A Virtual-Synchronized-File Based Privacy Protection System

Transcription

1 Vol.133 (Information Technology and Computer Science 2016), pp A Virtual-Synchronized-File Based Privacy Protection System Hye-Lim Jeong 1, Ki-Woong Park 2 System security Lab Daejeon University, Daejeon, Korea 1, Dept. Information Security, Daejeon University, Daejeon, Korea 2 hyello13@gmail.com 1, woongbak@dju.kr 2 Abstract. Following the revision of the personal information protection law, persons handling the personal information experience difficulties in adjusting to revised laws. In this paper, we propose an automated privacy protection system enhanced with a Virtual Synchronized File (VSF) concept. The VSF allows users to access a privacy file in a same manner with a normal document file and internally performs encryption/decryption and isolated store, which is to comply with the information protection law without user interventions. Keyword: Privacy Protection, Access Control, File Virtualization 1 Introduction About thousands of personal information leak of Korea are hacked every year [1]. To prevent the privacy leakage, Korea government revised personal information protection law in 2015 [2]. By the revised personal information protection laws, files containing private data (ID, mobile phone number, etc.) on PCs must be encrypted and to be deleted in a secure manner when the files are deleted. The privacy files has to be stored in a separate storage system. The revised laws give difficulty of privacy management to user. For instance, a user has to check all files stored in client storage whether the files contain personal information and if the file contains personal information, then the user must encrypts the file manually. Then, a user has to remember a key to access encrypted privacy file. In addition, when a user wants to delete a file containing the personal information, the user must perform a secure delete operation for keeping the file from file recovery techniques [3, 4]. In this paper, we propose the automated privacy protection system enhanced with Virtual Synchronized File, keeping convenience by providing conventional user experience even though performing security operations to comply with the laws. The remainder of this paper is organized as follows: Section II describes overall system design of the proposed system. Section III presents operation flow in more details. Finally, Section IV gives the conclusion and future work. This work was supported by the Human Resource Training Program for Regional Innovation and Creativity through the Ministry of Education and National Research Foundation of Korea (2015H1C1A ) ISSN: ASTL Copyright 2016 SERSC

2 2 Overall System Design Fig 1-(a) describes that a user have to what to do for complying with the personal information protection law. In accordance with the laws, users have to encrypt a file containing personal information. If the file need to be eliminated, the file have to be deleted in an unrecoverable manner. In addition, the file must be stored on an isolated storage. As a remedy to these inconveniences for keeping the laws, we proposed an automated privacy protection system to comply with the laws automatically. Fig 1-(b) shows a proposed privacy protection system enhanced with Virtual Synchronized File(VSF), which manages file containing the personal information. The VSF is a normal file which has a specific extension with a specific rule so that a user can open the VSF like a normal data file. Consequently, VSF gives users a transparent user experience by providing identical file access scheme in comparison to the conventional file system [5, 6] even though the proposed system comply with the laws without user intervention. More specific operation flow for keeping the laws is described in Section III-1 and Section III-2. The main contribution of this paper can be itemized as follow: First, we proposed an automated privacy protection system enhanced with VSF. In a result, VSF enable a user to access personal information file stored in server in an exactly same manner of normal file execution. Second, the system is able to conserve client s storage space by replacing the original file to 1KB size VSF file (regardless of size of original file). Fig. 1. A virtual synchronized file based privacy protection system (a) Required actions (users view) for complying with the personal information protection law (b) Proposed automated privacy protection system 30 Copyright 2016 SERSC

3 3 Overall Operation Flow of Privacy Protection System 3.1 Phase1: Operation flow for privacy detection and VSF creation As shown Fig. 2, a privacy detector detects file containing personal information within the client storage. Then privacy protection agent performs operations to comply with the laws. First, the agent compresses the detected file to reduce network traffic and conserve storage space by using gzip algorithm. After the compression, the agent generates a key(ek) for encryption and encrypts the compressed file. The corresponding metadata for the file including EK, file name and hash value are stored at client database. Then, the encrypted file and the hosting information including an agent id(id), file name, MAC, session are uploaded to a privacy protection server (Msg. 1). On the reception of the Msg. 1, the server manager stores the hosting information (Msg. 1) and the encrypted file in server database to manage the received file containing the personal information. Then, Client received an acknowledgement message (Msg. 2). Finally, agent creates a corresponding VSF and deletes the data region of the original file. 3.2 Phase2: Operation flow of VSF execution Fig.3 shows an operation flow of VSF execution. Once a user open a VSF, client agent checks whether a current session status is valid or not. If a valid session has been established, the agent requests login authentication to user through MSG. 3. Then a generated valid session value by the server is sent to the agent over MSG. 4. Because the session value has the expiration time, the server will re-issue the session if the session is expired. This process is for protecting the personal information from any other third party. After the authentication, the client agent requests a file to server by reading index value of the file stored in server. Fig. 2. Operation flow for privacy detection and VSF creation (Phase 1) Copyright 2016 SERSC 31

4 Then, the server sends the corresponding file to client agent. The client agent decrypts and decompresses the received file and opens the file using corresponding application program. When the opened file is closed by the user, the agent check whether the opened file has been modified or not, and the next process varies according to this result. In case of no-change, it simply finishes. Otherwise, if any part of the file has been modified, then, it leaves new record in client database, encrypts the modified region of the file, and sends it to the server. Fig. 3. Operation flow of VSF execution (Phase 2) 4 Conclusion Following the revision of the personal information protection law, persons handling the personal information experience difficulties in adjusting to revised laws. As a remedy to the challenging issues, we propose the automated privacy protection system enhanced with Virtual Synchronized File, keeping convenience by providing conventional user experience even though performing security operations to comply with the laws. In addition, Virtual synchronized file is efficiency because VSF equally has 1KB size regardless of size of original files 32 Copyright 2016 SERSC

5 References 1. Y.C-W, "Risk of Information Leak Growing in Korea", KOREA IT TIMES, July 2015, url: 2. Korea Personal Information Protection Act. url: 3. Yee, Ka-Ping. "Aligning security and usability." IEEE Security & Privacy 5 (2004): Rozenberg, Yigal, Ulf Mattsson, and Raul Ortega. "Assignment of security contexts to define access permissions for file system objects." U.S. Patent No. 9,230, Jan Yu, Yong, et al. "Remote data possession checking with enhanced security for cloud storage." Future Generation Computer Systems 52 (2015): Yeh, Her-Tyan, Etc. "User authentication of smart mobile devices and cloud storage services." Innovation in Design, Communication and Engineering: Proceedings of the rd International Conference on Innovation, Communication and Engineering (ICICE 2014), Guiyang, Guizhou, PR China, October 17-22, CRC Press, Copyright 2016 SERSC 33