• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.2 s.332
• /
• pp.33-38
• /
• 2005

In this paper, we propose a password-based authenticated key exchange protocol which authenticates each other and shares a session key using only a small memorable password between a client and a server over an insecure channel. The proposed protocol allows an authenticated client to freely change a his/her own password. The protocol is also secure against various attacks and provides the perfect forward secrecy. Furthermore, it has good efficiency compared with the previously well-known password-based protocols with the same security requirements.

• Journal of Fisheries and Marine Sciences Education
• /
• v.28 no.3
• /
• pp.790-798
• /
• 2016

Currently, web-based online games is becoming popular in supporting learning process due to their effective and efficient tool. However, online games have lack of security aspect, in particular due to increase in the number of personal information leakage. Since the data are transmitted over insecure channel, it will be vulnerable of being intercepted by attackers who want to exploit user's identity. This paper aims to propose an online web-based educational game, Vidyanusa which allows the students to register their personal information using a unique code, a user name and a password. It manages the users according to their schools, subject teachers and class levels. In addition, by adopting a unique code, the confidentiality of the user identity can be kept away from attackers. Moreover, in order to provide a secure data communication between client and server, Secure Socket Layer (SSL) protocol is adopted. The performance of the system after implementing SSL protocol is examined by loading a number of requests for various users. From the experiment result, it can be concluded that the SSL protocol can be applied to web-based educational system in order to offer security services and reliable connection.

• Journal of KIISE:Information Networking
• /
• v.31 no.3
• /
• pp.252-258
• /
• 2004

In this paper, we propose a new authenticated key exchange protocol in which client and sever can mutually authenticate and establish a session key over an insecure channel using only a human memorable password. The proposed protocol is based on Diffie-Hellman scheme and has many of desirable security attributes: It resists off-line dictionary attacks mounted by either Passive or active adversaries over network, allowing low-entropy Passwords to be used safely. It also offers perfect forward secrecy, which protects past sessions when passwords are compromised. In particular, the advantage of our scheme is that it is secure against an impersonation attack, even if a server's password file is exposed to an adversary. The proposed scheme here shows that it has better performance when compared to the previous notable password-based key exchange methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.9
• /
• pp.1684-1697
• /
• 2011

We show that two protocols for RFID mutual authentication in pervasive computing environments, recently proposed by Kang et al, are vulnerable to several attacks. First, we show these protocols do not preserve the privacy of users' location. Once a tag is authenticated successfully, we show several scenarios where legitimate or illegitimate readers can trace the location of that tag without any further information about the tag's identifier or initial private key. Second, since the communication between readers and the database takes place over an insecure communication channel and in the plaintext form, we show scenarios where a compromised tag can gain access to confidential information that the tag is not supposed get access to. Finally, we show that these protocols are also vulnerable to the replay and denial-of-service attacks. While some of these attacks are due to simple flaws and can be easily fixed, others are more fundamental and are due to relaxing widely accepted assumptions in the literature. We examine this issue, apply countermeasures, and re-evaluate the protocols overhead after taking these countermeasures into account and compare them to other work in the literature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.59-69
• /
• 2004

Password-based authenticated group key exchange protocols provide a group of user, communicating over a public(insecure) channel and holding a common human-memorable password, with a session key to be used to construct secure multicast sessions for data integrity and confidentiality. In this paper, we present a password-based authenticated group key exchange protocol and prove the security in the random oracle model and the ideal cipher model under the intractability of the decisional Diffie-Hellman(DH) problem and computational DH problem. The protocol is scalable, i.e. constant round and with O(1) exponentiations per user, and provides forward secrecy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.199-206
• /
• 2008

Broadcast encryption is a cryptographical primitive which is designed for a content provider to distribute contents to only privileged qualifying users through an insecure channel. Anyone who knows public keys can distribute contents by means of public key broadcast encryption whose technique can also be applicable to many other applications. In order to design public key broadcast encryption scheme, it should devise some methods that convert a broadcast encryption scheme based on symmetric key cryptosystem to a public key broadcast encryption. Up to this point, broadcast encryption scheme on trial for converting from symmetric key setting to asymmetric public key setting has been attempted by employing the Hierarchical Identity Based Encryption (HIBE) technique. However, this converting method is not optimal because some of the properties of HIBE are not quite fitting for public key broadcast schemes. In this paper, we proposed new converting method and an efficient public key broadcast encryption scheme Pub-PI which is obtained by adapting the new converting method to the PI scheme [10]. The transmission overhead of the Pub-PI is approximately 3r, where r is the number of revoked users. The storage size of Pub-PI is O($c^2$), where c is a system parameter of PI and the computation cost is 2 pairing computations.

