The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full h...The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.展开更多
The Quality of Service (QoS) has received more and more attention since QoS becomes increasingly important in the Internet development. Mobile software agents represent a valid alternative to the implementation of s...The Quality of Service (QoS) has received more and more attention since QoS becomes increasingly important in the Internet development. Mobile software agents represent a valid alternative to the implementation of strategies for the negotiation. In this paper, a QoS negotiation and renegotiation system architecture based on mobile agents is proposed. The agents perform the task in the whole process. Therefore, such a system can reduce the network load, overcome latency, and avoid frequent exchange information between clients and server. The simulation results show that the proposed system could improve the network resource utility about 10%.展开更多
Renegotiation after software development is widely adopted by firms to mitigate uncertainties in IT outsourcing.This study examines the design and choice of fixed-price versus performance-based contracts in scenarios ...Renegotiation after software development is widely adopted by firms to mitigate uncertainties in IT outsourcing.This study examines the design and choice of fixed-price versus performance-based contracts in scenarios where firms may renegotiate software debugging time with the IT vendor after development.Through a contract-renegotiation model,we find that without renegotiation,despite incurring a higher contracting cost,the performance-based contract increases the profit of the firm by regulating the vendor's debugging effort,compared to the fixed-price contract.Renegotiation generates two key effects:the uncertainty-resolving effect(addressing development uncertainties)and the effort-incentivizing effect(stimulating the vendor's effort),which collectively enhance the firm's profit.Interestingly,when renegotiation is introduced,the uncertainty-resolving effect renders the ex-ante effort regulation of performance-based contracts ineffective.Consequently,considering the higher contracting costs of performance-based contracts and the dual benefits of renegotiation,the firm prefers a fixed-price contract ex ante while renegotiating with the vendor ex post.展开更多
基金supported by the National Grand Fundamental Research (973) Program of China under Grant 2013CB338003the National Natural Science Foundation of China (NSFC) under Grants U1536205, 61170279 and 61572485
文摘The Transport Layer Security(TLS) protocol is the most important standard on the Internet for key exchange. TLS standard supports many additional handshake modes such as resumption and renegotiation besides the full handshake. The interaction and dependence of different modes may lead to some practical attacks on TLS. In 2014, Bhargavan et al. described a triple handshake attack on TLS 1.2 by exploiting the sequential running of three different modes of TLS, which can lead to a client impersonation attack after the third handshake. Subsequently, TLS 1.2 was patched with the extended master secret extension of RFC 7627 to prevent this attack. In this paper we introduce a new definition of "uniqueness" and present a renegotiable & resumable ACCE security model. We identify the triple handshake attack within the new model, and furthermore show TLS with the proposed fix can be proven secure in our model.
基金Supported by Universities Natural Science Research Project of Jiangsu Province (No. 05KJB510101).
文摘The Quality of Service (QoS) has received more and more attention since QoS becomes increasingly important in the Internet development. Mobile software agents represent a valid alternative to the implementation of strategies for the negotiation. In this paper, a QoS negotiation and renegotiation system architecture based on mobile agents is proposed. The agents perform the task in the whole process. Therefore, such a system can reduce the network load, overcome latency, and avoid frequent exchange information between clients and server. The simulation results show that the proposed system could improve the network resource utility about 10%.
基金supported by National Natural Science Foundation of China(Grant No.72201092)Hunan Natural Science Foundation(Grant No.2023JJ40188)Scientific Research Fund of Hunan Provincial Education Department(22B0928).
文摘Renegotiation after software development is widely adopted by firms to mitigate uncertainties in IT outsourcing.This study examines the design and choice of fixed-price versus performance-based contracts in scenarios where firms may renegotiate software debugging time with the IT vendor after development.Through a contract-renegotiation model,we find that without renegotiation,despite incurring a higher contracting cost,the performance-based contract increases the profit of the firm by regulating the vendor's debugging effort,compared to the fixed-price contract.Renegotiation generates two key effects:the uncertainty-resolving effect(addressing development uncertainties)and the effort-incentivizing effect(stimulating the vendor's effort),which collectively enhance the firm's profit.Interestingly,when renegotiation is introduced,the uncertainty-resolving effect renders the ex-ante effort regulation of performance-based contracts ineffective.Consequently,considering the higher contracting costs of performance-based contracts and the dual benefits of renegotiation,the firm prefers a fixed-price contract ex ante while renegotiating with the vendor ex post.
