• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.5100-5119
• /
• 2018

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.

• International Journal of Contents
• /
• 제6권3호
• /
• pp.15-18
• /
• 2010

Grid system is based on the Grid Security Infrastructure (GSI). GSI uses user's proxy to guarantee availability among multi-trust domains. Since grid system has been developed focusing on availability, GSI provides authentication and authorization performed by systems, but there are lacks of privacy consideration. For this reason, some researchers decide to use their own cluster system and do not want to use public grid systems. In this paper, we introduce a new privacy enhanced security mechanism for grid systems. With this mechanism, user can participate in resource allocation and authorization to user's contents more actively. This mechanism does not need to change previous middleware and minimize the computational overheads.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권8호
• /
• pp.2490-2506
• /
• 2022

In Mobile Edge Computing (MEC), attackers can speculate and mine sensitive user information by eavesdropping wireless channel status and offloading usage pattern, leading to user privacy leakage. To solve this problem, this paper proposes a Privacy-preserving and Energy-efficient Offloading Algorithm (PEOA) based on Lyapunov optimization. In this method, a continuous Markov process offloading model with a buffer queue strategy is built first. Then the amount of privacy of offloading usage pattern in wireless channel is defined. Finally, by introducing the Lyapunov optimization, the problem of minimum average energy consumption in continuous state transition process with privacy constraints in the infinite time domain is transformed into the minimum value problem of each timeslot, which reduces the complexity of algorithms and helps obtain the optimal solution while maintaining low energy consumption. The experimental results show that, compared with other methods, PEOA can maintain the amount of privacy accumulation in the system near zero, while sustaining low average energy consumption costs. This makes it difficult for attackers to infer sensitive user information through offloading usage patterns, thus effectively protecting user privacy and safety.

• Asia pacific journal of information systems
• /
• 제18권1호
• /
• pp.145-162
• /
• 2008

One of the big concerns in e-society is privacy issue. In special, in developing robust ubiquitous smart space and corresponding services, user profile and preference are collected by the service providers. Privacy issue would be more critical in context-aware services simply because most of the context data themselves are private information: user's current location, current schedule, friends nearby and even her/his health data. To realize the potential of ubiquitous smart space, the systems embedded in the space should corporate personal privacy preferences. When the users invoke a set of services, they are asked to allow the service providers or smart space to make use of personal information which is related to privacy concerns. For this reason, the users unhappily provide the personal information or even deny to get served. On the other side, service provider needs personal information as rich as possible with minimal personal information to discern royal and trustworthy customers and those who are not. It would be desirable to enlarge the allowable personal information complying with the service provider's request, whereas minimizing service provider's requiring personal information which is not allowed to be submitted and user's submitting information which is of no value to the service provider. In special, if any personal information required by the service provider is not allowed, service will not be provided to the user. P3P (Platform for Privacy Preferences) has been regarded as one of the promising alternatives to preserve the personal information in the course of electronic transactions. However, P3P mainly focuses on preserving the buyers' personal information. From time to time, the service provider's business data should be protected from the unintended usage from the buyers. Moreover, even though the user's privacy preference could depend on the context happened to the user, legacy P3P does not handle the contextual change of privacy preferences. Hence, the purpose of this paper is to propose a mutual P3P-based negotiation mechanism. To do so, service provider's privacy concern is considered as well as the users'. User's privacy policy on the service provider's information also should be informed to the service providers before the service begins. Second, privacy policy is contextually designed according to the user's current context because the nomadic user's privacy concern structure may be altered contextually. Hence, the methodology includes mutual privacy policy and personalization. Overall framework of the mechanism and new code of ethics is described in section 2. Pervasive platform for mutual P3P considers user type and context field, which involves current activity, location, social context, objects nearby and physical environments. Our mutual P3P includes the privacy preference not only for the buyers but also the sellers, that is, service providers. Negotiation methodology for mutual P3P is proposed in section 3. Based on the fact that privacy concern occurs when there are needs for information access and at the same time those for information hiding. Our mechanism was implemented based on an actual shopping mall to increase the feasibility of the idea proposed in this paper. A shopping service is assumed as a context-aware service, and data groups for the service are enumerated. The privacy policy for each data group is represented as APPEL format. To examine the performance of the example service, in section 4, simulation approach is adopted in this paper. For the simulation, five data elements are considered: $\cdot$ UserID $\cdot$ User preference $\cdot$ Phone number $\cdot$ Home address $\cdot$ Product information $\cdot$ Service profile. For the negotiation, reputation is selected as a strategic value. Then the following cases are compared: $\cdot$ Legacy P3P is considered $\cdot$ Mutual P3P is considered without strategic value $\cdot$ Mutual P3P is considered with strategic value. The simulation results show that mutual P3P outperforms legacy P3P. Moreover, we could conclude that when mutual P3P is considered with strategic value, performance was better than that of mutual P3P is considered without strategic value in terms of service safety.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권9호
• /
• pp.4771-4787
• /
• 2019

