• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2017년도 추계학술대회
• /
• pp.571-572
• /
• 2017

전자화폐를 구현하는 블록체인 기술은 분산화된 컴퓨팅을 사용하며 모든 거래가 모두에게 공개되어 있다. 이러한 기술은 사용자 대신 주소를 사용하여 거래에 수행하여 익명성을 보장하는 것처럼 보이지만 거래 그래프를 기반으로 비순환 방향 그래프를 이용하여 공개된 주소를 추적함으로써 프라이버시 문제가 발생하게 된다. 본 논문에서는 블록체인 기술 내에서 발생하는 프라이버스를 보호하기 위하여 그래프 상의 관련성을 찾기 어렵게 하는 중앙 집중적으로 처리하는 다양한 기법들을 분석한다. 또한, 프라이버시를 강화하기 위하여 분산화된 방법으로 익명화하는 기법들도 분석한다. 영지식 증명 기법을 이용하면 완전 분산 익명성을 보장하지만 더 많은 연산과 저장 공간이 필요하게 되며, 이를 효율적으로 하기 위한 여러 가지 기법들도 제안되었다. 본 논문에서는 기존 프라이버시 보호 기법들을 블록체인 기술에 융합하여 블록체인 기술의 프라이버시 보호를 위한 기법을 제안한다.

• 한국실내디자인학회논문집
• /
• 제19권1호
• /
• pp.200-207
• /
• 2010

The purpose of this study was to analyze the variables of the state-of-the-art office planning for the productive workplaces of the North America and to predict the adaptability in Korea. Knowledge workers have been considered as the decisive factors for the survival and development of organizations. So, open workplaces have been considered appropriate for the workplace to stimulate their informal knowledge sharing. However, the low individual productivity due to low privacy and distraction in the open workplace has been the key problem. To solve the dilemma, this study suggests that closed individual offices are best for the individual productivity and open conference area and meeting places are essential for the informal knowledge sharing. Some state-of-the-art workplaces such as just-in-time offices and hotelings can provide more space for the individual workplaces and open meeting places without excessive cost burden of organizations.

• Asia pacific journal of information systems
• /
• 제20권2호
• /
• pp.63-86
• /
• 2010

