• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2009

CeDA (Certified e-Document Authority) was adopted in March 2005. It is possible to register/store/send/receive/transfer/revoke e-documents by using trusted third party, CeDA. It is important to store not only e-documents of users but also logs produced by CeDA. Thus all logs must be electronically signed using certificate of CeDA. But management of electronically signed logs is difficult. In this paper, the method which can be applicable to authenticate all logs of CeDA using "Hash Tree" is present.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.1
• /
• pp.523-549
• /
• 2018

The increasing number of subscribers and demand of multiplicity of services has turned Multi-Server Authentication (MSA) into an integral part of remote authentication paradigm. MSA not only offers an efficient mode to register the users by engaging a trusted third party (Registration Centre), but also a cost-effective architecture for service procurement, onwards. Recently, Lu et al.'s scheme demonstrated that Mishra et al.'s scheme is unguarded to perfect forward secrecy compromise, server masquerading, and forgery attacks, and presented a better scheme. However, we discovered that Lu et al.'s scheme is still susceptible to malicious insider attack and non-compliant to perfect forward secrecy. This study presents a critical review on Lu et al.'s scheme and then proposes a secure multi-server authentication scheme. The security properties of contributed work are validated with automated Proverif tool and proved under formal security analysis.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.8
• /
• pp.1105-1116
• /
• 2002

This paper has presented three types of key recovery methods, which are known as key escrow, key encapsulation, and trusted third party scheme. we have analyzed the existing key recovery products, which have been developed by the advanced nations for electronic commerce and electronic government. we have also analyzed the key recovery policies proposed by the advanced nations, such as The United States of America, Great Britain, and Japan. In this paper, several key recovery policies are proposed for the e-commerce and e-government system. And we have proposed key recovery scheme for the e-commerce system utilizing the on-line secret sharing scheme based on the Internet and public bulletin board.

• Journal of Information Processing Systems
• /
• v.7 no.1
• /
• pp.121-136
• /
• 2011

With the rapid growth of GPS-enable Smartphones, the interest on using Location Based Services (LBSs) has increased significantly. The evolution in the functionalities provided by those smartphones has enabled them to accurately pinpoint the location of a user. Because location information is what all LBSs depend on to process user's request, it should be properly protected from attackers or malicious service providers (SP). Additionally, maintaining user's privacy and confidentiality are imperative challenges to be overcome. A possible solution for these challenges is to provide user anonymity, which means to ensure that a user initiating a request to the SP should be indistinguishable from a group of people by any adversary who had access to the request. Most of the proposals that maintain user's anonymity are based on location obfuscation. It mainly focuses on adjusting the resolution of the user's location information. In this paper, we present a new protocol that is focused on using cryptographic techniques to provide anonymity for LBSs users in the smartphone environment. This protocol makes use of a trusted third party called the Anonymity Server (AS) that ensures anonymous communication between the user and the service provider.

• Journal of Information Processing Systems
• /
• v.10 no.4
• /
• pp.618-627
• /
• 2014

Nowadays mobile users are using a popular service called Location-Based Services (LBS). LBS is very helpful for a mobile user in finding various Point of Interests (POIs) in their vicinity. To get these services, users must provide their personal information, such as user identity or current location, which severely risks the location privacy of the user. Many researchers are developing schemes that enable a user to use these LBS services anonymously, but these approaches have some limitations (i.e., either the privacy prevention mechanism is weak or the cost of the solution is too much). As such, we are presenting a robust scheme for mobile users that allows them to use LBS anonymously. Our scheme involves a client side application that interacts with an untrusted LBS server to find the nearest POI for a service required by a user. The scheme is not only efficient in its approach, but is also very practical with respect to the computations that are done on a client's resource constrained device. With our scheme, not only can a client anonymously use LBS without any use of a trusted third party, but also a server's database is completely secure from the client. We performed experiments by developing and testing an Android-based client side smartphone application to support our argument.

