• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.701-712
• /
• 2016

The number of subscriber of digital pay TV service such as Digital Cable TV and IPTV is increasing from various kind of service provider world widely. These services require personal information of users to provide VOD(Video on Demand) and customized contents. Therefore, massive amount of personal information collected by service provider can cause social confusion such as leakage of privacy and property damage. This paper investigates whether broadcasting stations are providing enough notification for privacy policy and methodology of collecting private information in proper way. Furthermore, we analyze actual network traffic of IPTV service between user and service provider to suggest solution of privacy protection along with current status analysis.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.107-113
• /
• 2012

Recently, according to the establishment of personal information protection Act, the public and private organizations are taking a step to protect personal information rights and interests by employing the technical methods such as the access control mechanism, cryptography, etc. The result of the personal information leakage causes a serious damage for the organization image and also has to face with the responsibility by law. However, applying access control and cryptographic approach on the personal information item for every connection to large database system causes significant performance degradation in a large database system. In this paper, we designed and implemented the light weight system using JVM (Java Virtual Machine) for the Oracle DBMS environment which the concurrent transaction occurs many, thereby the proposed system provides the minimum impact on the system performance and meets the need of personal information protection. The proposed system was validated on the personal information protection system which sits on a 'A' public organization's portal site and personnel information management system.

• Journal of Convergence for Information Technology
• /
• v.9 no.7
• /
• pp.100-105
• /
• 2019

As IoT Technology develops and Era of Hyperconnectivity comes, various kinds of customized services became available. As a next-generation display, a smart mirror accesses multimedia devices and provides various services, so it can serve as a social learning tool for the children and the old ones, as well as adults who need information. Smart Mirror must be able to identify users for individualized services. However, since the Smart Mirror is an easily accessible device, there is a possibility that information such as an individual's pattern and habit stored in the smart mirror may be exposed to the outside. Also, the other possibility of leakage of personal location information is through personal schedule or appointment stored in the smart mirror, and another possibility that privacy can be violated is through checking the health state via personal photographs. In this research, we propose a system that identify users by the information the users registered about their physique just like their face, one that provides individually customized service to users after identifying them, and one which provides minimal information and service for unauthenticated users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.145-154
• /
• 2010

End-to-End(E2E) encryption is to encrypt private and important financial information such as user's secret access numbers and account numbers from user's terminal to financial institutions. There has been found significant security vulnerabilities by various hacking in early E2E encryption system since early E2E encryption is not satisfied the basic security requirement which is that there does not exist user's financial information on plaintext in user's terminal. Extensional E2E encryption which is to improve early E2E encryption provides confidentiality and integrity to protect user's financial information from vulnerabilities such as alteration, forgery and leakage of confidential information. In this paper, we explain the extensional E2E encryption technology and present considerable security issues when the extensional E2E encryption technology is applied to financial systems.

• The Journal of the Korea Contents Association
• /
• v.20 no.12
• /
• pp.266-277
• /
• 2020

As users' convenience increases, the issue of personal information leakage about smartphones is also becoming serious. Since all of the user's personal information needed to provide functions such as electronic banking services and personal file storage is stored in the smartphone, the user's important personal information may be exposed if the smartphone is lost or stolen. In order to protect this privacy, governments and telecommunications companies offer smartphone locking or initialization services, but there are many loopholes and problems. In this paper, we design and implement applications that prevent malicious use of a user's personal information stored on a smartphone when a smartphone is lost or stolen, and that automatically initializes the smartphone used after removing or altering the USIM chip and destroys the user's personal information stored within the phone. The proposed application prevents users from maliciously using their personal information when a smartphone is lost or stolen.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.7
• /
• pp.81-88
• /
• 2024

Despite the rapid growth of the generative AI market and significant interest from domestic companies and institutions, concerns about the provision of inaccurate information and potential information leaks have emerged as major factors hindering the adoption of generative AI. To address these issues, this paper designs and implements a question-answering system based on the Retrieval-Augmented Generation (RAG) architecture. The proposed method constructs a knowledge database using Korean sentence embeddings and retrieves information relevant to queries through optimized searches, which is then provided to the generative language model. Additionally, it allows users to directly manage the knowledge database to efficiently update changing business information, and it is designed to operate in a private network to reduce the risk of corporate confidential information leakage. This study aims to serve as a useful reference for domestic companies seeking to adopt and utilize generative AI.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1435-1447
• /
• 2015

Finance Companies are operating a security solution such as E-DRM(Enterprise-Digital Right Management), Personal information search, DLP(Data Loss Prevention), Security of printed paper, Internet network separation system, Privacy monitoring system for privacy leakage prevention by insiders. However, privacy leakages are occurring continuously and it is difficult to the association analysis about relating to the company's internal and external distribution of private document. Because log system operated in the separate and independent security solutions. This paper propose a systematic chains that can correlatively analyze business systems and log among heterogeneous security solutions organically and consistently based on security documents. Also, we suggest methods of efficient detection for Life-Cycle management plan about security documents that are created in the personal computer or by individual through the business system and distribution channel tracking about security documents contained privacy.

• Korean Security Journal
• /
• no.9
• /
• pp.237-260
• /
• 2005

Development of IT technology as well as arrival of information-oriented society raise the curtain of 'the era of Ubiquitous Computing', implying accessing computers beyond boundary of time and space. In this era, it is expected that IT paradigms and life-styles would be transformed immensely above the experiences of 20th century. However, improvement of technology summons a new risk of cyber terrorism which have not been in the past. Thus, it is urgent to prepare for the threats in the national level. This paper point out five major threats relating to 'the security in the era of Ubiquitous Computing'. : First, spread of threats in connection with BcN establishment, second, vulnerable information-security for wireless communication, third, leakage of private information, fourth, cyber terror and deterioration of security, fifth, security problems of Korea including the drain of military information and solutions in the views of organization, personnel, technology and budget, comparing with other countries.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.11
• /
• pp.2022-2028
• /
• 2017

Recently, the energy shortage of sensors and the leakage of private information are considered as serious problems as the number of sensors is increasing due to the technological advance in Internet-of-Things. RF energy harvesting, in which sensors collect energy from external RF signals, and physical layer security become increasingly important to solve these problems. In this paper, we propose a time switching-based network analog coding for improving information security in wireless networks where the relay can harvest energy from source signals. We formulate 2-hop relay networks where an eavesdropper tries to overhear source signals, and find an optimal time switching ratio for maximizing the minimum required secrecy capacity using mathematical analysis. Through simulations under various environments, it is shown that the proposed scheme improves the minimum required secrecy capacity significantly, compared to the conventional scheme.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.249-254
• /
• 2014

Recent advancement of USN technology has lent itself to the evolving communication technology for implantable devices in the field of medical service. The wireless transmission section for communication between implantable medical devices and patients is a cause of concern over invasion of privacy, resulting from external attackers' hacking and thus leakage of private medical information. In addition, any attempt to manipulate patients' medical information could end up in serious medical issues. The present study proposes an authentication protocol safe against intruders' attacks when RFID/USN technology is applied to implantable medical devices. Being safe against spoofing, information exposure and eavesdropping attacks, the proposed protocol is based on hash-function operation and adopts session keys and random numbers to prevent re-encryption. This paper verifies the security of the proposed protocol using the formal verification tool, Casper/FDR.