• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.249-257
• /
• 2008

Nowadays, client-to-client applications such as online chat (e.g. MSN) and SMS (Short Message Services) are becoming increasingly prevalent. These client-to-client applications are revolutionizing the way we communicate. Three-party PAKE (password authenticated key exchange) protocols provide a means for the two communicating parties holding passwords to establishment a secure channel between them with the help of a common server. In this paper, we propose an efficient three-party PAKE protocol for the client-to-client applications, which has much better performance than the existing generic constructions. We also show that the proposed protocol is secure in a formal security model.

• Journal of KIISE:Computer Systems and Theory
• /
• v.33 no.1_2
• /
• pp.110-118
• /
• 2006

Cryptographic protocol design in a two-party setting has of tel ignored the possibility of simultaneous message transmission by each of the two parties (i.e., using a duplex channel). In particular, most protocols for two-party key exchange have been designed assuming that parties alternate sending their messages (i.e., assuming a bidirectional half-duplex channel). However, by taking advantage of the communication characteristics of the network it may be possible to design protocols with improved latency. This is the focus of the present work. We present three provably-secure protocols for two-party authenticated key exchange (AKE) which require only a single round. Our first, most efficient protocol provides key independence but not forward secrecy. Our second scheme additionally provides forward secrecy but requires some additional computation. Security of these two protocols is analyzed in the random oracle model. Our final protocol provides the same strong security guarantees as our second protocol, but is proven secure in the standard model. This scheme is only slightly less efficient (from a computational perspective) than the previous ones. Our work provides the first provably- secure one-round protocols for two-party AKE which achieve forward secrecy.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.43-52
• /
• 2010

In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE' protocol has been proposed by Kim and Choi. An undetectable online password guessing attack on STPKE' protocol is presented in the current study. An alternative protocol to overcome undetectable online password guessing attacks is proposed. The results show that the proposed protocol can resist undetectable online password guessing attacks. Additionally, it achieves the same security level with reduced random numbers and without XOR operations. The computational efficiency is improved by $\approx$ 30% for problems of size $\approx$ 2048 bits. The proposed protocol is achieving better performance efficiency and withstands password guessing attacks. The results show that the proposed protocol is secure, efficient and practical.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.3
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.784-786
• /
• 2003

패스워드 기반 키 교환 프로토콜은 참여자들이 쉽게 기억할 수 있는 자신의 패스워드를 사용하므로 단순성, 편리성, 이동성의 장점 때문에 광범위하게 사용된다. 2000년에 Lin, Sun, Hwang［1］이 Steiner, Tsudik, Waidner［2］가 제안한 three-party EKE 프로토콜(STW-3PEKE)이 패스워드 추측 공격에 취약함을 증명하고 이를 개선한 서버의 공개키를 이용한 새로운 three-party EKE 프로토콜(LSH-3PEKE)을 제안했다. 2001년에는 Lin, Sun, Steiner, Hwang［3］이 서버의 공개키를 사용하지 않는 새로운 three-party EKE 프로토콜(LSSH-3PEKE)을 제안했다. 본 논문에서는 검증자(verifier) 기반 즉 서버가 사용자의 패스워드를 저장하지 않고 패스워드에 의해 생성되는 검증자를 가지는 프로토콜을 제안하며 이전에 제안한 프로토콜의 안전성을 그대로 유지하면서 좀 더 간단하며 효율적인 프로토콜을 제시한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.4
• /
• pp.22-29
• /
• 2003

In the virtual home environment (VHE), which was proposed to offer global roaming and personal service environment portability, user's profiles and service logics are conveyed from home network to visited network to provide services at the visited network. Because user's profiles and service logics may contain confidential information, some procedures for mutual authentication among entities for offering confidence are needed. For these issues, we propose and analyze three 3-Party mutual authentication Protocols adaptable to the VHE in 3G ; password based mutual authentication protocol, mutual authentication protocol with CHAP and key exchange and mutual authentication protocol with trusted third party.

• Journal of KIISE
• /
• v.42 no.1
• /
• pp.23-32
• /
• 2015

In the Android market, a large portion of the market share consists of third party applications, but not much research has been performed in this respect. Of these applications, mobile Voice Over IP (VoIP) applications are one of the types of applications that are used the most. In this paper, we focus on user authentication methods for three representative applications of the Google Voice service, which is a famous mobile VoIP application. Then, with respect to the Android file system, we developed a method to store and to send user information for authentication. Finally, we demonstrate a vulnerability in the mechanism and propose an improved mechanism for user authentication by using hash chaining and an elliptic curve Diffie-Hellman key exchange.