• The Journal of Asian Finance, Economics and Business
• /
• v.8 no.9
• /
• pp.79-89
• /
• 2021

Green finance plays an important role in environmental protection missions and fighting climate change. The Environment Fund in Vietnam is the main channel of preferential capital offered to firms for environmental protection. Unfortunately, it was previously unknown which criteria influenced these companies' ability to obtain green financing. Using a survey method, we collected data through a structured questionnaire of 203 respondents that represent firms that had received concessional loans from 26 Environment Funds. A Multiple Linear Regression model was used to examine the determinants of access to concessional loans for environmental protection. We found relationships between age, size, ownership type, and industry sector, and access to green finance. Third-party guarantees were a significant factor in financing through Environment Funds. Moreover, we found commercial environmental projects face fewer green financing obstacles. Surprisingly, showing audited financial statements does not mitigate the information asymmetry between firms and these financial institutions. These findings suggest that Environment Funds should classify environmental project types to develop appropriate lending policies. In emerging markets, enterprises need to build a trusted relationship with financial institutions so that they can replace asset-based lending techniques, thereby increasing the firms' accessibility to green finance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3733-3755
• /
• 2019

E-cash has its merits comparing with other payment modes. However, there are two problems, which are how to achieve practical/complete tracing and how to achieve it in compact E-cash. First, the bank and the TTP (i.e., trusted third party) have different duties and powers in the reality. Therefore, double-spending tracing is bank's task, while unconditional tracing is TTP's task. In addition, it is desirable to provide lost-coin tracing before they are spent by anyone else. Second, compact E-cash is an efficient scheme, but tracing the coins from double-spender without TTP results in poor efficiency. To solve the problems, we present a compact E-cash scheme. For this purpose, we design an embedded structure of knowledge proof based on a new pseudorandom function and improve the computation complexity from O(k) to O(1). Double-spending tracing needs leaking dishonest users' secret knowledge, but preserving the anonymity of honest users needs zero-knowledge property, and our special knowledge proof achieves it with complete proofs. Moreover, the design is also useful for other applications, where both keeping zero-knowledge and leaking information are necessary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.3-10
• /
• 2002

This paper proposes an ID-based entity-aunthentication and authenticated key exchange protocol with ECC via two-pass communications between two parties who airs registered to the trusted third-party KC in advance. The proposed protocol developed by applying ECDSA and Diffie-Hellman key exchange scheme to the ID-based key distribution scheme over ECC proposed by H. Sakazaki, E. Okamoto and M. Mambo(SOM scheme). The security of this protocol is based on the Elliptic Curve Discrete Logarithm Problem(ECDLP) and the Elliptic Curve Diffie-Hellman Problem(ECDHP). It is strong against unknown key share attack and it provides the perfect forward secrecy, which makes up for the weakness in SOM scheme,

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.123-134
• /
• 2006

We propose a quantum secret sharing protocol which can authenticate more than half of members using GHZ state swapping. The Trusted Third Party, Trent can authenticate all members using previously shared ID among Trent distributing his message and the members wanting to reconstruct the message. Authenticated members can reconstruct a secret message through GHZ swapping. Moreover, this protocol is efficient to expand the number of members to arbitrary number n, so it is a close quantum secret sharing protocol to classical secret sharing protocol.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.177-186
• /
• 2020

In current public blockchain, any node can see every blocks, so that public blockchain provider transparent property. However, some application requires the confidential information to be stored in the block. Therefore, this paper proposes a multi-layer blockchain that have the public block layer and the private block for confidential information. This paper suggests the requirement for encryption of private block. Also, this paper shows the t-of-n threshold cryptosystem without dealer who is trusted third party. Moreover, the delegated node who has key information can be withdraw the delegated node group or a new delegated node can join in the delegated node group. Therefore, the paper proposes an efficient key information resharing scheme for withdraw and join. Finally proposed scheme satisfies the requirements for encryption and fairness.