Personalized services directly and indirectly acquire personal data, in part, to provide customers with higher-value services that are specifically context-relevant (such as place and time). Information technologies continue to mature and develop, providing greatly improved performance. Sensory networks and intelligent software can now obtain context data, and that is the cornerstone for providing personalized, context-specific services. Yet, the danger of overflowing personal information is increasing because the data retrieved by the sensors usually contains privacy information. Various technical characteristics of context-aware applications have more troubling implications for information privacy. In parallel with increasing use of context for service personalization, information privacy concerns have also increased such as an unrestricted availability of context information. Those privacy concerns are consistently regarded as a critical issue facing context-aware personalized service success. The entire field of information privacy is growing as an important area of research, with many new definitions and terminologies, because of a need for a better understanding of information privacy concepts. Especially, it requires that the factors of information privacy should be revised according to the characteristics of new technologies. However, previous information privacy factors of context-aware applications have at least two shortcomings. First, there has been little overview of the technology characteristics of context-aware computing. Existing studies have only focused on a small subset of the technical characteristics of context-aware computing. Therefore, there has not been a mutually exclusive set of factors that uniquely and completely describe information privacy on context-aware applications. Second, user survey has been widely used to identify factors of information privacy in most studies despite the limitation of users' knowledge and experiences about context-aware computing technology. To date, since context-aware services have not been widely deployed on a commercial scale yet, only very few people have prior experiences with context-aware personalized services. It is difficult to build users' knowledge about context-aware technology even by increasing their understanding in various ways: scenarios, pictures, flash animation, etc. Nevertheless, conducting a survey, assuming that the participants have sufficient experience or understanding about the technologies shown in the survey, may not be absolutely valid. Moreover, some surveys are based solely on simplifying and hence unrealistic assumptions (e.g., they only consider location information as a context data). A better understanding of information privacy concern in context-aware personalized services is highly needed. Hence, the purpose of this paper is to identify a generic set of factors for elemental information privacy concern in context-aware personalized services and to develop a rank-order list of information privacy concern factors. We consider overall technology characteristics to establish a mutually exclusive set of factors. A Delphi survey, a rigorous data collection method, was deployed to obtain a reliable opinion from the experts and to produce a rank-order list. It, therefore, lends itself well to obtaining a set of universal factors of information privacy concern and its priority. An international panel of researchers and practitioners who have the expertise in privacy and context-aware system fields were involved in our research. Delphi rounds formatting will faithfully follow the procedure for the Delphi study proposed by Okoli and Pawlowski. This will involve three general rounds: (1) brainstorming for important factors; (2) narrowing down the original list to the most important ones; and (3) ranking the list of important factors. For this round only, experts were treated as individuals, not panels. Adapted from Okoli and Pawlowski, we outlined the process of administrating the study. We performed three rounds. In the first and second rounds of the Delphi questionnaire, we gathered a set of exclusive factors for information privacy concern in context-aware personalized services. The respondents were asked to provide at least five main factors for the most appropriate understanding of the information privacy concern in the first round. To do so, some of the main factors found in the literature were presented to the participants. The second round of the questionnaire discussed the main factor provided in the first round, fleshed out with relevant sub-factors. Respondents were then requested to evaluate each sub factor's suitability against the corresponding main factors to determine the final sub-factors from the candidate factors. The sub-factors were found from the literature survey. Final factors selected by over 50% of experts. In the third round, a list of factors with corresponding questions was provided, and the respondents were requested to assess the importance of each main factor and its corresponding sub factors. Finally, we calculated the mean rank of each item to make a final result. While analyzing the data, we focused on group consensus rather than individual insistence. To do so, a concordance analysis, which measures the consistency of the experts' responses over successive rounds of the Delphi, was adopted during the survey process. As a result, experts reported that context data collection and high identifiable level of identical data are the most important factor in the main factors and sub factors, respectively. Additional important sub-factors included diverse types of context data collected, tracking and recording functionalities, and embedded and disappeared sensor devices. The average score of each factor is very useful for future context-aware personalized service development in the view of the information privacy. The final factors have the following differences comparing to those proposed in other studies. First, the concern factors differ from existing studies, which are based on privacy issues that may occur during the lifecycle of acquired user information. However, our study helped to clarify these sometimes vague issues by determining which privacy concern issues are viable based on specific technical characteristics in context-aware personalized services. Since a context-aware service differs in its technical characteristics compared to other services, we selected specific characteristics that had a higher potential to increase user's privacy concerns. Secondly, this study considered privacy issues in terms of service delivery and display that were almost overlooked in existing studies by introducing IPOS as the factor division. Lastly, in each factor, it correlated the level of importance with professionals' opinions as to what extent users have privacy concerns. The reason that it did not select the traditional method questionnaire at that time is that context-aware personalized service considered the absolute lack in understanding and experience of users with new technology. For understanding users' privacy concerns, professionals in the Delphi questionnaire process selected context data collection, tracking and recording, and sensory network as the most important factors among technological characteristics of context-aware personalized services. In the creation of a context-aware personalized services, this study demonstrates the importance and relevance of determining an optimal methodology, and which technologies and in what sequence are needed, to acquire what types of users' context information. Most studies focus on which services and systems should be provided and developed by utilizing context information on the supposition, along with the development of context-aware technology. However, the results in this study show that, in terms of users' privacy, it is necessary to pay greater attention to the activities that acquire context information. To inspect the results in the evaluation of sub factor, additional studies would be necessary for approaches on reducing users' privacy concerns toward technological characteristics such as highly identifiable level of identical data, diverse types of context data collected, tracking and recording functionality, embedded and disappearing sensor devices. The factor ranked the next highest level of importance after input is a context-aware service delivery that is related to output. The results show that delivery and display showing services to users in a context-aware personalized services toward the anywhere-anytime-any device concept have been regarded as even more important than in previous computing environment. Considering the concern factors to develop context aware personalized services will help to increase service success rate and hopefully user acceptance for those services. Our future work will be to adopt these factors for qualifying context aware service development projects such as u-city development projects in terms of service quality and hence user acceptance.

