Information Systems Review (경영정보학연구)

The Korea Society of Management Information Systems (한국경영정보학회)
권호 표지
DOI QR코드

DOI QR Code

Authing Service of Platform: Tradeoff between Information Security and Convenience

플랫폼의 소셜로그인 서비스(Authing Service): 보안과 편의 사이의 적절성

  • Eun Sol Yoo (Department of Logistics, Service & Operations Management, College of Business, Korea University) ;
  • Byung Cho Kim (Department of Logistics, Service & Operations Management, College of Business, Korea University)
  • Received : 2018.02.01
  • Accepted : 2018.03.27
  • Published : 2018.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Online platforms recently expanded their connectivity through an authing service. The growth of authing services enabled consumers to enjoy easy log in access without exerting extra effort. However, multiple points of access increases the security vulnerability of platform ecosystems. Despite the importance of balancing authing service and security, only a few studies examined platform connectivity. This study examines the optimal level of authing service of a platform and how authing strategies impact participants in a platform ecosystem. We used a game-theoretic approach to analyze security problems associated with authing services provided by online platforms for consumers and other linked platforms. The main findings are as follows: 1) the decreased expected loss of consumers will increase the number of players who participate in the platform; 2) linked platforms offer strong benefits from consumers involved in an authing service; 3) the main platform will increase its effort level, which includes security cost and checking of linked platform's security if the expected loss of the consumers is low. Our study contributes to the literature on the relationship between technology convenience and security risk and provides guidelines on authing strategies to platform managers.

소셜로그인 서비스(authing service)는 온라인 플랫폼들간의 연결을 더욱 용이하게 함으로써 온라인 플랫폼 생태계에 긍정적인 영향을 미치고 있다. 소비자들은 추가적인 로그인 없이 다른 플랫폼으로의 접근이 가능해졌으며 플랫폼들은 다른 플랫폼들로부터 잠정적인 소비자들을 유치할 수 있다는 점이 이점으로 작용한다. 하지만 보다 쉽게 다른 플랫폼에 접속할 수 있는 소셜로그인 서비스는 플랫폼 생태계의 보안을 취약하게 만들고 있다. 즉, 플랫폼들 간의 연결이 많아질수록 소비자들의 편의성은 높아지는 반면에 플랫폼의 보안은 취약해진다. 그러므로 본 연구는 소셜로그인 서비스의 편의성과 보안의 상반관계를 고려하여 플랫폼이 결정해야 하는 적절한 수준의 소셜로그인 서비스를 제시하였을 뿐만 아니라 소셜로그인 전략이 전체적인 플랫폼 생태계에 미치는 영향에 있어서는 게임이론법을 적용하여 분석하였다. 본 연구를 통해 제시한 결과는 다음과 같다. 첫째, 소비자들의 해킹에 대한 기대손실이 낮은 경우, 플랫폼 생태계 전반의 구성원 수는 증가하게 된다. 둘째, 소셜로그인 서비스에서 소비자가 증가할 경우, 연결된 플랫폼들(joint sites)은 소비자들로부터 더 많은 이익을 창출할 수가 있다. 마지막으로, 소비자들의 해킹에 대한 기대손실이 낮은 경우, 플랫폼 제공자들은 플랫폼의 보안과 관련된 노력이 필요하다. 본 연구에서 소셜로그인 서비스를 제공하는 플랫폼 기업들에 대한 연결성과 보안에 대한 방법을 제시하였고, 이외에 전체플랫폼을 분석, 관리하는 정책담당자에게 정책적인 방향을 제시하였다.

Keywords

Acknowledgement

This work was supported by the Institute for Business Research & Education (IBRE).