Aimed at the disclosure risk of mobile terminal user's location privacy in location-based services, a location-privacy protection scheme based on similar trajectory substitution is proposed. On the basis of the anonymized identities of users and candidates who request LBS, this scheme adopts trajectory similarity function to select the candidate whose trajectory is the most similar to user's at certain time intervals, then the selected candidate substitutes user to send LBS request, so as to protect user's privacy like identity, query and trajectory. Security analyses prove that this scheme is able to guarantee such security features as anonymity, non-forgeability, resistance to continuous query tracing attack and wiretapping attack. And the results of simulation experiment demonstrate that this scheme remarkably improve the optimal candidate' trajectory similarity and selection efficiency.

• 정보보호학회논문지
• /
• 제31권3호
• /
• pp.341-351
• /
• 2021

최근에 분산ID관리처럼 개인정보를 주체적으로 관리하는 기술이 주목받고 있지만, 기존에 제시된 블록체인 기반의 접근제어 연구들은 사용자에게 충분한 수준의 개인정보 접근제어 방안을 제공하지 못하고 있다. 본 논문은 퍼미션 블록체인 기술과 표준화된 프라이버시 보호 기술을 결합한 방안을 제안한다. 사용자의 접근제어 개입을 위해 프라이버시 제어 표준인 UMA2를 준용하는 토큰 기반의 사용자 접근제어 서비스를 블록체인 분산어플리케이션에 적용하였다. 블록체인과 UMA2를 연동함으로써 기존 블록체인이 제공하지 못했던 사용자 중심의 접근제어 기능을 제공한다. 또한 UMA2의 단점인 엔터티의 프라이버시 문제와 보안성, 가용성 이슈를 해결하였다.

• 정보과학회 컴퓨팅의 실제 논문지
• /
• 제22권12호
• /
• pp.675-680
• /
• 2016

다양한 모바일 기기와 모바일 플랫폼 기술의 발전에 따라 online social network(OSN) 사용자 수는 꾸준히 증가하고 있다. OSN 사용자들은 서비스를 통해 자유로운 의사소통과 정보 공유, 그리고 인맥 확대와 같은 사회적 활동을 할 수 있게 되지만, 이는 새로운 사용자 프라이버시 문제를 야기 한다. 이와 같은 사용자 프라이버시 침해 우려를 막기 위해 다양한 분산 OSN 아키텍처들이 소개되어 왔지만, 이 또한 기술적으로 사용자에게 자신의 데이터에 대해 완벽한 통제권을 부여하지 못한다. 본 논문은 OSN 사용자 정보에 대한 통제권의 부재를 해결하기 위해 personal data storage(PDS)를 사용한다. 또한 사용자 친구들을 각기 다른 프라이버시 레벨을 가지는 친구 그룹으로 그룹핑 한 뒤 각기 다른 사용자 친구 그룹들이 자신의 그룹 프라이버시 레벨에 맞는 사용자의 차등된 텍스트 데이터를 제공받도록 함으로써 사용자 프라이버시와 서비스 유틸리티 모두를 고려한 시스템 아키텍처를 제안하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권8호
• /
• pp.3328-3349
• /
• 2020

