개선된 인증과 키 분배 기법

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2014. 2. 김명환.Nowadays, anonymity property of user authentication scheme becomes important. From 2003, Park et al., Juang et al., and other researchers proposed a useful, secure and efficient authenticated-key exchange scheme. However, There schemes did not provide the useful methods against the various efficient attacks. They argued that they provided the identity privacy- mutual authentication-half-forward secrecy. But their suggestions have limited solutions. So we have researched the about 30 papers and suggested an improved authentication and key exchange scheme. Then, we show that the proposed scheme is secure against the various attacks methods (linear attack, inverse, dictionary, MTMD attacks etc).Chapter 1 Introduction ........................................................ 6 1.1 Motivation ...............................................................................6 1.2 Organization ............................................................................8 Chapter 2 Secure Authenticated Key Exchange .................. 11 2.1 AKE Security ........................................................................11 2.2 Protocol Attack Types ...........................................................17 Chapter 3Secure Authenticated Key Exchange ................... 19 3.1 The Authentication Key Protocol..........................................19 3.2 General Security-Analysis Discussion..................................26 Chapter 4Authenticated Key Exchange Protocol................ 40 4.1 The Improved AKE ...............................................................41 4.2 An Improved Anonymous AKE Scheme ..............................62 Chapter 5Conclusion ...................................................... 75 Bibliography .................................................................... 77 Abstract ........................................................................... 87Docto

Mobile payments : what we can learn from the past

Thesis (M.B.A.)--Massachusetts Institute of Technology, Sloan School of Management, 2006.Includes bibliographical references (leaf 74).Over the last decade, there has been a proliferation of mobile payments systems (MPS). Close to 150 MPS currently exist in the world according to the Bank for International Settlement records (BIS). Mobile payments (MP) markets are at different stages of development depending on countries. However, most of them are going through their embryonic or early phases. According to the theory, at this fluid stage, where no dominant design has emerged, it is nearly impossible to predict industry evolution. This paper tests the hypothesis that (i) because the MP industry is a path dependent system rather than a hysteresis system whose state depends on their immediate history, (ii) we can actually rely on accumulated experiences (success and failures) to narrow markets options in terms of dominant players and speed of adoption. In this paper, we elaborate a classification matrix of payment services and using the Weil-Utterback system dynamic model of the diffusion of innovation we analyze the main loops at play in US, Europe and Japan. In the process we provide numerous examples of MPS and several case studies. The key take aways of our analysis are that (i) incumbents are likely to dominate the offering of mobile payments services. (ii) in the next three to five years, US rate of adoption is likely to be faster than the European one.by Gladys Priso.M.B.A

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

Future of the Internet--and how to stop it

vi, 342 p. : ill. ; 25 cmLibro ElectrónicoOn January 9, 2007, Steve Jobs introduced the iPhone to an eager audience crammed into San Francisco’s Moscone Center.1 A beautiful and brilliantly engineered device, the iPhone blended three products into one: an iPod, with the highest-quality screen Apple had ever produced; a phone, with cleverly integrated functionality, such as voicemail that came wrapped as separately accessible messages; and a device to access the Internet, with a smart and elegant browser, and with built-in map, weather, stock, and e-mail capabilities. It was a technical and design triumph for Jobs, bringing the company into a market with an extraordinary potential for growth, and pushing the industry to a new level of competition in ways to connect us to each other and to the Web.Includes bibliographical references (p. 249-328) and index Acceso restringido a miembros del Consorcio de Bibliotecas Universitarias de Andalucía Electronic reproduction. Palo Alto, Calif. : ebrary, 2009 Modo de acceso : World Wide Webpt. 1. The rise and stall of the generative Net -- Battle of the boxes -- Battle of the networks -- Cybersecurity and the generative dilemma -- pt. 2. After the stall -- The generative pattern -- Tethered appliances, software as service, and perfect enforcement -- The lessons of Wikipedia -- pt. 3. Solutions -- Stopping the future of the Internet : stability on a generative Net -- Strategies for a generative future -- Meeting the risks of generativity : Privacy 2.0. Index32

