• 한국정보통신설비학회:학술대회논문집
• /
• 한국정보통신설비학회 2008년도 정보통신설비 학술대회
• /
• pp.163-165
• /
• 2008

Recently, Lu and Cao proposed a password-authenticated key exchange protocol in the three party setting, and the authors claimed that their protocol works within three rounds. In this paper, we analyze the protocol and show the protocol cannot work within three rounds. We also find two security flaws in the protocol. The protocol is vulnerable to an undetectable password guessing attack and an off-line password guessing attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.1313-1327
• /
• 2013

How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제2권6호
• /
• pp.312-332
• /
• 2008

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

• 디지털산업정보학회논문지
• /
• 제5권4호
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• 무역상무연구
• /
• 제64권
• /
• pp.99-128
• /
• 2014

Last year, Seoul International Dispute Resolution Center(SIDRC) was set up to facilitate and promote international arbitration in Korea. This study was focused on the revision of arbitration rules such as ICC, SIAC, HKIAC and JCAA. As a leading arbitration institution in the world, ICC has tried continuously to provide more efficient service to their client by adopting emergency arbitrator(EA) & multi party arbitration. Other three institutions also introduced almost same mechanism to compete each other. These two new system is very innovative in international arbitration. First of all, EA was designed to provide interim measure service to preserve or protect parties' right before the constitution of arbitral tribunal. Arbitration institutions and arbitral tribunals should be careful to decide these requests are legitimate or not because too hasty approval on joinder or consolidation without full consideration such as parties' intention or argument may issue another serious problem - setting aside an award rendered after joined or consolidated.

• Asian Journal for Public Opinion Research
• /
• 제7권1호
• /
• pp.23-39
• /
• 2019

Assuming that a political party has a strong incentive to gain votes via issue setting as part of its campaign strategy, this study utilized a Web experimental survey to explore the extent to which three issue-related campaign advertising strategies - namely, issue ownership, issue convergence, and issue trespassing - affected voters' perceptions toward parties' issue-handling capabilities. Our empirical results show that issue ownership perceptions exist in Taiwan. In the 2012 Taiwan presidential election, as issue ownership advertisements may reinforce voters' beliefs regarding parties' issue-handling capabilities, issue trespassing advertising may improve a party's image on the disadvantageous issue dimension. At least our data shows that the Kuomintang's (KMT) advertisements have both effects.

• 한국정보과학회논문지:시스템및이론
• /
• 제33권1_2호
• /
• pp.110-118
• /
• 2006

양자간 암호학 프로토콜 디자인에서 잘 고려되지 않는 사항 중에 동시 메시지 전송이 있다. 즉, 듀플렉스(duplex) 채널을 사용해서 통신하는 두 파티는 동시에 메시지를 보낼 수 있다. 하지만 대부분의 양자간 키 교환 프로토콜은 두 파티가 교대로 메시지를 보내는 하프 듀플렉스(half-duplex) 채널을 가정해서 디자인되었다. 이 논문에서 우리는 듀플렉스 채널을 사용할 경우에 동시 메시지 전송을 사용해서 좀 더 효율적인 양자간 키 교환 프로토콜을 설계할 수 있음을 보인다 이 논문에서는 세 개의 안전성 증명 가능한 1-라운드 양자간 키 교환 프로토콜들을 제안한다. 첫 번째 프로토콜은 가장 효율적이며, 세션키 독립성(key independence)을 보장한다. 두 번째 프로토콜은 세션키 독립성과 더불어 전방위 안전성(forward secrecy)을 보장한다. 세 번째 프로토콜은 두 번째 프로토콜과 같은 안전성을 보장하지만, 표준모델(standard model)에서 안전성이 증명된다. 우리가 제안하는 프로토콜들은 최초의 안전성 증명이 가능하면서 전방위 안전성을 제공하는 1-라운드 양자간 키 교환 프로토콜이다.

• 한국유통학회지:유통연구
• /
• 제3권1호
• /
• pp.55-69
• /
• 1998

One of the urgently-needed retail strategies is to lower the labor expenses of the store. For this purpose, more stores are developing new, fancy techniques to make consumers work for the stores without paying them. Examples include self-service system, consumer suggestion system and others. These are called customer voluntary performance. Intiated by Bettencourt(1997), customer voluntary performance(CVT) becomes an important concept in modern retailing. This paper applies three dimensions of CVP (loyalty, cooperation, participation) to the setting of Consumer Complaint Intentions(CCI). Similar to CVP, CCI has three dimensions in itself (voice, private, third party). The major focus of this empirical research is on finding the possible relationships between three dimensions of CVP and three dimensions of CCI. The results show that participation is positively related to the levels of consumer complaint intentions, whereas loyalty is negatively related to the levels of them. This implies that the weak tactic of CVP(loyalty) may reduce the levels of complaint, but strong one(participation) may not be so. More conceptual and empirrical studies are urgently needed.

• 국제교류와 융합교육
• /
• 제4권1호
• /
• pp.35-56
• /
• 2024

이 연구는 중국 의무교육단계 학생 부담경감 최신정책 '쌍감'정책을 중심으로 Kingdon의 정책흐름모형을 활용하여 정책의 흐름을 분석하였다. 데이터의 직관적인 반영, 현행 정책의 피드백 등으로 문제의 흐름을 구성하였다. 중국 정부의 높은 관심, 정치협상회의 위원과 전문가의 건언, 학교 현장과 이해관계자의 강한 요구 등은 정책대안의 흐름을 구성하였다. 집권당의 집권 이념과 교육 지침, 국민 정서, 전환기 이익 게임 등은 정치의 흐름을 구성한 것이다.문제의 흐름,정책대안의 흐름, 정치의 흐름 세 가지 흐름이 결합되어 '정책의 창'이 열리게 된 것으로 분석되었다.

• 한국멀티미디어학회논문지
• /
• 제14권10호
• /
• pp.1303-1310
• /
• 2011

본 논문은 인프라 클라우딩 환경에서 데이터를 소유한 소유자 노드와 데이터를 보관하는 보관 노드 그리고 데이터를 검증하는 검증 노드로 구성된 자가 조직 저장 매체 보안을 위한 3자간 협상 프로토콜을 설계를 제안한다. 제안한 자가 조직 저장 매체의 보안기법은 보관 노드의 데이터 검증을 검증 노드에게 위임함으로써 데이터 검증의 효율성을 증가시키고, EC-DH 알고리즘을 이용하여 생성된 암호키와 저장 매체 내의 인증서로 보안을 강화시켰다. 또한, 자가 조직 저장 매체를 구성할 때, 3자간 인증키를 설정하여 외부적인 플러딩 공격 방지하고, 검증노드의 개수를 제한함으로써 내부적인 플러딩 공격을 방지하였다. 그리고 검증단계에서 발생할 수 있는 재전송 공격은 검증을 요청할 때마다 새롭게 생성된 Seed 값을 이용하여 자동적으로 재전송 공격을 탐지하도록 하였다.