• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1421-1424
• /
• 2009

RFID(Radio-Frequency IDentification) 시스템은 무선주파수를 이용한 자동 인식 기술로 개인의 위치 추적이나 사용자 프라이버시와 같은 정보 유출의 위험성을 내포하고 있다. 이러한 문제점을 해결하기 위해 대칭키 기반의 AES 암호화 알고리즘은 해시함수나 공개키 암호화 기법에 비해 메모리를 적게 소모하고 구현이 쉬운 장점 때문에 수동형 RFID태그에 더 적합하다. 그러나 기존의 AES를 이용한 RFID 인증 프로토콜에서는 항상 고정된 키를 이용하여 암호화하였고 태그와 리더사이의 안전하지 않은 무선 채널에서 공격자에 의해 키 값이 노출될 수 있는 또 다른 문제점을 가지고 있다. 본 논문에서는 태그와 서버의 고정된 키와, 리더 태그 서버에서 생성된 난수를 차례로 이용하여 대칭키를 변환한다. 그리고 매 세션마다 변환된 키로 난수를 암호화 하면서 태그와 리더를 상호 인증한다. 이와 같이 변환된 키를 이용할 경우 키 값의 노출 문제가 해결되며, 이 키를 통해 암호화하여 인증할 경우 재전송, 도청, 위치추적 및 스푸핑과 같은 공격에도 안전하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.207-216
• /
• 2024

As big data was built due to the 4th Industrial Revolution, personalized services increased rapidly. As a result, the amount of personal information collected from online services has increased, and concerns about users' personal information leakage and privacy infringement have increased. Online service providers provide privacy policies to address concerns about privacy infringement of users, but privacy policies are often misused due to the long and complex problem that it is difficult for users to directly identify risk items. Therefore, there is a need for a method that can automatically check whether the privacy policy is safe. However, the safety verification technique of the conventional blacklist and machine learning-based privacy policy has a problem that is difficult to expand or has low accessibility. In this paper, to solve the problem, we propose a safety verification technique for the privacy policy using the GPT-3.5 API, which is a generative artificial intelligence. Classification work can be performed evenin a new environment, and it shows the possibility that the general public without expertise can easily inspect the privacy policy. In the experiment, how accurately the blacklist-based privacy policy and the GPT-based privacy policy classify safe and unsafe sentences and the time spent on classification was measured. According to the experimental results, the proposed technique showed 10.34% higher accuracy on average than the conventional blacklist-based sentence safety verification technique.

• Information Systems Review
• /
• v.23 no.3
• /
• pp.201-223
• /
• 2021

Smart home is an advanced Internet of Things (IoT) service that enhances the convenience of human daily life and improves the quality of life at home. Recently, with the emergence of smart home products and services to which artificial intelligence (AI) technology is applied, interest in smart home is increasing. To gain a competitive edge in the smart home market, companies are providing "personalized service" to users, which is a key service that can promote smart home use. This study investigates the factors affecting the value awareness of personalized service and intention to use smart home. This research focuses on four-dimensional motivated innovativeness (cognitive, functional, hedonic, and social innovativeness) and privacy risk awareness as key factors that influence the value awareness of personalized service of smart home. In particular, this study conducts a comparative analysis between the generation MZ (young people in late teens to 30s), who are showing socially differentiated characteristics, and the generation X and baby boomers in 40s to 50s or older. Based on the analysis results, this study derives the distinctive characteristics of generation MZ that are different from the older generation, and provides academic and practical implications for expanding the use of smart home services.

• Information Systems Review
• /
• v.25 no.4
• /
• pp.161-181
• /
• 2023

As the post-COVID-19 consumer life environment is rapidly becoming non-face-to-face, changing non-face-to-face financial life services are having a significant impact on consumers' daily lives. People who do not have access to digital devices and services that have become essential goods are at risk of being left behind in the "digital blind spot," where they are marginalized not only in their daily lives but also in society and the economy as a whole (Kim Min-Jeung A, Kim Min-Jung B, Park Joo-Yung, 2022). In this study, we examined the effects of perceived control factors, Cognitive control, behavioral control, and decisional control, on intention to use digital finance. For this study, we surveyed 133 customers who are aware of and intend to use digital finance. The results show that cognitive control, behavioral control, and decisional control have significant effects on intention to use digital finance. In this relationship, the moderating effect of privacy concerns differs from the effect of decision control on intention to use digital finance. These findings suggest that digital financial services firms should consider whether to reduce or increase customer control. Based on these findings, we discuss marketing strategies and implications for digital financial services companies.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.2
• /
• pp.135-141
• /
• 2010

This research examines technologies and systems regarding right to control information in the network era. For this purpose, It attempts an integrated analysis of technologies and systems on the basis of the tree components of cyberspace. And it examines the prior researches and cases on privacy, personal information, and right to control information with emphasis on technologies and systems of the cyberspace. To protect privacy information, it analyses vulnerability of element technology, platform service technology, and individual technology. In particular, it describes, from the perspective of right to control information, the risk and security measures for personal information to be used as relation-context in the Web 2.0 environment. The research result will assist the methodology of future researches for grand theory on privacy information and help understanding the interaction between technology and society.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.183-193
• /
• 2014

Korean personal data(information) protection law requires privacy policies post on every website. According to recent survey results, users' interests on these policies are low due to these policies' low readability and accessibility. This study proposes a layout that effectively conveys online privacy policy contents, and assesses its impact on information understandability, vividness, and recognition of users. Studies on privacy policies and layouts, media richness theory, social presence theory, and usability are used to develop the new layered approach. Using experiments, three major layouts are evaluated by randomly selected online users. Research results shows that information understandability, vividness, and recognition of privacy policies in the revised-layered approach are higher than those of in the text-only or table-based layouts. This study implies that employing visual guides like icons on privacy policy layouts may increase users' interest in those policies.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.9-18
• /
• 2019

In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.76-88
• /
• 2022

Personal information leakage is very harmful as it can lead to additional attacks using leaked information as well as privacy invasion, and it is primarily caused by hacking server databases of institutions that collect and store personal information. We propose a scheme that allows a service-requesting user to authorize a secure delegated transfer of his personal information to the service provider via a reliable authority and enables only the two parties of the service to retrieve the provided information stored on a blockchain ensuring data confidentiality. It thus eliminates the necessity of storing customer information in the service provider's own database. As a result, the service provider can serve customers without requiring membership registration or storing personal information in the database, so that information leakage through the server database can be completely blocked. In addition, the scheme is free from the risk of information leakage and subsequent attacks through smartphones because it does not require a user's smartphone to store any authentication credential or personal information of its owner.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.417-428
• /
• 2018

The intelligent video surveillance environment is a system that extracts various information about a video object and enables automated processing through the analysis of video data collected in CCTV. However, since the privacy exposure problem may occur in the process of intelligent video surveillance, it is necessary to take a security measure. Especially, video metadata has high vulnerability because it can include various personal information analyzed based on big data. In this paper, we propose a COP-Transformation scheme to protect video metadata. The proposed scheme is advantageous in that it greatly enhances the security and efficiency in processing the video metadata.

• Journal of Digital Contents Society
• /
• v.11 no.1
• /
• pp.105-115
• /
• 2010

Search engines provide web documents that are related to user's query. However, using only the query terms that user provided, it is hard for search engines to know user's exact intention and provide the very matching web documents. To remedy this problem, search systems are needed to exploit personalized search technologies. In this paper, we propose not only a novel personalized query recommendation scheme based on folksonomy but also a new personalized search service architecture which reduces the risk of privacy violation while enabling search service providers to provide other various personalized services such as personalized advertisement.