• Journal of KIISE:Information Networking
• /
• v.36 no.6
• /
• pp.471-480
• /
• 2009

One of the principal impediments to the achievement of a scalable access control for a large number of subscribers in a public broadcast is to distribute key update messages reliably to all stateless receivers. However, in a public broadcast, the rekeying messages can be dropped or compromised during the transmission over an insecure broadcast channel, or transmitted to the receivers while it was off-line. In this study, we propose a novel group key management scheme that features a mechanism that allows the legitimate receivers to recover the current group key even if they lose key update messages for long-term sessions using short hint messages and member computation. The performance analysis result shows that the proposed scheme has advantages of the scalable and efficient rekeying compared with the previous reliable group key distribution schemes. The proposed key management scheme targets a conditional access system in a media broadcast where there is no feedback channel from receivers to the broadcasting station.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.9 no.5
• /
• pp.451-457
• /
• 2016

To improve security in the data communication field, many studies on the application of chaotic signals to encryption have been conducted in recent years. In this study, a new security protocol where the initial value sensitivity and noise similarity of chaotic signals have been applied to an RFID communication channel was designed. In the case of chaotic systems, if the initial values become identical, the same signals are generated at the same time after that point even though the two systems have been calculated independently. Therefore, an unpredictable security channel can be produced based on such characteristics. However, a security channel can be produced only when an initial value is shared in advance, and thus there is a potential problem of infringement during the transmission of the initial value. To resolve this problem, a method in which a certain proportion of new chaotic signals are applied to two chaotic systems for communication and are then synchronized after some time was proposed. This new method can conceal the initial value, and thus can resolve the problem of the existing communication method using chaotic signals. The designed method was verified with the encryption and decryption of images. It is expected that a more secure RFID system could be established by applying the communication protocol proposed in this study to insecure RFID communication channels.

• Journal of Distribution Research
• /
• v.17 no.3
• /
• pp.59-92
• /
• 2012

With accumulated research evidence, there is little doubt that leadership behavior is related to a wide variety of positive individual and organizational outcomes. Indeed, leadership behavior has been empirically linked to increased employee satisfaction, organizational commitment, extra effort, turnover intention, organizational citizenship behavior, and overall employee performance. Although leadership behavior has been linked to a number of positive organizational outcomes, research regarding the antecedents of such behavior is limited. Especially there is little research dealing with the antecedents of inter-organizational leadership behavior. This study interests in inter-organizational ethical leadership among marketing channel members. In both the mass media and the academic association, there has been a surge in interest in the ethical and unethical behavior of leaders. Although the corporate scandals in recent years may explain much of the mass media and popular focus, academics' interest has been limited by evidence that ethical leadership behavior is associated with both positive and negative inter-organizational processes and performances. This study tried to contribute to this body of knowledge by examining antecedents of ethical leadership. Ethical leadership is defined "the demonstration of normatively appropriate conduct through personal actions and interpersonal relationships, and the promotion of such conduct to followers through two-way communication, reinforcement, and decision-making." Ethical leaders not only inform individuals of the behefits of ethical behavior and the cost of inappropriate behavior, such leaders also set clear standards and use rewards and fair and balanced punishment to hold followers accountable for their ethical conduct. Despite the assume importance and prominence of ethical leadership among organizations, there are still many questions relating to its antecedents and consequences. One is whether the likelihood of an leading organization being perceived as an ethical leader among other following organizations in marketing channels can be predicted using its characteristics and inter-organizational relationship maintenance skills. Identifying trait and skill antecedents will aid in the development of strategies for selecting and developing ethical leaders and determining the best means to reinforce ethical behaviors. The purpose of this study is to investigate the effects of three categorized variables on ethical leadership of channel leader. To be concrete, this study develops a model of the antecedents of three conceptually distinct forms of channel leader characteristics, such as organizational traits, inter-organizational relationship maintenance strategies, and supplier management strategies, and tests the hypothesized differential effects on ethical leadership of marketing channel leaders. The reason why this study deals with discount store channel is that there is very strong inter-dependence between a discount store and its suppliers. Their strong inter-dependence makes their relationship as the relationship between a leader and suppliers and creates an atmosphere that leadership occur without difficulty. The research model is as follows. For the purpose of empirical testing, 295 respondents of suppliers of discount store channel in Korea were surveyed. The procedures included scale reliability, and discriminant and convergent validity were used to validate measures. Also, the reliability measurements traditionally employed, such as the Cronbach's alpha, were used. All the reliabilities were greater than .70. This study conducted confirmatory factor analyses to assess the validity of our measurements. All items loaded significantly on their respective constructs(with the lowest t-value being 15.2), providing support for convergent validity. We then examined composite reliability and average variance extracted(AVE). The composite reliability of each construct was greater than .70. The AVE of each construct was greater than .50. This study tested research model using Partial Least Square(PLS). The estimation of the structural equation model revealed an acceptable fit of the model to the data($r^2$=.851). Thus, This study concluded that the model fit was considered acceptable. The results of PLS are as follows. The results indicated that conscientiousness, openness, conflict management, social networks, training, fair reward had positive effects on ethical leadership of channel leaders. On the other hand, emotional insecure had negative effect and agreeableness, assurance, and inter-organizational communication had no significant effect on supply chain leadership.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.107-115
• /
• 2012

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.