References

  1. 김종기, 오다운, "전자상거래의 프라이버시정책 인식이 개인정보제공의도에 미치는영향", Information Systems Review, 제18권, 제3호, 2016, pp. 185-207. https://doi.org/10.29214/damis.2016.35.4.011
  2. 안호주, 장재영, 김범수, "금융기관 종사자들을 정보보안 위험관리로 이끄는 요인", Information Systems Review, 제17권, 제3호, 2015, pp. 39-64. https://doi.org/10.14329/isr.2015.17.3.039
  3. 유소은, 김태하, 차훈상, "스마트폰 이용자의 모바일 광고 수용의사에 영향을 주는 요인: 개인화된 서비스, 개인정보보호, 광고 피로도 사이에서의 딜레마", Information Systems Review, 제17권, 제2호, 2015, pp. 77-100. https://doi.org/10.14329/isr.2015.17.2.077
  4. 최보미, 박민정, 채상미, "개인정보보호 기술수용행동에 영향을미치는 요인에 대한 연구", Information Systems Review, 제17권, 제3호, 2015, pp. 77-94. https://doi.org/10.14329/isr.2015.17.3.077
  5. Armstrong, M., "Competition in two-sided markets", The RAND Journal of Economics, Vol.37, No.3, 2006, pp. 668-691. https://doi.org/10.1111/j.1756-2171.2006.tb00037.x
  6. August, T. and T. I. Tunca, "Network software security and user incentives", Management Science, Vol.52, No.11, 2006, pp 1703-1720. https://doi.org/10.1287/mnsc.1060.0568
  7. August, T. and T. I. Tunca, "Who should be responsible for software security? A comparative analysis of liability policies in network environments", Management Science, Vol.57, No.5, 2011, pp 934-959. https://doi.org/10.1287/mnsc.1100.1304
  8. Bonneau, J., C. Herley, P. C. Van Oorschot, and F. Stajano, "The quest to replace passwords: A framework for comparative evaluation of web authentication schemes", IEEE Symposium on Security and Privacy, July 2012, pp. 553-567.
  9. Campbell, J., N. Greenauer, K. Macaluso, and C. End, "Unrealistic optimism in internet events", Computers in Human Behavior, Vol.23, No.3, 2007, pp. 1273-1284. https://doi.org/10.1016/j.chb.2004.12.005
  10. Cantafio, B., "Security vs. convenience. Is RSA secur ID the answer", Global Information Assurance Certification Paper, Vol.1, 2004, p. 4.
  11. Cavusoglu, H., H. Cavusoglu, and J. Zhang, "Security patch management: Share the burden or share the damage?", Management Science, Vol.54, No.4, 2008, pp. 657-670. https://doi.org/10.1287/mnsc.1070.0794
  12. Economides, N. and J. Tag, "Network neutrality on the Internet: A two-sided market analysis", Information Economics and Policy, Vol.24, No.2, 2012, pp. 91-104. https://doi.org/10.1016/j.infoecopol.2012.01.001
  13. Feng, T., Z. Liu, K. A. Kwon, W. Shi, B. Carbunar, Y. Jiang, and N. Nguyen, "Continuous mobile authentication using touchscreen gestures", IEEE Conference on Technologies, 2012, pp. 451-456.
  14. Freedman, L. P., M. C. Gibson, S. P. Ethier, H. R. Soule, R. M. Neve, and Y. A. Reid, "Reproducibility: Changing the policies and culture of cell line authentication", Nature Methods, Vol.12, No.6, 2015, pp. 493-497. https://doi.org/10.1038/nmeth.3403
  15. Glass, S., T. Hiller, S. Jacobs, and C. Perkins, "Mobile IP Authentication, Authorization, and Accounting Requirements", No. RFC 2977, 2000.
  16. Grosse, E. and M. Upadhyay, "Authentication at scale", IEEE Security & Privacy, Vol.11, No.1, 2013, pp. 15-22. https://doi.org/10.1109/MSP.2012.162
  17. Grossklags, J., N. Christin, and J. Chuang, "Secure or insure?: A game-theoretic analysis of information security games", In Proceedings of the 17th International Conference on World Wide Web, 2008, pp. 209-218.
  18. Hagiu, A., "Pricing and commitment by two sided platforms", The RAND Journal of Economics, Vol.37, No.3, 2006, pp. 720-737. https://doi.org/10.1111/j.1756-2171.2006.tb00039.x
  19. Huang, P., M. Ceccagnoli, C. Forman, and D. J. Wu, "Appropriability mechanisms and the platform partnership decision: Evidence from enterprise software", Management Science, Vol.59, No.1, 2013, pp. 102-121. https://doi.org/10.1287/mnsc.1120.1618
  20. Jeun, I., M. Kim, and D. Won, "Enhanced password-based user authentication using smart phone", International Conference on Grid and Pervasive Computing, 2012, pp 350-360.
  21. Katz, M. L. and C. Shapiro, "Network externalities, competition, and compatibility", The American Economic Review, Vol.75, No.3, 1985, pp. 424-440.
  22. Katz, M. L. and C. Shapiro, "Technology adoption in the presence of network externalities", The Journal of Political Economy, Vol.94, No.4, 1986, pp. 822-841. https://doi.org/10.1086/261409
  23. Kim, B. C. and Y. W. Park, "Security versus convenience? An experimental study of user misperceptions of wireless internet service quality", Decision Support Systems, Vol.53, No.1, 2012, pp. 1-11. https://doi.org/10.1016/j.dss.2011.08.006
  24. Kim, B. C., P. Y. Chen, and T. Mukhopadhyay, "The effect of liability and patch release on software security: The monopoly case", Production and Operations Management, Vol.20, No.4, 2011, pp. 603-617. https://doi.org/10.1111/j.1937-5956.2010.01189.x
  25. Lamport, L., "Password authentication with insecure communication", Communications of the ACM, Vol.24, No.11, 1981, pp. 770-772. https://doi.org/10.1145/358790.358797
  26. Li, Z. and A. Agarwal, "Platform integration and demand spillovers in complementary markets: Evidence from Facebook's integration of Instagram", Management Science, 2016, pp. 1-22.
  27. Neuman, B. C. and T. Ts'o, "Kerberos: An authentication service for computer networks", IEEE Communications Magazine, Vol.32, No.9, 1994, pp. 33-38. https://doi.org/10.1109/35.312841
  28. Rabkin, A., "Personal knowledge questions for fallback authentication: Security questions in the era of Facebook", In Proceedings of the 4th Symposium on Usable Privacy and Security, 2008, pp. 13-23.
  29. Rochet, J. C. and J. Tirole, "Platform competition in two-sided markets", Journal of the European Economic Association, Vol.1, No.4, 2003, pp. 990-1029. https://doi.org/10.1162/154247603322493212
  30. Ryan Holmes, "Hootsuite's CEO on what he learned from getting hacked on social media", Harvard Business Review, 2016, Available at https://hbr.org/2016/10/hootsuites-ceo-on-what-he-learned-from-getting-hacked-on-social-media/. 10/hootsuites-ceo-on-what-he-learned-from-getting-hacked-on-social-media/
  31. Tam, L., M. Glassman, and M. Vandenwauver, "The psychology of password management: A tradeoff between security and convenience", Behaviour & Information Technology, Vol.29, No.3, 2010, pp. 233-244. https://doi.org/10.1080/01449290903121386
  32. Wang, R., L. Xing, X. Wang, and S. Chen, "Unauthorized origin crossing on mobile platforms: Threats and mitigation", In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 635-646.
  33. Yenisey, M. M., A. A. Ozok, and G. Salvendy, "Perceived security determinants in e-commerce among Turkish university students", Behaviour & Information Technology, Vol.24, No.4, 2005, pp. 259-274. https://doi.org/10.1080/0144929042000320992