• 정보보호학회논문지
• /
• 제22권2호
• /
• pp.337-346
• /
• 2012

인터넷 기술을 활용한 클라우드 컴퓨팅 서비스의 확산에 따라 개인정보 유출 위험과 정보에 대한 통제가 불가능해질 수 있는 보안 위협이 증가되고 있으나, 현재 클라우드 컴퓨팅 서비스 제공자는 개인정보보호에 대한 충분한 보호조치를 서비스 이용자에게 제공하지 못하고 있는 상황이다. 본 논문에서는 클라우드 컴퓨팅 서비스에 대한 개인정보보호 고려 사항을 살펴보고, 클라우드 컴퓨팅 서비스 환경에서의 개인정보보호 위협에 대응하는 방안을 제안한다.

• 정보과학회 논문지
• /
• 제44권9호
• /
• pp.918-931
• /
• 2017

스마트폰과 웨어러블 기기의 확산으로 개인정보의 축적 및 사용이 증가하여 프라이버시 보호가 이슈화되고 있다. 이에 따라 개인정보 보호를 위한 다양한 보안 기술이 연구 및 발전되고 관련 법률이 개정되고 있지만, 여전히 개인정보 유출 사고가 발생하고 있다. 이는 요구사항 명세 단계에서 프라이버시 요구사항이 명확히 정의되지 않은 채 보안 요구사항만 명세 되어 소프트웨어 개발 시 보안 기술 구현에 집중하기 때문이다. 즉, 기존 연구들은 프라이버시와 보안의 관계성을 고려하지 않은 채 보안 요구사항을 도출하거나 프라이버시 보호를 위한 원칙, 법률 등을 보완하는 것에 집중되어 있다. 따라서 법률을 기반으로 소프트웨어 개발 시 적용 가능한 프라이버시 요구사항을 도출하고 프라이버시와 보안의 관계를 명확히 명시하는 방법이 필요하다. 본 연구에서는 프라이버시 친화 시스템 구축을 위해 필요한 프라이버시 요구사항을 검증 및 도출하고, 프라이버시 보증 사례 작성을 통해 보안과 프라이버시의 관계성을 표현한다.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• Journal of information and communication convergence engineering
• /
• 제9권6호
• /
• pp.701-705
• /
• 2011

RFID is a widely adopted in the field of identification technology these days. Radio Frequency IDentification (RFID) has wide applications in many areas including manufacturing, healthcare, and transportation. Because limited resource RFID tags are used, various risks could threaten their abilities to provide essential services to users. A number of RFID protocols have done by researcher in order to protect against some malicious attacks and threat. Existing RFID protocols are able to resolve a number of security and privacy issues, but still unable to overcome other security & privacy related issues. In this paper, we analyses security schemes and vulnerability in RFID application. Considering this RFID security issues, we survey the security threats and open problems related to issues by means of information security and privacy. Neither a symmetric nor an asymmetric cryptographic deployment is necessarily used with light weighted algorithm in the future.

• International Journal of Computer Science & Network Security
• /
• 제24권6호
• /
• pp.153-160
• /
• 2024

Information technology plays an important role in healthcare. The cloud has several applications in the fields of education, social media and medicine. But the advantage of the cloud for medical reasons is very appropriate, especially given the large volume of data generated by healthcare organizations. As in increasingly health organizations adopting towards electronic health records in the cloud which can be accessed around the world for various health issues regarding references, healthcare educational research and etc. Cloud computing has many advantages, such as "flexibility, cost and energy savings, resource sharing and rapid deployment". However, despite the significant benefits of using the cloud computing for health IT, data security, privacy, reliability, integration and portability are some of the main challenges and obstacles for its implementation. Health data are highly confidential records that should not be made available to unauthorized persons to protect the security of patient information. In this paper, we discuss the privacy and security requirement of EHS as well as privacy and security issues of EHS and also focus on a comprehensive review of the current and existing literature on Electronic health that uses a variety of approaches and procedures to handle security and privacy issues. The strengths and weaknesses of some of these methods were mentioned. The significance of security issues in the cloud computing environment is a challenge.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2012년도 춘계학술대회
• /
• pp.899-900
• /
• 2012

RFID technology can help automatically and remotely identify objects, which raises many security concerns. We review and categorize several RFID security and privacy solutions, and conclude that the most promising and low-cost approach currently attracts little academic attention. We therefore concluded that, from a privacy perspective, the user scheme is an important strategy for meeting the consumer's needs. Furthermore, we call for the privacy research community to put more effort into this line of thinking about RFID privacy.

• Asia pacific journal of information systems
• /
• 제22권1호
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Journal of information and communication convergence engineering
• /
• 제9권4호
• /
• pp.441-446
• /
• 2011

Radio frequency identification (RFID) tags are cheap and simple devices that can store unique identification information and perform simple computation to keep better inventory of packages. Security protocol for RFID tags is needed to ensure privacy and authentication between each tag and their reader. In order to accomplish this, in this paper, we analyzed a lightweight privacy and authentication protocol for passive RFID tags.

• 보건의료산업학회지
• /
• 제9권2호
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

• 정보보호학회논문지
• /
• 제17권1호
• /
• pp.89-96
• /
• 2007

EPC 네트워크(Electronic Product Code Network) 환경 기반의 REID 시스템은 사물에 직접적인 접촉을 하지 않고 RF(Radio Frequency)신호를 이용하여 사물의 정보를 읽어 오거나 기록할 수 있다. 이것은 기존의 바코드 시스템에 비해서 저장능력이 뛰어나며 비접촉식이라는 이점을 갖는다. 이런 RFID 시스템과 모바일 시스템을 접목함으로서 사용자에게 새로운 부가서비스를 제공하는 모바일 REID 시스템이 만들어지게 되었다. 그러나 비접촉식의 RF(Radio Frequency) 통신을 이용하여 사물의 정보를 가져온다는 이점은 개인의 프라이버시 침해라는 문제점을 발생시킨다. 본 논문에서는 모바일 기반의 RFID 시스템에서의 개인 프라이버시를 보호하는 기법을 제안한다. 제안한 기법은 기존에 제안된 기법들 보다 효율적으로 프라이버시 보호기능을 제공한다.