상세정보
학술대회
A Personal Information Leakage Prevention Method on the Internet
Cited 4 time in 
Download 0 time
Share 
Download 0 time
Share
- 발행일
- 200606
- 출처
- International Symposium on Consumer Electronics (ISCE) 2006, pp.646-650
- 협약과제
- 06MK1900, e-Identity 보호용 공통보안 서비스 플랫폼 기술 개발, 진승헌
- 초록
- In this paper, we propose a method for preventing personal information leakage on the Internet. The leakage of the personal information might cause severe problems such as privacy violation, impersonation, spam mail, and financial fraud. The main ways of the personal information leakage are the leakage of the personal information registered in web site, the Internet Phishing, and the spyware. The basic idea of our method for preventing these types of personal information leakage is "Do not send the personal information to a hazardous recipient". Every network packet transferred from a user's PC to a server via the Internet is inspected to check if the packet contains the user's personal information. When a packet containing personal information is detected, a decision about safety of the transfer is made. After decision is made, the packet sent to an unsafe destination is dismissed. The decision is made based on the predefined user control policy. The user policy specifies the safeness of a transfer in considering the information such as type of transferred personal information, the application that sends the packet and the trustworthiness of the recipient. The destination's trustworthiness is managed and provided by a trusted third party. In this paper, we present the explanation of information leakage problem and the description of related work. The presentation of our model for controlling personal information transfer and a description of the system architecture for implementing our model is included. And some security analysis of our method that shows the effectiveness of the proposed method is also presented. ©2006 IEEE.
- KSP 제안 키워드
- Control policy, Financial Fraud, Information Leakage Prevention, Information transfer, Internet phishing, Personal information, Prevention method, Privacy violation, Spam mail, System architecture, Trusted Third Party