• 정보보호학회논문지
• /
• 제29권2호
• /
• pp.299-308
• /
• 2019

현재 개인정보의 활용가치가 높아짐에 따라, 개인정보를 제공하는 방법에 대한 논의가 활발하게 이루어지고 있다. 현재 가장 일반적인 개인정보 제공방법 중 하나로 개인정보를 활용하는 집단이 개인에게 동의를 얻어 개인정보를 사용하는 방법이 있다. 그러나 위의 방법은 두가지 문제점을 갖고 있는데, 첫째 개인정보 활용을 위해 기관에서 필요로 하는 정보 이상의 정보가 노출되고 있는점, 둘째 기업에서 개인정보를 요청 할 때마다 신뢰기관(Trusted Party)이 해당 정보에 대한 인증정보를 기업에 제공해야 하는 문제점이 있다. 위의 문제점을 해결하기 위해 본 논문에서는 zk-SNARK (zero-knowledge Succinct Non-interactive ARgument of Knowledge)기법과 블록체인을 사용하여 프라이버시 보호형 개인정보 관리기법을 제안한다. 프라이버시 보호형 개인정보 관리기법은 zk-SNARK를 통해 개인정보를 제공할 때 프라이버시를 보장하면서도 정보의 신뢰성을 보장할 수 있다. 또한 블록체인을 통해 데이터의 무결성을 보장하면서도 개인정보 데이터를 관리할 수 있으며 개인정보 공유를 기존의 인증방식보다 용이하게 수행할 수 있다.

• 정보보호학회논문지
• /
• 제31권4호
• /
• pp.675-686
• /
• 2021

최근 개인정보 보호법이 개정되고 개인정보에 대한 이목이 더해짐에 따라 각 기업들은 고객의 신원정보를 확인해야하는 의무(Know Your Costomer, 이하 KYC)와 동시에 이 정보를 개인정보보호법에 위반되지 않도록 처리 및 관리(개인정보보호법)를 해야 하는 의무를 가진다. 이러한 문제점을 해결할 수 있는 기술 중 하나는 영지식 증명(Zero-Knowledge Proof, 이하 ZKP)이다. ZKP를 사용하면 직접적으로 신원정보를 노출시키지 않으면서 해당 신원에 대한 검증이 가능하여 기업의 입장에서 신원정보 확인의 의무를 다함과 동시에 개인정보 관리에 대한 부담을 덜 수 있다. ZKP는 이 이외에도 많은 응용에 적용될 수 있는 기술로 본 논문에서는 현재 활발하게 연구되고 있는 ZKP기법 및 그 응용 사례를 분석하고 현실적인 모델에서의 ZKP의 적용을 위한 연구 방향을 제시한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권9호
• /
• pp.3870-3884
• /
• 2020

The proposed framework of Four Layer Robust Storage in Cloud (FLRSC) architecture involves host server, local host and edge devices in addition to Virtual Machine Monitoring (VMM). The goal is to protect the privacy of stored data at edge devices. The computational intelligence (CI) part of our algorithm distributes blocks of data to three different layers by partially encoded and forwarded for decoding to the next layer using hash and greed Solomon algorithms. VMM monitoring uses snapshot algorithm to detect intrusion. The proposed system is compared with Tiang Wang method to validate efficiency of data transfer with security. Hence, security is proven against the indexed efficiency. It is an important study to integrate communication between local host software and nearer edge devices through different channels by verifying snapshot using lamport mechanism to ensure integrity and security at software level thereby reducing the latency. It also provides thorough knowledge and understanding about data communication at software level with VMM. The performance evaluation and feasibility study of security in FLRSC against three-layered approach is proven over 2³² blocks of data with 98% accuracy. Practical implications and contributions to the growing knowledge base are highlighted along with directions for further research.