• Journal of Global Scholars of Marketing Science
• /
• v.18 no.2
• /
• pp.65-88
• /
• 2008

Since the implementation of economic reforms in 1978, the Chinese economy grows rapidly at an average annul growth rate of 9% over the post two decades. Franchising has been widely recognized as an important source of entrepreneurial activity. Trust is important in that it facilitates relational exchanges by permits partners to transcend short-run inequities or risks to concentrate on long-term profits or gains. In the relationship between the franchisors and franchisees, trust has been described as an important source of competitive advantage. However, little research has been done on the factors affecting trust in Chinese franchisor-franchisee relationships. The purpose of this study is to investigate what factors affect the trust in the franchise system in China, and to provide guidelines and insights to franchisors which enter Chinese market. In this study, according to Morgan and Hunt (1994), trust is defined as the extending when one party has confidence in an exchange partner's reliability and integrity. We offered a conceptual model of the empirical study. The model shows that the factors affecting the trust include franchisor's supports, communication, satisfaction with previous outcome and conflict. We also suggested the franchisor's supports and communication like to enhance the franchisee's satisfaction with previous outcome, and the franchisor's supports, communication and he franchisee's satisfaction with previous outcome tend to decrease conflict. Before the formal study, a pretest involving exploratory interviews with owners from three franchisees was conducted to make sure the questionnaire was relevant and clear to the respondents. The data were collected using trained interviewers to carry out personal interviews with the aid of an unidentified, muti-page, structured questionnaire. The respondents comprised of owners, managers, and owner managers of franchisee-owned food service franchises located in Beijing, China. Even though a total of 256 potential franchises were initially contacted, the finally usable sample consisted of 125 respondents. As expected, the sampling method was successful in soliciting respondents with waried personal and firm characteristics. Self-administrated questionnaires were used for all measures. And established scales were used to measure the latent constructs in this study. The measures tapped the franchisees' perceptions of the relationship with the referent franchisor. Five-point Likert-type scales ranging from "strongly disagree" (=1) to "strongly agree" (=7) were used throughout the constructs (trust, eight items; support, five items; communication, four items; satisfaction, six items; conflict, three items). The reliability measurements traditionally employed, such as the Cronbach's alpha, were used. All the reliabilities were greater than.80. The proposed measurement model was estimated using SPSS 12.0 and AMOS 5.0 analysis package. We conducted A series of exploratory factor analyses and confirmatory factor analyses to assess the convergent validity, discriminant validity, and reliability. The results indicate reasonable overall fits between the model and the observed data. The overall fit of measurement model were $X^2$= 159.699, p=0.004, d.f. = 116, GFI =.879, NFI =.898, CFI =.969, IFI =.970, TLI =.959, RMR =.058. The results demonstrated that the data reasonably fitted the model. We also examined construct reliability and reliability and average variance extracted (AVE). The construct reliability of each construct was greater than.80 and the AVE of each construct was greater than.50. According to the analysis of Structure Equation Modeling (SEM), the results of path model indicated an adequate fit of the model: $X^2$= 142.126, p = 0.044, d.f. = 115, GFI =.892, NFI =.909, CFI =.981, IFI =.981, TLI =.974, RMR =.057. As hypothesized, the results showed that it is strategically important to establish trust in a franchise system, and the franchisor's supports, communication and satisfaction with previous outcome tend to reinforce franchisee's trust. The results also showed trust seems to decrease as the experience of conflict episodes increases. And we also noticed that franchisor's supports and communication tend to enhance the franchisee's satisfaction with previous outcome, and communication tend to decrease conflict. If the trust between the franchisor and franchisee can be established in a franchise system, franchising offers many benefits and reduces many costs. To manage a mutual trust of relationship with their franchisees, franchisor's should provide support effectively to their franchisees. Effective assistant services have direct effect on franchisees' satisfaction with previous outcome and trust in franchisor. Especially, franchise sales process, orientation, and training in the start-up period are key elements for success of the franchise system. Franchisor's support is an accumulated separate satisfaction evaluation with different kind of service provided by the franchisor. And providing support definitely can improve the trustworthy image of the franchisor. In the franchise system, conflicts of interests and exertions of different power sources are very common. The experience of conflict episodes seems to negatively relate to trust. Therefore, it is important to reduce the negative side of the relationship conflicts. Communication actually plays a broader role in reducing conflict and establish mutual trust in franchisor-franchisee relationship. And effective communication between franchisors and franchisees can improve franchisees' satisfaction toward the franchise system. As the diversification of Chinese markets, both franchisors and franchisees must keep the relevant, timely, and reliable communication. And it is very important to improve the quality of communication. Satisfaction with precious outcomes seems to positively relate to trust. Franchisors and franchisees that are highly satisfied with the previous outcomes that flow from their relationship will perceive their partner as advancing their goal achievement. Therefore, it is necessary for both franchisor and their franchisees to make the welfare of partner with effort. Little literature has focused on what factors affect the trust between franchisors and their franchisees in China. This study developed the hypotheses regarding the factors affecting trust in the transaction relationship. The results of data analysis supported the hypotheses strongly. There are certain limitations in this study. First, we may point out that some other factors missed in this study could be significantly important. Second, the context of this study, food service industry, limits its potential generalizability for all franchise systems. More studies in different categories of franchise system are needed to broaden its generalizability. Third, the model was tested empirically in a sample in Beijing, more empirical tests of the proposed model in other Chinese areas are needed. Finally, the analysis in this study was solely based on the perception of franchisees and the opinions of franchisors were not included.