• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of Internet Technology
• /
• v.22 no.6
• /
• pp.1287-1297
• /
• 2021

Data aggregation is the significant process in which the information is gathered and combines data to decrease the amount of data transmission in the WSN. The sensor devices are susceptible to node attacks and security issues such as data confidentiality and data privacy are extremely important. A novel technique called Ruzicka Index Regressive Homomorphic Ephemeral Key Benaloh Cryptography (RIRHEKBC) technique is introduced for enhancing the security of data aggregation and data privacy in WSN. By applying the Ruzicka Index Regressive Homomorphic Ephemeral Key Benaloh Cryptography, Ephemeral private and public keys are generated for each sensor node in the network. After the key generation, the sender node performs the encryption using the receiver public key and sends it to the data aggregator. After receiving the encrypted data, the receiver node uses the private key for decrypting the ciphertext. The key matching is performed during the data decryption using Ruzicka Indexive regression function. Once the key is matched, then the receiver collects the original data with higher security. The simulation result proves that the proposed RIRHEKBC technique increases the security of data aggregation and minimizes the packet drop, and delay than the state-of-the- art methods.

• The Journal of Society for e-Business Studies
• /
• v.4 no.3
• /
• pp.159-178
• /
• 1999

As Electronic Commerce is getting larger, the volume of Internet-based commerce by enterprise is also getting larger. This phenomenon applies to Internet EDI, Global Internet Business, and CALS information services. In this paper, a new type of cryptographic key recovery mechanism satisfying requirements of business environment is proposed. It is also applied to enterprise information infrastructure for managing employees' task related to handling official properties of electronic enterprise documents exchange. This technology needs to be complied to information management policy of a certain enterprise environment because behavior of cryptographic key recovery can cause interruption of the employees' privacy. However, the cryptographic key recovery mechanism is able to applied to any kind of information service, the application areas of key recovery technology must be seriously considered as not disturbing user's privacy It will depend on the policy of enterprise information management of a specific company.

• Knowledge Management Research
• /
• v.13 no.4
• /
• pp.83-100
• /
• 2012

Given the prevalence of mobile social network services (SNS) such as Facebook and Kakaotalk, it has become important to understand user's continuance behavior in a mobile SNS environment. Although trust and privacy concerns play a key role in SNS users' decision-making processes, most studies on SNS have shed little light on the effects of trust and privacy concerns on SNS continuance intention. In this regard, this paper developed an integrated model to deeply understand the key antecedents of user's continuance intention to use mobile SNS by incorporating trust and privacy concerns into extended expectation-confirmation model. The proposed research model was tested by using survey data collected from 170 users who have experience with Kakaotalk. The findings of this study found that the proposed theoretical framework provides a statistically significant explanation of the variance in continuance intention of mobile SNS. The analysis results indicate that trust serves as the salient antecedent of continuance intention to use mobile SNS. However, it was found that privacy concerns negatively influence trust, whereas it is not significantly related to continuance intention of mobile SNS. The theoretical and practical implications of the findings were described.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.35-41
• /
• 2016

Internet of Things (IoT) services are widely used in appliances of daily life and industries. IoT services also provide various conveniences to users and are expected to affect value added of all industries and national competitiveness. However, a variety of security threats are increased in IoT environments and lowers reliability of IoT devices and services that make some obstacles for commercialization. The attacks arising in IoT environments are making industrial and normal life accidents unlike existing information leak and monetary damages, and can expand damage scale of leakage of personal information and privacy more than existing them. To solve these problems, we design a session key based access control scheme for secure communications in IoT environments. The proposed scheme reinforces message security by generating session key between device and access control network system. We analyzed the stability of the proposed access scheme in terms of data forgery and corruption, unauthorized access, information disclosure, privacy violations, and denial of service attacks. And we also evaluated the proposed scheme in terms of permission settings, privacy indemnity, data confidentiality and integrity, authentication, and access control.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.35-44
• /
• 2009