• 스마트미디어저널
• /
• 제12권9호
• /
• pp.95-102
• /
• 2023

개인정보의 활용 가치가 높아짐에 따라, 개인정보를 제공하는 방법에 대한 논의가 활발하나, 개인정보 활용을 위해 기관에서 필요로 하는 정보는 필요 이상의 정보가 노출되고 있다. 따라서 개인정보 보호의 문제점과 한계를 극복하기 위한 개인의 프라이버시 보호는 필수적이다. 본 연구에서는 개인정보의 중앙집중형 ID 관리(Centralized Identity Management)방법의 문제와 한계를 극복하고, 정보 소유자 스스로 자신의 개인정보를 관리하고 선택적으로 제공하는 탈중앙화 정보 관리(Decentralized Identity Information Management)모델을 제시하고, 실험을 통하여 PBFT 합의 알고리즘에서 스마트 개인정보 제공 시스템(SPIPS: Smart Personal Information Provision System)을 구현하여 개인 정보의 우수성을 보인다.

• Journal of Computing Science and Engineering
• /
• 제5권3호
• /
• pp.183-196
• /
• 2011

There has recently been a surge of interest in relational database mining that aims to discover useful patterns across multiple interlinked database relations. It is crucial for a learning algorithm to explore the multiple inter-connected relations so that important attributes are not excluded when mining such relational repositories. However, from a data privacy perspective, it becomes difficult to identify all possible relationships between attributes from the different relations, considering a complex database schema. That is, seemingly harmless attributes may be linked to confidential information, leading to data leaks when building a model. Thus, we are at risk of disclosing unwanted knowledge when publishing the results of a data mining exercise. For instance, consider a financial database classification task to determine whether a loan is considered high risk. Suppose that we are aware that the database contains another confidential attribute, such as income level, that should not be divulged. One may thus choose to eliminate, or distort, the income level from the database to prevent potential privacy leakage. However, even after distortion, a learning model against the modified database may accurately determine the income level values. It follows that the database is still unsafe and may be compromised. This paper demonstrates this potential for privacy leakage in multi-relational classification and illustrates how such potential leaks may be detected. We propose a method to generate a ranked list of subschemas that maintains the predictive performance on the class attribute, while limiting the disclosure risk, and predictive accuracy, of confidential attributes. We illustrate and demonstrate the effectiveness of our method against a financial database and an insurance database.

• International Journal of Computer Science & Network Security
• /
• 제23권7호
• /
• pp.49-60
• /
• 2023

The amount of data generated by electronic systems through e-commerce, social networks, and data computation has risen. However, the security of data has always been a challenge. The problem is not with the quantity of data but how to secure the data by ensuring its confidentiality and privacy. Though there are several research on cloud data security, this study proposes a security scheme with the lowest execution time. The approach employs a non-linear time complexity to achieve data confidentiality and privacy. A symmetric algorithm dubbed the Non-Deterministic Cryptographic Scheme (NCS) is proposed to address the increased execution time of existing cryptographic schemes. NCS has linear time complexity with a low and unpredicted trend of execution times. It achieves confidentiality and privacy of data on the cloud by converting the plaintext into Ciphertext with a small number of iterations thereby decreasing the execution time but with high security. The algorithm is based on Good Prime Numbers, Linear Congruential Generator (LGC), Sliding Window Algorithm (SWA), and XOR gate. For the implementation in C, thirty different execution times were performed and their average was taken. A comparative analysis of the NCS was performed against AES, DES, and RSA algorithms based on key sizes of 128kb, 256kb, and 512kb using the dataset from Kaggle. The results showed the proposed NCS execution times were lower in comparison to AES, which had better execution time than DES with RSA having the longest. Contrary, to existing knowledge that execution time is relative to data size, the results obtained from the experiment indicated otherwise for the proposed NCS algorithm. With data sizes of 128kb, 256kb, and 512kb, the execution times in milliseconds were 38, 711, and 378 respectively. This validates the NCS as a Non-Deterministic Cryptographic Algorithm. The study findings hence are in support of the argument that data size does not determine the execution.

• International Journal of Computer Science & Network Security
• /
• 제24권3호
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.