Chien-Lung Hsu

Security of Chien et al.’s Remote User Authentication Scheme Using Smart Cards

Abstract In 2000, Sun proposed an efficient remote user authentication scheme using smart cards. Recently, Chien et al. pointed out that Suns scheme only achieves the unilateral authentication and further proposed a new efficient and practical solution to achieve the mutual user authentication. This paper, however, will demonstrate that Chien et al.s scheme is vulnerable to the parallel session attack.

New nonrepudiable threshold proxy signature scheme with known signers

Based on Kim et al.s threshold proxy signature scheme, Sun proposed an nonrepudiable threshold proxy signature scheme with known signers. In Suns scheme, actual proxy signers cannot deny the signatures they have signed. However, his scheme is vulnerable against the conspiracy attack. Any t malicious proxy signers can collusively derive the secret keys of other proxy signers and impersonate some other proxy signers to generate proxy signatures. In this paper, we proposed a new nonrepudiable threshold proxy signature scheme that overcomes the above weakness. Furthermore, the proposed scheme is more efficient than Suns in terms of computational complexities and communication costs.

Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks

In 2000, Lee and Chang (Comput Syst Sci Eng 15 (2000) 211) presented a user identification scheme that also can simultaneously achieve key exchange requirement while preserving the user anonymity. Their idea is valuable especially when it is applied to some applications in which the identity of the user should be protected from the public in the distributed computer networks. Unfortunately, our paper shows that their scheme is insecure under two attacks and we further proposed a more efficient identification scheme preserving the same merits. The proposed scheme not only effectively eliminates the security leaks of the Lee-Chang scheme, but also reduces computational complexities and communication costs as compared with their scheme.

Convertible authenticated encryption scheme

The digital signature provides the functions of integration, authentication, and non-repudiation for the signing message. In some applications, however, the signature only needs to be verified by some specified recipients while keeping the message secret from the public. The authenticated encryption schemes can be used to achieve this purpose. To protect the recipients benefit in the case of a later dispute, we should further enable the recipient to convert the signature into an ordinary one that can be verified by anyone. Recently, Araki et al. proposed a convertible limited verifier scheme to resolve the problem. Their scheme equips the recipient with the ability to convert the signature into an ordinary one. However, the conversion requires the cooperation of the signer. In the paper, we proposed a convertible authenticated encryption scheme that can easily produce the ordinary signature without the cooperation of the signer. Further, the proposed scheme is more efficient than Araki et al.s in terms of the computation complexities and the communication costs.

Improvement of threshold proxy signature scheme

Recently, Sun et al. pointed out some weaknesses of Zhangs threshold proxy signature scheme and a disadvantage of Kims threshold proxy signature scheme. They further proposed a new (t,n) threshold proxy signature scheme based on Zhangs scheme to eliminate these drawbacks. Unfortunately, their scheme suffered from a weakness which is shown in this paper. The authors also propose an improvement to counter it.

Security of two remote user authentication schemes using smart cards

In 2000, Sun proposed an efficient remote user authentication scheme using smart cards (published in IEEE Transactions on Consumer Electronics, vol. 46, no. 4, 2000) Recently, Chien et al. pointed out that Suns scheme only achieve the unilateral authentication. That is, only the authentication server can authenticate that of the remote user while the use cannot authenticate that of the server. Chien et al. further proposed a new efficient and practical solution to achieve the mutual user authentication (published in Computer & Security, vol. 21, No. 4 2002). This paper, however, will demonstrate that Suns scheme is vulnerable to the off-line and on-line password guessing attacks and Chien et al.s scheme is vulnerable to the parallel session attack.

Designing an Intelligent Health Monitoring System and Exploring User Acceptance for the Elderly

Recently, many healthcare or health monitoring systems are proposed to improve life quality of the elderly in the aging process. The elderly are generally with poor health and low information literacy. Low information literacy might be an obstacle of using such systems. This research considered the characteristics and the needs of the elderly and developed an intelligent health monitoring system for the elderly with low information literacy living in the nursing home. The system is intelligent since it can monitor the health status of the elderly based on clinical and medical knowledge, provide an easy-to-understand and easy-to-use user interface for the elderly, and automatically send important or emergency feedback to caregivers. Finally, we explored the user acceptance for the elderly using our proposed system based on the unified theory of acceptance and user of technology model. The experimental results indicate the developed system is highly accepted by the elderly in terms of performance expectation, endeavor expectation, social influence, and facilitating condition.

Refereed paper: Cryptanalyses and improvements of two cryptographic key assignment schemes for dynamic access control in a user hierarchy

Recently, Wu and Chang and Shen and Chen separately proposed a cryptographic key assignment scheme for solving access control problem in a partially ordered user hierarchy. However, this paper will show the security leaks inherent in both schemes based on polynomial interpolations. That is, the users can have access to the information items held by others without following the predefined partially ordered relation. Finally, we proposed two improvements to eliminate such security flaws.

Improvement of modified authenticated key agreement protocol

Recently, Ku and Wang showed that Tsengs modified authenticated key agreement protocol is vulnerable to two attacks and proposed an improvement to withstand these attacks. However, this letter will show that this improvement is still vulnerable to the modification attack, which is contrary to their claims. Additionally, we proposed an improvement to eliminate this security flaw.

The Role of Privacy Protection in Healthcare Information Systems Adoption

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users’ privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.