• Asia pacific journal of information systems
• /
• v.15 no.2
• /
• pp.65-96
• /
• 2005

It is generally believed that, compared to traditional commerce, Electronic Commerce(EC) is more difficult to gain and sustain customers. One of the major reasons that customers do not use EC is lack of trust. Previous researches on the EC user's trust suggested that risk is an antecedent of trust and the concept of trust is highly related to risk. This study proposed a combined model in which includes the factors based on generic information security risk analysis methodology and trust factors in EC. The objectives of this study are follows; first, investigating the relationship between trust and risk that are antecedent factors of purchase intention, and second, examining the validity of information security risk analysis approach in EC environment. Based on the survey results of 143 MBA students statistical analysis showed that factors like threats and controls were significantly related to risk, but assets did not have statistically significant relationship with risk. Controls and knowledge of EC had meaningful effect on user's trust. This study found that risk analysis methodology which is generally used at organizational level is practically useful at user level on EC environment. In conclusion, the results of this study would be applied to generic situation of information security for analyzing and managing the risk. Besides, this study emphasized that EC vendors need to pay more attention to the information security risk to gain customer's trust.

• The Journal of Society for e-Business Studies
• /
• v.7 no.1
• /
• pp.66-74
• /
• 2002

Through the increment of requirement for EC(Electronic Commerce) oriented communication services, security multicast communications is becoming more important. However, multicast to EC environment is much different from unicast concept most network security protocols. On the network security, using mandatory access control of multilevel architecture which assigns a specific meaning to each subject, so we accomplish access control. In this way, access control security based on the information security level is proposed. A security protocol based on the architecture proposed in this paper would be utilized in security multicast communications, group key management service and leveled security service through multilevel EC security policy, Also we discuss and propose the security level scaleability and key management method on the network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.473-483
• /
• 2012

To achieve an entire end-to-end security, the classical authentication setting such that all participants have a same password is not practical since a password is not a common secret but a personal secret depending on an individual. Thus, an efficient client to client different password-based authenticated key agreement protocol (for short, EC2C-PAKA) has been suggested in the cross-realm setting. Very recently, however, a security weakness of the EC2C-PAKA protocol has been analyzed by Feng and Xu. They have claimed that the EC2C-PAKA protocol is insecure against a password impersonation attack. They also have presented an improved version of the EC2C-PAKA protocol. In this paper, we demonstrate that their claim on the insecurity of EC2C-PAKA protocol against a password impersonation attack is not valid. We show that the EC2C-PAKA protocol is still secure against the password impersonation attack. In addition, ironically, we show that the improved protocol by Feng and Xu is insecure against an impersonation attack such that a server holding password of Alice in realm A can impersonate Bob in realm B. We also discuss a countermeasure to prevent the attack.

• The Journal of Society for e-Business Studies
• /
• v.6 no.1
• /
• pp.17-33
• /
• 2001

EC(Electronic Commerce) which is done on the virtual space through Internet has strong point like independence from time and space. On the contrary, it also has weak point like security problem because anybody can access easily to the system due to open network attribute of Internet, Therefore, we need the solutions that protect the EC security problem for safe and useful EC activity. One of these solutions is the implementation of strong cipher system. YK2(Young Ku King) cipher system proposed in this paper is good solution for the EC security and it overcome the limit of current block cipher system using 128 bits key length for input, output, encryption key and 32 rounds. Moreover, it is designed for the increase of time complexity by adapting more complex design for key scheduling algorithm regarded as one of important element effected to encryption.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.63-65
• /
• 2021

This paper describes an integrated H/W-S/W implementation of elliptic curve digital signature algorithm (EC-DSA) using a security system-on-chip (SoC). The security SoC uses the Cortex-A53 APU as CPU, and the hardware IPs of high-performance elliptic curve cryptography (HP-ECC) core and SHA3 (secure hash algorithm 3) hash function core are interfaced via AXI4-Lite bus protocol. The signature generation and verification processes of EC-DSA were verified by the implementation of the security SoC on a Zynq UltraScale+ MPSoC device.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.85-102
• /
• 1999

In this paper, we propose an EC-SRP(Elliptic Curve - Secure Remote Password) protocol that uses ECDLP(Elliptic Curve Discrete Logarithm Problem) instead SRP protocols’s DLP. Since EC-SRP uses ECDLP, it inherits the high performance and security those are the properties of elliptic curve. And we reduced the number of elliptic curve scalar multiplication to improve EC-SRP protocol’s performance. Also we have proved BC-SRP protocol is a secure AKC(Authenticated Key Agreement with Key Confirmation) protocol in a random oracle model.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.207-212
• /
• 2006

Signcryption은 공개키 암호와 디지털 서명을 결합한 하이브리드 공개키 프리미티브이다. Signcryption은 디지털 서명 수행 후 암호화 과정을 수행하는 프로토콜보다 연산량과 통신량에서 월등한 우월성을 보여준다. 그러나 Signcryption 기법을 이용한 상호 인증 및 키 교환 프로토콜은 적용시스템(예를 들어 모바일 네트워크)에 따라 많은 연산량과 통신량(상대적으로 모바일과 무선 네트워크에 대해)이 부담이 된다. 이에 이동망과 모선 네트워크에 적합한 적은 연산량과 통신량의 특성을 가진 상호 인증 및 키 교환 프로토콜을 제안한다. 본 논문에서는 두 참여자 사이에서 참여자의 상호 인증과 안전한 통신을 위해 Signcryption을 이용한 EC 기반의 안전한 인증된 키 교환 프로토콜을 제안한다. 그리고 제안 프로토콜의 보안성을 증명하고 효율성을 비교한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.595-597
• /
• 2002

New signature schemes giving message recovery based on EC-KCDSA are introduced. These signature schemes can be efficiently used with established EC-KCDSA systems.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.215-219
• /
• 2001

부분 은닉서명은 메시지 내용의 일부분만 공개하므로서 익명성과 동시에 공개되는 일부분의 정보를 사용하여 부가적인 기능을 제공할 수 있다. 이러한 부분 은닉서명을 이용하면 전자수표방식과 같은 전자상거래 시스템에서 고객의 익명성을 보호하면서도 공개되는 정보를 금액이나 유효기간으로 사용하여 거스름을 취급할수 있는 방법을 제공할 수 있다. 본 논문에서는 국내 전자서명 기법의 표준으로 제정된 KCDSA를 기반으로 하는 부분 은닉서명 기법 및 EC-KCDSA를 기반으로 하는 부분 은닉서명 기법을 제시하므로서 거스름을 사용할 수 있는 효율적인 전자상거래 기법에 적용되어질 수 있도록 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.3-10
• /
• 2003

In this paper, a partially blind signature schemes baled on EC-KCDSA is proposed and we applied it to design an electronic check payment system. Because the proposed partially blind signature scheme uses elliptic curve cryptosystem, it has better performance than any existing schems using RSA cryptosystem. When issuing a refund check, one-time pad secret key is used between the bank and the customer to set up secure channel. So the symmetric key management is not required.