• Information Systems Review
• /
• v.16 no.2
• /
• pp.1-23
• /
• 2014

With side effects such as Phishing and Spam using personal information in Social Network Service, there is a growing need for studies related to harmful behaviors such as the reason for privacy violation. As such, this study assumed privacy violation to be ethical decision, making behavior and used the Theory of Planned Behavior and Motivation Theory, which are mostly used in social science to identify the factors affecting privacy violation. The results suggested that the Perceived Enjoyment and Punishment used in motivation studies affected privacy violation behaviors, and that the factors of the Theory of Planned Behavior such as Attitude toward Privacy Violation, Subjective Norms of Privacy Violation, and Perceived Behavioral Control with regard to Privacy Violation significantly influenced the Intention to Privacy Violation. On the other hand, Perceived Curiosity and Subjective Norms of Privacy Violation did not affect the Intention to Privacy Violation. Therefore, this study confirmed that the Theory of Planned Behavior was appropriate to explain the Intention to Privacy Violation, and that the variables of the Motivation Theory generally influenced the Attitude toward Privacy Violation. This study was significant since it extended the scope of theoretical privacy study from users and victims centered to inflictor and applied the Extended Theory of Planned Behavior using the variables of the Motivation Theory in the study of Intention to Privacy Violation. From the practical aspect, it provided the ground for privacy education based on the fact that the Attitude toward Privacy Violation can be curbed when education on the Privacy Concerns, Perceived Enjoyment, and Punishment with regard to privacy is strengthened. It also cited the need for the punishment of privacy violation and the practical ground to amend the terms and conditions of user license and Personal Information Protection Act to provide policy support.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• Journal of Korea Multimedia Society
• /
• v.19 no.7
• /
• pp.1159-1165
• /
• 2016

Traffic violations such as moving while the traffic lights are red have come from a simple omission to a premeditated act. The traffic control center cannot timely monitor all the cameras installed on the roads to trace and pursue those traffic violators. Modern vehicles are equipped and controlled by several sensors in order to support monitoring and reporting those kind of behaviors which some time end up in severe causalities. However, such applications within the vehicle environment need to provide security guaranties. In this paper, we address the limitation of previous work and present a secure and privacy preserving protocol for traffic violation reporting system in vehicular cloud environment which enables the vehicles to report the traffic violators, thus the roadside clouds collect those information which can be used as evidence to pursue the traffic violators. Particularly, we provide the unlinkability security property within the proposed protocol which also offers lightweight computational overhead compared to previous protocol. We consider the concept of conditional privacy preserving authentication without pairing operations to provide security and privacy for the reporting vehicles.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.817-819
• /
• 2011

Most of the sources of security and privacy issues in RFID technology arise from the violation of the air interface between a tag and its read. Most of the sources of security and privacy issues in RFID technology arise from the violation of the air interface between a tag and its reader. This paper will approach consideration of security analysis with cryptographic primitive based on hardware basis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.125-135
• /
• 2009

Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.

• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.788-793
• /
• 2004

Internet-based distribution of digital contents provides great opportunities for producers, distributors and consumers, but it may seriously threaten users' privacy. The Digital Rights Management (DRM) systems which one of the major issues, concern the protection of the ownership/copyright of digital content. However, the most recent DRM systems do not support the protection of the user's personal information. This paper examines the lack of privacy in DRM systems. We describe a privacy policy and user's privacy preferences model that protect each user's personal information from privacy violation by DRM systems. We allow DRM privacy agent to automatically negotiate between the DRM system policy and user's privacy preferences to be disclosed on behalf of the user. We propose an effective negotiation algorithm for the DRM system. Privacy rules are created following the negotiation process to control access of the user's personal information in the DRM system. The proposed privacy negotiation algorithm can be adapted appropriately to the existing DRM systems to solve the privacy problem effectively.

• Informatization Policy
• /
• v.17 no.1
• /
• pp.43-62
• /
• 2010

Mandatory use of resident registration number in Korean websites is likely to result in an violation of privacy. The Korea government introduced i-PIN (Internet Personal Identification Number) to solve this problem in Oct of 2006. But the implementation of i-PIN has failed to decrease violation of privacy. Therefore, we must open our eyes to problems of i-PIN and the importance of privacy protection. This study analyzes the policy failures of i-PIN and considers countermeasures for protecting privacy on the Internet, and explores policy alternatives to secure privacy on the Internet by analyzing the implementation process of I-PIN. In conclusion, this study stresses the urgent need for a well-thought-out policy in order to solve the problems of i-PIN on the Internet. It expects that the i-PIN will make a big stride for the realization of secure electronic government.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.665-679
• /
• 2018

With the development of information and communication technology, especially wireless Internet technology and the spread of smart phones, digital data has increased. As a result, privacy issues which concerns about exposure of personal sensitive information are increasing. In this paper, we analyze the privacy vulnerability of online big data in domestic internet environment, especially focusing on portal service, and propose a measure to evaluate the possibility of privacy violation. For this purpose, we collected about 50 million user posts from the potal service contents and extracted the personal information. we find that potal service user can be identified by the extracted personal information even though the user id is partially anonymized. In addition, we proposed a risk measurement evaluation method that reflects the possibility of personal information linkage between service using partial anonymized ID and personal information exposure level.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.754-756
• /
• 2011

Most of the sources of security and privacy issues in RFID technology arise from the violation of the air interface between a tag and its reader. This paper will approach the security risk analysis is process from the perspective of the RFID tag life cycle, identify the tag usage processes, identify the associated vulnerability and threat to the confidentiality, integrity and availability of the information assets and its implications for privacy, and then mitigate the risks.

• Journal of Korean Library and Information Science Society
• /
• v.43 no.3
• /
• pp.353-384
• /
• 2012

This study was conducted on the observation that the filter bubble and privacy violation problems are related to the personalized services provided by libraries. This study discussed whether there is the possibility for invasion of privacy when libraries provide services utilizing state-of-the-art technology, such as location-based services, context aware services, RFID-based services, Cloud Services, and book recommendation services. In addition, this study discussed the following three aspects: whether or not users give up their right to privacy when they provide personal information for online services, whether or not there are discussions about users' privacy in domestic libraries, and what kind of risks the filter bubble problem can cause library users and what are possible solutions. This study represents early-stage research on library privacy in Korea, and can be used as basic data for privacy research.