With rapid development of ubiquitous computing and location-based services (LBSs), human trajectory data and associated activities are increasingly easily recorded. Inappropriately publishing trajectory data may leak users' privacy. Therefore, we study publishing trajectory data while preserving privacy, denoted privacy-preserving activity trajectories publishing (PPATP). We propose S-PPATP to solve this problem. S-PPATP comprises three steps: modeling, algorithm design and algorithm adjustment. During modeling, two user models describe users' behaviors: one based on a Markov chain and the other based on the hidden Markov model. We assume a potential adversary who intends to infer users' privacy, defined as a set of sensitive information. An adversary model is then proposed to define the adversary's background knowledge and inference method. Additionally, privacy requirements and a data quality metric are defined for assessment. During algorithm design, we propose two publishing algorithms corresponding to the user models and prove that both algorithms satisfy the privacy requirement. Then, we perform a comparative analysis on utility, efficiency and speedup techniques. Finally, we evaluate our algorithms through experiments on several datasets. The experiment results verify that our proposed algorithms preserve users' privay. We also test utility and discuss the privacy-utility tradeoff that real-world data publishers may face.

• 정보보호학회논문지
• /
• 제26권1호
• /
• pp.209-226
• /
• 2016

최근 금융과 IT가 결합된 핀테크에 대한 관심이 증가하고 있다. 현재 핀테크 서비스는 확산 초기 단계에 있으며, 사용 확산을 위한 이슈로서 정보 보안 이슈가 대두되고 있다. 본 연구에서는 핀테크 서비스 실 사용자들이 인지하는 정보프라이버시 염려를 중심으로 사용 저항 정도를 분석하고, 이들에 영향을 주는 요인들로 사회적 영향 정도와 모바일 인터넷 활용 능력을 분석하였다. 특히, 본 연구에서는 사용자의 조절초점성향과 정보프라이버시 염려의 상호작용이 사용자 저항에 미치는 효과를 검증하였다. 이를 통해, 핀테크 서비스에 대한 저항 감소 및 사용 확산을 위한 전략적 시사점을 제공하고자 한다.

• 융합정보논문지
• /
• 제8권3호
• /
• pp.79-84
• /
• 2018

클라우드 서비스는 다양한 매체를 통해 손쉽게 사용할 수 있어 많은 사용자로부터 많은 각광을 받고 있다. 그러나, 클라우드 서비스를 사용하는 사용자의 프라이버시를 악용하는 다양한 보안 피해가 증가하고 있어 이를 예방할 수 있는 기술들이 부족한 상황이다. 본 논문에서는 클라우드 환경에서 사용자의 프라이버시를 제3자가 불법적으로 악용하지 않도록 사용자의 프라이버시를 안전하게 보호하기 위한 보호 모델을 제안한다. 제안 모델은 중간 관리자와 클라우드 서버의 역할을 강화하기 위해서 사용자의 서명을 랜덤하게 분할 관리하고 있다. 제안 모델에서 사용자의 프라이버시 정보는 보안함수와 사용자 서명을 통해 클라우드 서버가 사용자에게 제공하고 있기 때문에 제3자에게 불법적으로 유출되는 것을 막고 있다. 또한, 사용자의 프라이버시 보호에 곱셈군의 랜덤수와 일방행 해쉬 함수를 해쉬체인으로 묶음으로써 사용자의 서명을 안전하게 사용할 수 있다. 성능평가 결과, 제안 모델은 기존 모델보다 데이터의 처리시간이 평균 24.5% 향상된 결과를 얻었고, 사용자의 프라이버시 정보를 그룹 관리하기 때문에 기존 모델보다 효율성이 13.7% 향상되었다.