• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.12
• /
• pp.6121-6144
• /
• 2019

Numerous privacy-preserving authentication schemes have been proposed but vehicular ad hoc networks (VANETs) still suffer from security and privacy issues as well as computation and communication overheads. In this paper, we proposed a robust conditional privacy-preserving authentication scheme based on pseudonym root with cuckoo filter to meet security and privacy requirements and reduce computation and communication overheads. In our proposed scheme, we used a new idea to generate pseudonyms for vehicles where each on-board unit (OBU) saves one pseudonym, named as "pseudonym root," and generates all pseudonyms from the same pseudonym. Therefore, OBU does not need to enlarge its storage. In addition, the scheme does not use bilinear pairing operation that causes computation overhead and has no certification revocation list that leads to computation and communication overheads. The proposed scheme has lightweight mutual authentication among all parties and just for once. Moreover, it provides strong anonymity to preserve privacy and resists ordinary attacks. We analyzed our proposed scheme and showed that it meets security and privacy requirements of VANETs and is more efficient than traditional schemes. The communication and computation overheads were also discussed to show the cost-effectiveness of the proposed scheme.

• Journal of Information Processing Systems
• /
• v.15 no.5
• /
• pp.1036-1054
• /
• 2019

Recently, concomitant with a surge in numbers of Internet of Things (IoT) devices with various sensors, mobile crowdsensing (MCS) has provided a new business model for IoT. For example, a person can share road traffic pictures taken with their smartphone via a cloud computing system and the MCS data can provide benefits to other consumers. In this service model, to encourage people to actively engage in sensing activities and to voluntarily share their sensing data, providing appropriate incentives is very important. However, the sensing data from personal devices can be sensitive to privacy, and thus the privacy issue can suppress data sharing. Therefore, the development of an appropriate privacy protection system is essential for successful MCS. In this study, we address this problem due to the conflicting objectives of privacy preservation and incentive payment. We propose a privacy-preserving mechanism that protects identity and location privacy of sensing users through an on-demand incentive payment and group signatures methods. Subsequently, we apply the proposed mechanism to one example of MCS-an intelligent parking system-and demonstrate the feasibility and efficiency of our mechanism through emulation.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.1-16
• /
• 2006

The vulnerability of privacy in the Identity Management System (IMS) is the most pressing concern of ordinary users. Uncertainty about privacy keeps many users away from utilization of IMS. Therefore, this paper proposes an access-control oriented privacy model for IMS. The proposed model protects privacy using access control techniques with privacy policies in a single circle of trust. We address characteristics of the components of for the proposed model and describe access control procedures. After that, we show the architecture of privacy enforcement and XML-based schema for privacy policies.

• Journal of Information Technology Applications and Management
• /
• v.14 no.3
• /
• pp.151-168
• /
• 2007

RFID is an emerging technology and rapidly applied to various industries due to its high-tech characteristic and convenience. Although RFID provides valuable benefits. it might also generate serious privacy problems. Previous studies show that privacy issues should be incorporated in developing RFID systems and more detailed privacy protection methods. However. they just provide basic concept, rough guideline. and simple architecture about RFID privacy protection. Industry needs more structured framework and detailed systematic process to incorporate privacy issues into the RFID system. The purpose of this paper is to develop a framework and detailed process design of RFID privacy protection issues in retail industries. A framework is developed based on individual sensitivity concept, RFID contents, and interface with EPC global standard. Case study is applied to validate the framework and it turns out to be useful. It is expected that the proposed framework and process design would provide more systematic guide lines to solving RFID privacy problems.

• Journal of Information Technology Applications and Management
• /
• v.21 no.2
• /
• pp.149-165
• /
• 2014

This paper has studied whether cultural factors have an effect on privacy concern of Internet users in Korea and China. The result has shown that power distance, individualism, uncertainty avoidance, and long-term orientation are positively related to privacy concern, while masculinity is negatively related to privacy concern. This study has also found some similarities and differences between the two countries. First, privacy concern of Korean Internet users is significantly higher than that of Chinese users. Second, individualism and uncertainty avoidance significantly affect privacy concern in both Korea and China, although individualism in Korea has stronger effect than that in China. Third, long term orientation has a significant effect in only Korea while power distance is significant only in China. These results suggest that an online company doing businesses in multiple countries should have country-specific privacy policies to deal with the privacy concern of Internet users in different countries.

• Information Systems Review
• /
• v.11 no.2
• /
• pp.91-111
• /
• 2009

Collection and use of personal information have enabled firms to improve their value propositions by offering personalization. On the other hand, they have caused widespread concerns by consumers that their privacy is invaded. Because previously distributed personal information can be integrated and utilized to offer more personalized services, those concerns may be intensified with the progress of the digital convergence environment. In this study, factors for privacy invasion and their impact on the privacy concerns are suggested. Then, an empirical study is conducted to examine some of the suggestions. From the analysis, several results are derived. First, as more personal data are collected, secrecy and autonomy concerns increase exponentially rather than steadily. Second, as targeting accuracy is improved, greater secrecy and autonomy concerns are expressed by consumers, but less seclusion concerns. Finally, monetary reward such as coupons can reduce seclusion concerns when targeting accuracy is high. Based on the results, implications for managing consumer privacy concerns are provided under digital convergence environment.

• Journal of Korean Society for Quality Management
• /
• v.46 no.4
• /
• pp.877-898
• /
• 2018

Purpose: This study empirically examines the effect of Communication Privacy Management(CPM) factors and Privacy Calculus factors to the intention to disclose Personal Health Information(PHI) in the context of healthcare ecosystem. Also, it investigates the moderating effects of CPM factors in the relationship between privacy calculus variables and the intention to disclose PHI. Methods: We conducted scenario-based repeated-measures quasiexperiment and used total 364 samples for analysis. Confirmatory factor analysis and repeated-measure ANOVA were employed using SPSS 24.0. Results: All CPM factors, such as type of information, requesting purpose, and requesting stakeholder, directly influence to the intention to disclose PHI, whereas only the medium trust out of the Privacy Calculus factors has direct influence on the intention to disclose PHI. With regard to the moderating effects, the requesting stakeholder is the most influential and the information type is the least influential construct. Conclusion: The findings suggest that healthcare system should be designed to provide more definite and personalized benefits to customers to enhance social and individual benefits by getting more participation from customers. Also, it is desirable that the requesting stakeholder of PHI would be non-profit organizations such as hospital, government or public agencies to secure more willingness of PHI from people. Furthermore, it is implied that extensive information gathering and utilization, instead of excluding sensitive information or critical patients' records, is recommended which is substantial to invigorate the healthcare industry.

• The Journal of the Korea Contents Association
• /
• v.11 no.3
• /
• pp.84-99
• /
• 2011

As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.175-184
• /
• 2014

The purpose of this study is to examine the factors influencing purchase intention of Location-Based Services (LBS) using privacy-trust-behavioral intention model. This model tests various theoretical research hypotheses relating to LBS, privacy-trust-behavioral intention model, and Concern for Information Privacy(CFIP). The target population of this study was LBS users. Data for this study were collected from January 21 to March 20, 2014. The data were gathered from 231 questionnaire respondents with experience using LBS. Among these reponses, 21 were excluded because of missing or inappropriate data. After removing the unsuitable questionnaires, a total of 210 surveys were considered for analysis. The results of hypothesis testing are as follows. First, location awareness positively influence privacy concerns. Second, privacy concerns negatively influence trust. Finally, trust positively influence purchase intention. The results of this study will provide various implication to improve purchase intention of LBS.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5100-5119
• /
• 2018

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.