• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.163-171
• /
• 2013

As the kind of IT service on the internet is more and more diversifying and increasing, IT service's adverse effects also consistently occurring. Among them the incident of private information exposure is becoming social issues, especially the exposure of private information entered on-line resume is very serious. This paper investigates whether or not data is encrypted in data transfer section of major on-line job-search sites of Korea by using the packet analyzer such as "Wireshark." This paper judges whether or not the vulnerability, private information exposure, exists from the result of the investigation above and suggests countermeasures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2394-2406
• /
• 2016

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user's private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.

• Korean Journal of Child Studies
• /
• v.37 no.6
• /
• pp.119-132
• /
• 2016

Objective: The purpose of this study was to analyze the operation and personal information management of public and private kindergarten homepages. Methods: A total of 2,846 kindergartens were selected from the I-Sarang portal service for analyzing operation, and 217 self-operating homepages were selected for evaluating management. Seven evaluation items from three domains (information gathering procedures and scope, information security, and management of file exposure protection) were used. Wireshark and Google were used for analyzing some evaluation items. Results: The operating ratio of kindergarten homepages was low and most of the kindergartens self-operated their homepages. The evaluation of the information gathering procedures and scope showed that the rule of consent process was not rigidly followed but that the rule of legality for information gathering was followed. Items related to information security were followed at very low levels. As for the management of file exposure protection, the evaluation of items related to the prevention of attachment disclosure showed that the rule of protecting personal information included in an attached file was followed but that the notice regarding information protection was not. Across all evaluation items, the level of personal information management was higher in public (vs. private) kindergartens. Conclusion: These results indicate methods to more securely and effectively manage personal information on kindergarten homepages.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.4 no.3
• /
• pp.217-224
• /
• 2011

This paper proposes DDPT(Dynamic Data Protection Technique) which solves the problem of private information exposure occurring in a dynamic database environment. The DDPT in this paper generates the MAG(Multi-Attribute Generalization) rules using multi-attributes generalization algorithm, and the EC(equivalence class) satisfying the k-anonymity according to the MAG rules. Whenever data is changed, it reconstructs the EC according to the MAC rules, and protects the identification exposure which is caused by the EC change. Also, it measures the information loss rates of the EC which satisfies the ${\ell}$-diversity. It keeps data accuracy by selecting the EC which is less than critical value and enhances private information protection.

• Journal of Information Science Theory and Practice
• /
• v.10 no.2
• /
• pp.86-101
• /
• 2022

This research aimed at studying the factors that influence new media exposure of political news by youths in Isan society in Thailand. The target group comprised 1,200 individuals, obtained from multi-stage sampling from undergraduate students in Isan's autonomous universities, governmental universities, and private institutions. The data collection tool was a questionnaire, the content of which was validated by experts. The reliability of the tool was tested by the formula for Cronbach's alpha coefficient, which yielded a reliability of 0.83. Multiple regression analysis was applied to analyze the data. The results, regarding factors influencing the channels for political news exposure, showed that channels for political news exposure were mostly influenced by inner drives, followed by importance in political news exposure, influence from social networks, and specific characteristics of the Internet. This could explain the variation of channels for political news exposure at 46.5%. In terms of factors influencing political news selection, it was found that political news selection was influenced mostly from social networks, followed by inner drives, benefits from political news exposure, specific characteristics of the Internet, and the field of study. The variation of the political news selection could be explained at 44.6%. These results elaborate on the current situation in Thailand, especially in Isan region, where youths in higher education are playing an increasing role in demonstrating their political stance through various political activities.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.45-53
• /
• 2018

The Personal Information Protection Act has been revised continuously since its establishment, and as a way to secure stability properly, the guidelines as well as enforcement ordinances and regulations have been changed, too. It seems that people's recognition and awareness of private information have already evolved to a certain level that is regarded to be fairly high. However, no one can exactly imagine how much ripple effect scrapping discarded paper regarded simply as waste material which is often and easily practiced in our everyday lives exerts and how many socially significant events it may arouse in our lives. Private information is produced, operated, preserved, utilized, distributed within the frame of law unidentified, and then discarded with a particular purpose. While going through a series of processes, each piece of that private information comes to be reproduced melting a lot of information. It is used and also changed beneficially sometimes to richen our lives or as basic material for welfare. Meanwhile, its importance is decided by its weight or mass and then often gets discarded after all. It means that the process of disuse is being done in a way to arouse the possibility of invasion of personal rights and also the second and third and also more exposure of private information. Therefore, approaching the meaning of automation politically, this study aims to suggest how to secure stability in the process of discarding private information in terms of logical automation.

• The Journal of the Korea Contents Association
• /
• v.21 no.4
• /
• pp.1-13
• /
• 2021

With the global pandemic of COVID-19, it is pointed out that exposure to false information to the public could cause serious problems. However, in pandemic situations, there is also an positive effect for the public to share private-led information rather than centralized unilateral delivery of information. This study analyzes the role of private-led information provision in infectious disease situations. To this end, topic modeling and sentiment analysis is carried out on online reviews of all COVID-19-related applications in Google Playstore provided by the Korean government and the private. The results showed that the user's evaluation of private apps, which were used from the early stage of COVID-19, was much higher than the apps provided by the government. In particular, users responded more positively to private apps than government apps in all aspects such as reliability of information, risk avoidance, timeliness, usefulness, and stability. Based on these results, a post-monitoring system is recommended rather than a pre-block of all private apps.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.6
• /
• pp.1109-1122
• /
• 2016

Certificateless public key cryptography is a technique that can solve the certificate management problem of a public key cryptosystem and clear the key escrow issue of ID-based cryptography using the public key in user ID. Although the studies were actively in progress, many existing schemes have been designed without taking into account the safety of the secret value with the decryption key exposure attacks. If previous secret values and decryption keys are exposed after replacing public key, a valid private key can be calculated by obtaining the partial private key corresponding to user's ID. In this paper, we propose a new security model which ensures the security against the key exposure attacks and show that several certificateless public key encryption schemes are insecure in the proposed security model. In addition, we design a certificateless public key encryption scheme to be secure in the proposed security model and prove it based on the DBDH(Decisional Bilinear Diffie-Hellman) assumption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.119-131
• /
• 2009

The world's widely used key exchange protocols are open cryptographic communication protocols, such as TLS/SSL, whereas in the financial field in Korea, key exchange protocols developed by industrial classification group have been used that are based on PKI(Public Key Infrastructure) which is suitable for the financial environments of Korea. However, the key exchange protocols are not only vulnerable to client impersonation attacks and known-key attacks, but also do not provide forward secrecy. Especially, an attacker with the private keys of the financial security server can easily get an old session-key that can decrypt the encrypted messages between the clients and the server. The exposure of the server's private keys by internal management problems, etc, results in a huge problem, such as exposure of a lot of private information and financial information of clients. In this paper, we analyze the weaknesses of the cryptographic communication protocols in use in Korea. We then propose two key exchange protocols which reduce the replacement cost of protocols and are also secure against client impersonation attacks and session-key and private key reveal attacks. The forward secrecy of the second protocol is reduced to the HDH(Hash Diffie-Hellman) problem.