To protect sensitive personal information, data will be stored in encrypted form. However in order to retrieve these encrypted data without decryption, there need efficient search methods to enable the retrieval of the encrypted data. Until now, a number of searchable encryption schemes have been proposed but these schemes are not suitable when dynamic users who have the permission to access the data share the encrypted data. Since, in previous searchable encryption schemes, only specific user who is the data owner in symmetric key settings or has the secret key corresponding to the public key for the encrypted data in asymmetric key settings can access to the encrypted data. To solve this problem, Stephen S. Yau et al. firstly proposed the controlled privacy preserving keyword search scheme which can control the search capabilities of users according to access policies of the data provider. However, this scheme has the problem that the privacy of the data retrievers can be breached. In this paper, we firstly analyze the weakness of Stephen S. Yau et al.'s scheme and propose privacy preserving keyword search with access control. Our proposed scheme preserves the privacy of data retrievers.

• Knowledge Management Research
• /
• v.18 no.1
• /
• pp.159-176
• /
• 2017

Recently, the popularity of smartphones has led to a dramatic increase in the frequency of use of App(Application) services. LBS (Location-Based Service) App service adopts various methods such as push marketing and useful information by region through providing location-based service based on the location of the consumer. In particular, an enterprise or an App management company can provide necessary information to the consumer through the necessary information among the customer related knowledge information obtained by utilizing the location information of the consumer in real time. Nevertheless, since LBS is a service that can be performed only when the company obtains consent to provide location information voluntarily by the consumer, there is a case of privacy infringement due to consumers' use of personal information. The purpose of this study is to identify the characteristics of privacy related variables and the knowledge structure for consumer value formation based on the theory of privacy calculation. We also compared the characteristics of Korea with those of China in privacy issue. As a result of the analysis, it was confirmed that factors such as information utilization ability and information control ability were influential as a key factor of privacy calculation. In addition, perceived value influences the reputation of the LBS App service.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.8
• /
• pp.2083-2100
• /
• 2023

The rise of Industry 5.0 has led to a smarter and more digital way of doing business, but with it comes the issue of user privacy and security. Only when privacy and security issues are addressed, will users be able to transact online with greater peace of mind. Thus, to address the security and privacy problems associated with industry blockchain technology, we propose a privacy protection scheme for online financial transactions based on verifiable ring signatures and blockchain by comparing and combining the unconditional anonymity provided by ring signatures with the high integrity provided by blockchain technology. Firstly, we present an algorithm for verifying ring signature based on distributed key generation, which can ensure the integrity of transaction data. Secondly, by using the block chain technique, we choose the proxy node to send the plaintext message into the block chain, and guarantee the security of the asset transaction. On this basis, the designed scheme is subjected to a security analysis to verify that it is completely anonymous, verifiable and unerasable. The protection of user privacy can be achieved while enabling online transactions. Finally, it is shown that the proposed method is more effective and practical than other similar solutions in performance assessment and simulation. It is proved that the scheme is a safe and efficient online financial transaction ring signature scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1229-1248
• /
• 2016

With the feature of convenience and low cost, remote healthcare monitoring (RHM) has been extensively used in modern disease management to improve the quality of life. Due to the privacy of health data, it is of great importance to implement RHM based on a secure and dependable network. However, the network connectivity of existing RHM systems is unreliable in disaster area because of the unforeseeable damage to the communication infrastructure. To design a secure RHM system in disaster area, this paper presents a Secure VANET-Assisted Remote Healthcare Monitoring System (SVC) by utilizing the unique "store-carry-forward" transmission mode of vehicular ad hoc network (VANET). To improve the network performance, the VANET in SVC is designed to be a two-level network consisting of two kinds of vehicles. Specially, an innovative two-level key management model by mixing certificate-based cryptography and ID-based cryptography is customized to manage the trust of vehicles. In addition, the strong privacy of the health information including context privacy is taken into account in our scheme by combining searchable public-key encryption and broadcast techniques. Finally, comprehensive security and performance analysis demonstrate the scheme is secure and efficient.