Decrypting legal dilemmas

It has become a truism that the speed of technological progress leaves law and policy scrambling to keep up. But in addition to creating new challenges, technological advances also enable new improvements to issues at the intersection of law and technology. In this thesis, I develop new cryptographic tools for informing and improving our law and policy, including specific technical innovations and analysis of the limits of possible interventions. First, I present a cryptographic analysis of a legal question concerning the limits of the Fifth Amendment: can courts legally compel people to decrypt their devices? Our cryptographic analysis is useful not only for answering this specific question about encrypted devices, but also for analyzing questions about the wider legal doctrine. The second part of this thesis turns to algorithmic fairness. With the rise of automated decision-making, greater attention has been paid to statistical notions of fairness and equity. In this part of the work, I demonstrate technical limits of those notions and examine a relaxation of those notions; these analyses should inform legal or policy interventions. Finally, the third section of this thesis describes several methods for improving zero-knowledge proofs of knowledge, which allow a prover to convince a verifier of some property without revealing anything beyond the fact of the prover's knowledge. The methods in this work yield a concrete proof size reduction of two plausibly post-quantum styles of proof with transparent setup that can be made non-interactive via the Fiat-Shamir transform: "MPC-in-the-head," which is a linear-size proof that is fast, low-memory, and has few assumptions, and "Ligero," a sublinear-size proof achieving a balance between proof size and prover runtime. We will describe areas where zero-knowledge proofs in general can provide new, currently-untapped functionalities for resolving legal disputes, proving adherence to a policy, executing contracts, and enabling the sale of information without giving it away

Heritage in Britain: lifelong learning, archaeology and partnerships

The thesis investigates whether contemporary policy and practice support formal and informal learning in the field of archaeology. Also, the assumption that multi-sector partnerships broaden community participation in heritage activities is interrogated. The multi-method comparative research model applied both empirical and qualitative methods to three case studies in the Midlands of Britain. Each of these projects gained funding to exhibit archaeology to the public during the course of the research. The policies and practices of the key individuals in the partnerships were investigated through taped interviews, and the data was analysed using cognitive mapping (Tolman, 1948, Buzan, 1993). Data about the visitors were gathered through questionnaire surveys, taped oral accounts, and observational studies. The interests, concerns and agenda of the principle stakeholders were compared. The results indicated that the role of the volunteers was crucial to the success and sustainability of the projects. However, some volunteers felt that they were weaker partners, and this was linked to a distinction between amateurs and professionals. The power of local authorities in heritage partnerships and their conflicting roles as developers and guardians of the archaeological heritage are questioned. Ways to facilitate participatory partnerships are suggested. The research draws on Foucault's definition of discourse, and Bourdieu's human capital theories and his concept of habitus and distinction. The links between informal and formal learning are rarely researched and theorised, but this study identifies how archaeologists, acting as "cultural intermediaries" (Bourdieu, 1984: 14), can create and sustain learning opportunities for adults, collapsing some of the traditional hierarchies between popular entertainment, community knowledge, and intellectual knowledge. The thesis places learning in archaeology within the theory of a structured taxonomy of learning (Biggs, 1971, Biggs and Collis, 1982)

The Cryptographic Imagination

Originally published in 1996. In The Cryptographic Imagination, Shawn Rosenheim uses the writings of Edgar Allan Poe to pose a set of questions pertaining to literary genre, cultural modernity, and technology. Rosenheim argues that Poe's cryptographic writing—his essays on cryptography and the short stories that grew out of them—requires that we rethink the relation of poststructural criticism to Poe's texts and, more generally, reconsider the relation of literature to communication. Cryptography serves not only as a template for the language, character, and themes of much of Poe's late fiction (including his creation, the detective story) but also as a "secret history" of literary modernity itself. "Both postwar fiction and literary criticism," the author writes, "are deeply indebted to the rise of cryptography in World War II." Still more surprising, in Rosenheim's view, Poe is not merely a source for such literary instances of cryptography as the codes in Conan Doyle's "The Dancing-Men" or in Jules Verne, but, through his effect on real cryptographers, Poe's writing influenced the outcome of World War II and the development of the Cold War. However unlikely such ideas sound, The Cryptographic Imagination offers compelling evidence that Poe's cryptographic writing clarifies one important avenue by which the twentieth century called itself into being. "The strength of Rosenheim's work extends to a revisionistic understanding of the entirety of literary history (as a repression of cryptography) and then, in a breathtaking shift of register, interlinks Poe's exercises in cryptography with the hyperreality of the CIA, the Cold War, and the Internet. What enables this extensive range of applications is the stipulated tension Rosenheim discerns in the relationship between the forms of the literary imagination and the condition of its mode of production. Cryptography, in this account, names the technology of literary production—the diacritical relationship between decoding and encoding—that the literary imagination dissimulates as hieroglyphics—the hermeneutic relationship between a sign and its content."—Donald E. Pease, Dartmouth Colleg