• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.163-165
• /
• 2008

Recently, Lu and Cao proposed a password-authenticated key exchange protocol in the three party setting, and the authors claimed that their protocol works within three rounds. In this paper, we analyze the protocol and show the protocol cannot work within three rounds. We also find two security flaws in the protocol. The protocol is vulnerable to an undetectable password guessing attack and an off-line password guessing attack.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1313-1327
• /
• 2013

How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.6
• /
• pp.312-332
• /
• 2008

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.64
• /
• pp.99-128
• /
• 2014

Last year, Seoul International Dispute Resolution Center(SIDRC) was set up to facilitate and promote international arbitration in Korea. This study was focused on the revision of arbitration rules such as ICC, SIAC, HKIAC and JCAA. As a leading arbitration institution in the world, ICC has tried continuously to provide more efficient service to their client by adopting emergency arbitrator(EA) & multi party arbitration. Other three institutions also introduced almost same mechanism to compete each other. These two new system is very innovative in international arbitration. First of all, EA was designed to provide interim measure service to preserve or protect parties' right before the constitution of arbitral tribunal. Arbitration institutions and arbitral tribunals should be careful to decide these requests are legitimate or not because too hasty approval on joinder or consolidation without full consideration such as parties' intention or argument may issue another serious problem - setting aside an award rendered after joined or consolidated.

• Asian Journal for Public Opinion Research
• /
• v.7 no.1
• /
• pp.23-39
• /
• 2019

Assuming that a political party has a strong incentive to gain votes via issue setting as part of its campaign strategy, this study utilized a Web experimental survey to explore the extent to which three issue-related campaign advertising strategies - namely, issue ownership, issue convergence, and issue trespassing - affected voters' perceptions toward parties' issue-handling capabilities. Our empirical results show that issue ownership perceptions exist in Taiwan. In the 2012 Taiwan presidential election, as issue ownership advertisements may reinforce voters' beliefs regarding parties' issue-handling capabilities, issue trespassing advertising may improve a party's image on the disadvantageous issue dimension. At least our data shows that the Kuomintang's (KMT) advertisements have both effects.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.1_2
• /
• pp.110-118
• /
• 2006

Cryptographic protocol design in a two-party setting has of tel ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage of the communication characteristics of the network it may be possible to design protocols with improved latency. This is the focus of the present work. We present three provably-secure protocols for two-party authenticated key exchange (AKE) which require only a single round. Our first, most efficient protocol provides key independence but not forward secrecy. Our second scheme additionally provides forward secrecy but requires some additional computation. Security of these two protocols is analyzed in the random oracle model. Our final protocol provides the same strong security guarantees as our second protocol, but is proven secure in the standard model. This scheme is only slightly less efficient (from a computational perspective) than the previous ones. Our work provides the first provably- secure one-round protocols for two-party AKE which achieve forward secrecy.

• Journal of Distribution Research
• /
• v.3 no.1
• /
• pp.55-69
• /
• 1998

One of the urgently-needed retail strategies is to lower the labor expenses of the store. For this purpose, more stores are developing new, fancy techniques to make consumers work for the stores without paying them. Examples include self-service system, consumer suggestion system and others. These are called customer voluntary performance. Intiated by Bettencourt(1997), customer voluntary performance(CVT) becomes an important concept in modern retailing. This paper applies three dimensions of CVP (loyalty, cooperation, participation) to the setting of Consumer Complaint Intentions(CCI). Similar to CVP, CCI has three dimensions in itself (voice, private, third party). The major focus of this empirical research is on finding the possible relationships between three dimensions of CVP and three dimensions of CCI. The results show that participation is positively related to the levels of consumer complaint intentions, whereas loyalty is negatively related to the levels of them. This implies that the weak tactic of CVP(loyalty) may reduce the levels of complaint, but strong one(participation) may not be so. More conceptual and empirrical studies are urgently needed.

• Journal of the International Relations & Interdisciplinary Education
• /
• v.4 no.1
• /
• pp.35-56
• /
• 2024

Based on Kingdon's policy stream model, the logical mechanism of student burden double reduction policy agenda setting process in China was analyzed from three aspects: problem stream, policy stream, political stream. It was found that the direct reflection of data, the feedback and improvement of current policies constitute the problem stream.The high attention of government departments, the suggestions of CPPCC members and experts and scholars, the strong voice of schools, and the continuous voice of stakeholders constitute the policy stream. The ruling party's governing idea and educational policy, national mood and interest game during the transition period constitute the political policy stream. The three streams, coupling interaction, open the policy window, promoting the introduction of the 'double reduction' policy.

• Journal of Korea Multimedia Society
• /
• v.14 no.10
• /
• pp.1303-1310
• /
• 2011

This paper proposes the design of 3-party negotiation protocol for the security of self_organized storage which consists of the owner node possessing data, the holder node holding the owner's data and the verification node verifying the data of the holder node on infra-cloud environment. The proposed security technique delegating the data verification of the holder node to the verification node increases the efficiency of the self-organized storage. In addition, the encrypt key and certification of the storage created by EC-DH algorithm enhances the security much more. Also, when the self-organized storage is composed, the security technique not only prevents external flooding attack by setting a certification key among three parties, but also prevents internal flooding attack by restricting the number of verification nodes. And The replay attack which can occur in the step of verification is automatically detected by using the created seed value whenever the verification is requested.