은 데이터 공급자의 접근 정책에 따라서 사용자의 검색 능력을 제어할 수 있는 기법을 처음으로 제안하였다. 그러나 이 기법은 데이터 검색자의 프라이버시가 노출되는 문제점을 가진다. 따라서 본 논문에서는 이 기법의 문제점을 분석하고, 이러한 문제를 해결한 프라이버시를 보호하는 접근제어가 가능한 키워드 검색 기법을 제안한다.

• 지식경영연구
• /
• 제18권1호
• /
• pp.159-176
• /
• 2017

Recently, the popularity of smartphones has led to a dramatic increase in the frequency of use of App(Application) services. LBS (Location-Based Service) App service adopts various methods such as push marketing and useful information by region through providing location-based service based on the location of the consumer. In particular, an enterprise or an App management company can provide necessary information to the consumer through the necessary information among the customer related knowledge information obtained by utilizing the location information of the consumer in real time. Nevertheless, since LBS is a service that can be performed only when the company obtains consent to provide location information voluntarily by the consumer, there is a case of privacy infringement due to consumers' use of personal information. The purpose of this study is to identify the characteristics of privacy related variables and the knowledge structure for consumer value formation based on the theory of privacy calculation. We also compared the characteristics of Korea with those of China in privacy issue. As a result of the analysis, it was confirmed that factors such as information utilization ability and information control ability were influential as a key factor of privacy calculation. In addition, perceived value influences the reputation of the LBS App service.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권8호
• /
• pp.2083-2100
• /
• 2023

The rise of Industry 5.0 has led to a smarter and more digital way of doing business, but with it comes the issue of user privacy and security. Only when privacy and security issues are addressed, will users be able to transact online with greater peace of mind. Thus, to address the security and privacy problems associated with industry blockchain technology, we propose a privacy protection scheme for online financial transactions based on verifiable ring signatures and blockchain by comparing and combining the unconditional anonymity provided by ring signatures with the high integrity provided by blockchain technology. Firstly, we present an algorithm for verifying ring signature based on distributed key generation, which can ensure the integrity of transaction data. Secondly, by using the block chain technique, we choose the proxy node to send the plaintext message into the block chain, and guarantee the security of the asset transaction. On this basis, the designed scheme is subjected to a security analysis to verify that it is completely anonymous, verifiable and unerasable. The protection of user privacy can be achieved while enabling online transactions. Finally, it is shown that the proposed method is more effective and practical than other similar solutions in performance assessment and simulation. It is proved that the scheme is a safe and efficient online financial transaction ring signature scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권3호
• /
• pp.1229-1248
• /
• 2016

With the feature of convenience and low cost, remote healthcare monitoring (RHM) has been extensively used in modern disease management to improve the quality of life. Due to the privacy of health data, it is of great importance to implement RHM based on a secure and dependable network. However, the network connectivity of existing RHM systems is unreliable in disaster area because of the unforeseeable damage to the communication infrastructure. To design a secure RHM system in disaster area, this paper presents a Secure VANET-Assisted Remote Healthcare Monitoring System (SVC) by utilizing the unique "store-carry-forward" transmission mode of vehicular ad hoc network (VANET). To improve the network performance, the VANET in SVC is designed to be a two-level network consisting of two kinds of vehicles. Specially, an innovative two-level key management model by mixing certificate-based cryptography and ID-based cryptography is customized to manage the trust of vehicles. In addition, the strong privacy of the health information including context privacy is taken into account in our scheme by combining searchable public-key encryption and broadcast techniques. Finally, comprehensive security and performance analysis demonstrate the scheme is secure and efficient.