• Journal of the Korea Convergence Society
• /
• v.5 no.1
• /
• pp.29-34
• /
• 2014

It appeared with the development of IT skills to help the social network SNS(Social Network Service) on the online form. Many people around the world and in the business environment changes is the emergence of social networks are bringing. And the rapid development of the idea, but are insignificant for the security threats that are used by many people in many companies, and social network services. In addition, although it is true that this connection is increased from the number of mobile machines to the development of M2M, that is not recognized for that vulnerability. To evaluate and identify vulnerabilities against security threats and countermeasures for the SNS access the social network on the M2M After looking for privacy and in the present.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.59-66
• /
• 2006

A Certification Authority issues X.509 public key certificates to bind a public key to a subject. The subject is specified through one or more subject names in the 'subject' or 'subjectAltName' fields of a certificate. In reality, however, there are individuals that have the same or similar names. This ambiguity can be resolved by including a 'permanent identifier' in all certificates issued to the same subject, which is unique across multiple CAs. But, a person's unique identifier is regarded as a sensitive personal data. Such an identifier cannot simply be included as part of the subject field, since its disclosure may lead to misuse. We present a new method for secure and accurate user authentication through the PEPSI included in the standard certificate extension of a X.509 certificate. The PEPSI can be served not only for user authentication but also for the user anonymity without divulging personal information.

• Journal of Internet Computing and Services
• /
• v.19 no.2
• /
• pp.1-7
• /
• 2018

Due to advances in DNA sequencing technologies, its medical value continues to grow. However, once genome data leaked, it cannot be revoked, and disclosure of personal genome information impacts a large group of individuals. Therefore, secure techniques for managing genomic big data should be developed. We first propose a privacy-preserving inner product protocol for large data sets using the homomorphic encryption of Gentry et al., and then we introduce an efficient privacy-preserving DNA matching protocol based on the proposed protocol. Our efficient protocol satisfies the requirements of correctness, confidentiality, and privacy.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.221-231
• /
• 2013

Exchanging personal health information(PHI) is an essential process of healthcare services using information and communication technology. But the process have the inherent risk of information disclosure, so the PHI should be protected to ensure the reliability of healthcare services. In this paper, we designed encryption module for wearable personal health devices(PHD). A main goal is to guarantee that the real-time encoded and transmitted PHI cannot be allowed to be read, revised and utilized without user's permission. To achieve this, encryption algorithms as DES and 3DES were implemented in modules operating in Telos Rev B(16bit RISC, 8Mhz). And the experiments were performed in order to evaluate the performance of encryption and decryption using vital-sign measured by PHD. As experimental results, an block encryption was measured the followings: DES required 1.802 ms and 3DES required 6.683 ms. Also, we verified the interoperability among heterogeneous devices by testing that the encrypted data in Telos could be decoded in other machines without errors. In conclusion, the encryption module is the method that a PHD user is given the powerful right to decide for authority of accessing his PHI, so it is expected to contribute the trusted healthcare service distribution.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.207-210
• /
• 2013

Recently, rapid innovation of Smartphone is changing the paradigm of our daily life. Smartphone users, opinion experts more than 99 percent of the economically active population is using, it has reached the saturation past the early stages of formation. Smartphone is equipped with a general purpose OS possible the implementation of high performance environment similar level as a personal computer. Also, it is a mobile communication terminal scalable which can be removed or installed various applications. Such extensibility, it is possible to use different applications through the Apps store. In addition, it is also possible various services which are location based service. However, these services also benefit many but it also has a disadvantage of invasion of privacy and disclosure of personal information. In this research, we aim to analyze factors influencing on perceived value and risk in location based service of Smartphone. In addition, we aim to analyze the causal relationship with perceived value and risk in satisfaction and recommendation intention. This study suggests practical and theoretical implications based on the results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.197-209
• /
• 2015

The issue of information security within an organization began to be recognized as risk of the organization. Because of this, not only ISO(Information Security Officer) but an executive or CEO were forced to resign. In addition, it brought about heavy financial damage to the company and made the company difficult to restore trust to customers. At a time when inadvertent disclosure of personal information has become accepted as a matter of survival because of having a bad effect within an organization, how the information security specialist causes influence on information protection level of the organization. For these reasons, targeting the information security specialists of various industry sectors, we'll analyse how task performance rate of the information security specialist within an organization cause influence to the information security level. The goal of this study is for the company to raise the task proportion of information security specialist and to improve the information protection level of the organization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

• Journal of Korean Society for Quality Management
• /
• v.42 no.3
• /
• pp.387-406
• /
• 2014

Purpose: The widespread use of social network services (SNS) has caused users concern about the disclosure of their privacy or personal information. The purpose of this study is to analyze the factors of privacy concern and self presentation that affect the user resistance in the use of social network service. Methods: This study verifies the factors that affecting the user resistance in SNS. The research model suggested in this study is tested via a survey of 260 SNS users. SPSS and Smart PLS had been used to test the suggested hypotheses. Results: This study shows that privacy experience, privacy awareness, self esteem, and social desirability significantly influence perceived risk and that privacy awareness, self esteem, self efficacy, and perceived risk significantly influence perceived trust. It also verifies that perceived risk and perceived trust positively affect user resistance. Conclusion: This paper suggests that high awareness on privacy of SNS user encourages the SNS companies to consider the privacy protection mechanism for eliminating various factors that affecting the risk. This study also shows that the privacy calculus model applies to understanding the mechanism on resistance of SNS user.

• The Journal of Korean Association of Computer Education
• /
• v.16 no.3
• /
• pp.71-78
• /
• 2013

Internet ethics has been simply recognized as moral understanding, knowledge of etiquette or a kind of common sense. Recently, however, rapid growth of internet dysfunction such as the inadvertent disclosure of personal information, infringement of copyright and malicious code with hacking, has unavoidably broadened the territory of internet ethics. In this light, education contents of internet ethics must include not only laws and systems but specialized knowledge on prevention and action of internet dysfunction. In this paper, we analyze the variables affecting the educational achievement on diverse domains of internet ethics by investigating internet ethics qualifying examination and afterward we suggest some application methods to strengthen the internet ethics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.139-149
• /
• 2008

The amount of personal information collected by organizations and government agencies is continuously increasing. When a data collector publishes personal information for research and other purposes, individuals' sensitive information should not be revealed. On the other hand, published data is also required to provide accurate statistical information for analysis. k-Anonymity and ${\iota}$-diversity models are popular approaches for privacy preserving data publication. However, they are limited to static data release. After a dataset is updated with insertions and deletions, a data collector cannot safely release up-to-date information. Recently, the m-invariance model has been proposed to support re-publication of dynamic datasets. However, the m-invariant generalization can cause high information loss. In addition, if the adversary already obtained sensitive values of some individuals before accessing released information, the m-invariance leads to severe privacy disclosure. In this paper, we propose a novel technique for safely releasing dynamic datasets. The proposed technique offers a simple and effective method for handling inserted and deleted records without generalization. It also gives equivalent degree of privacy preservation to the m-invariance model.