• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1519-1534
• /
• 2017

Data de-identification is the one of the technique that preserves individual data privacy and provides useful information of data to the analyst. However, original de-identification techniques like k-anonymity have vulnerabilities to background knowledge attacks. On the contrary, differential privacy has a lot of researches and studies within several years because it has both strong privacy preserving and useful utility. In this paper, we analyze various models based on differential privacy and formalize a differentially private model on financial data. As a result, we can formalize a differentially private model on financial data and show that it has both security guarantees and good usefulness.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.9-18
• /
• 2019

In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.351-353
• /
• 2015

공공정보 공유 및 개방, 소셜네트워크서비스의 활성화 그리고 사용자 간의 공유 데이터 증가 등의 이유로 인터넷상에 노출되는 사용자의 개인 정보가 증가하고 있다. 인터넷상에 노출된 사용자들의 개인정보들은 연결공격(linkage attack), 배경지식 공격(background attack)으로 프라이버시를 침해할 수 있다. 이를 막기 위해 관계형 데이터베이스에서는 대표적으로 k-익명성(k-anonymity)을 시작으로 l-다양성(l-diversity), t-밀집성(t-closeness)이라는 익명화 모델이 제안되었으며 계속해서 익명화 알고리즘의 성능은 개선되고 있다. 하지만 k-익명성, l-다양성, t-밀집성 모델의 조건을 만족하기 위해서는 준식별자(quasi-identifier)를 일반화(generalization)처리 해주어야 하는데 이 과정에서 준식별자의 가치를 손실된다는 단점이 있다. 본 논문에서 준식별자의 정보 손실을 최소화하기 위해 k-익명성 모델을 만족시키는 과정에서 일반화와 데이터를 삽입을 사용하는 익명화 처리하는 방법을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.715-729
• /
• 2021

Bitcoin is one of the cryptocurrencies, which is decentralized and transparent. However, due to its anonymity, it is currently being used for the purpose of transferring funds for illegal transactions in darknet markets. To solve this problem, clustering heuristic based on the characteristics of a Bitcoin transaction has been proposed. However, we found that the previous heuristis suffer from high false negative rates. In this study, we propose a novel heuristic for bitcoin clustering using off-chain data. Specifically, we collected and analyzed user review data from Silk Road 4 as off-chain data. As a result, 31.68% of the review data matched the actual Bitcoin transaction, and false negatives were reduced by 91.7% in the proposed method.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.109-117
• /
• 2019

Recently, the invasion of privacy in medical information has been issued following the interest in the secondary use of mass medical information. The mass medical information is very useful information that can be used in various fields such as disease research and prevention. However, due to privacy laws such as the Privacy Act and Medical Law, this information, including patients' or health professionals' personal information, is difficult to utilize as a secondary use of mass information. To do these problem, various methods such as k-anonymity, l-diversity and differential-privacy that can be utilized while protecting privacy have been developed and utilized in this field. In this paper, we discuss the differential privacy processing of the various methods that have been studied so far, and discuss the problems of differential privacy using Laplace noise and the previously proposed differential privacy. Finally, we propose a new scheme to solve the existing problem by adding a 1-bit status field to the last column of a given data set to confirm the response to queries from analysts.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.9
• /
• pp.81-92
• /
• 2023

A privacy model is a technique that quantitatively restricts the possibility and degree of privacy breaches through privacy attacks. Representative models include k-anonymity, l-diversity, t-closeness, and differential privacy. While many privacy models have been studied, research on selecting the most suitable model for a given dataset has been relatively limited. In this study, we develop a system for recommending the suitable privacy model to prevent privacy breaches. To achieve this, we analyze the data features that need to be considered when selecting a model, such as data type, distribution, frequency, and range. Based on privacy model background knowledge that includes information about the relationships between data features and models, we recommend the most appropriate model. Finally, we validate the feasibility and usefulness by implementing a recommendation prototype system.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.2
• /
• pp.311-319
• /
• 2017

Recently invasion of privacy problem in medical information have been issued following the interest in secondary use of large medical information. These large medical information is very useful information that can be used in various fields such as disease research and prevention. However, due to the privacy laws such as Privacy Act and Medical Law, these informations including patients or health professionals' personal information are difficult to utilize secondary. Accordingly, various methods such as k-anonymity, l-diversity and differential-privacy that can be utilized while protecting privacy have been developed and utilized in this field. In this paper, we study differential privacy processing procedure, one of various methods, and find out about the differential privacy problem using Laplace noise. Finally, we propose a new method using the Shamir's secret sharing method and symemetric key encryption algorithm such as AES for this problem.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.117-157
• /
• 2021

This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed. First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures. Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust. Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule. Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.