Chin-Ling Chen

Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection

Radio frequency identification (RFID) technology has recently aroused great interest due to its convenience and economic efficiency. Through RFID become popular worldwide, it is susceptible to various attacks and security problems. Since RFID systems use wireless transmission, user privacy may be compromised by malicious people intercepting the information contained in the RFID tags. Many of the methods previously proposed to prevent such attacks do not adequately protect privacy or reduce database loading. In this paper, we propose a new authentication and encryption method that conforms to the EPC Class 1 Generation 2 standards to ensure RFID security between tags and readers. Our scheme not only reduces database loading, but also ensures user privacy. Finally, we survey our scheme from several security viewpoints, and prove its feasibility for use in several applications.

Mobile device integration of a fingerprint biometric remote authentication scheme

Various user authentication schemes with smart cards have been proposed. Generally, researchers implicitly assume that the contents of a smart card cannot be revealed. However, this is not true. An attacker can analyze the leaked information and obtain the secret values in a smart card. To improve on this drawback, we involve a fingerprint biometric and password to enhance the security level of the remote authentication scheme Our scheme uses only hashing functions to implement a robust authentication with a low computation property. Copyright

Using RFID Yoking Proof Protocol to Enhance Inpatient Medication Safety

The low birth rate has led to an aging society; the burgeoning number of elderly patients may affect the medical quality and result in negative medical incidents. There are many factors that lead to medical errors, such as similar medication names, erroneous labels and packaging, as well as staff shortages, fatigue and carelessness. Determining how to reduce medical errors has become an important issue. As RFID exhibits powerful identification characteristics, it can help nurses to quickly identify patients and their corresponding medicine. Currently, there are numerous practical applications for improving the efficiency of Radio Frequency Identification (RFID) systems. In this paper, we use an RFID yoking proof mechanism which conforms to EPCglobal Class 1 Generation 2 standards to improve patient safety and reduce medical errors. Our scheme can achieve different goals such as resist numerous known attacks, achieve mutual authentication, anonymity and non-repudiation. It also provides a practical medical care and offer higher quality of medical care. The pharmacist cannot deny that this prescription was confirmed for the patient and the nurse cannot also deny he or she dispensed this medicine to the patient for protecting the patients’ interests.

A Secure Medical Data Exchange Protocol Based on Cloud Environment

In recent years, health care technologies already became matured such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concern issue. In spite of many literatures discussed about medical systems, but these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a secure medical data exchange protocol based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples use medical resources on the cloud environment to seek medical advice conveniently.

A secure and traceable E-DRM system based on mobile device

In recent years, intellectual property violation events have caused enterprise to respect digital content protection. Illegal copying digital content abuses become a serious problem. Because the mobile devices are more portable and individualized than personal computers, anyone can access the network resources at anytime from anywhere. However, valuable digital contents without proper protection make the content vulnerable to unauthorized copying, modification and re-distribution, causing revenue losses to service providers. Thus, constructing an effective Digital Right Management (DRM) system has become an important issue. On the basis of the mobile device, we propose an efficient digital rights management protocol. We apply symmetrical cryptosystem, asymmetrical cryptosystem, digital signature and one-way hash function mechanisms in our scheme. To overcome the computing resource weakness problem of mobile devices, we also integrate digital certificate, hardware information and one time password mechanisms such that the security, persistent protection, integrity, authentication, track usage of DRM work, changeable access right, integration and portability issues will be assured. In this way, the mobile user can access the digital content securely in the enterprise via authorization mechanism.

A Mobile Ticket System Based on Personal Trusted Device

Advances in wireless network technology and the continuously increasing users of Personal Trusted Device (PTD) make the latter an ideal channel for offering personalized services to mobile users. In this paper, we apply some cryptology (such as public key infrastructure, hashing chain and digital signature) to propose a realistic mobile ticket system such that fairness, non-repudiation, anonymity, no forging, efficient verification, simplicity, practicability and obviate the embezzlement issues can be guaranteed. On the basis of PTD is more portable and personal than personal computer, we gradually perceived that the widely used PTD will present huge commerce profits for mobile ticket service provider and it is convenient to the PTD user.

A Privacy Authentication Scheme Based on Cloud for Medical Environment

With the rapid development of the information technology, the health care technologies already became matured. Such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concerning issue. In spite of many literatures discussed about medical systems, these literatures should face many security challenges. The most important issue is patients’ privacy. Therefore, we propose a privacy authentication scheme based on cloud environment. In our scheme, we use mobile device’s characteristics, allowing peoples to use medical resources on the cloud environment to find medical advice conveniently. The digital signature is used to ensure the security of the medical information that is certified by the medical department in our proposed scheme.

Dynamic Session-Key Generation for Wireless Sensor Networks

Recently, wireless sensor networks have been used extensively in different domains. For example, if the wireless sensor node of a wireless sensor network is distributed in an insecure area, a secret key must be used to protect the transmission between the sensor nodes. Most of the existing methods consist of preselecting keys from a key pool and forming a key chain. Then, the sensor nodes make use of the key chain to encrypt the data. However, while the secret key is being transmitted, it can easily be exposed during transmission. We propose a dynamic key management protocol, which can improve the security of the key juxtaposed to existing methods. Additionally, the dynamic update of the key can lower the probability of the key to being guessed correctly. In addition, with the new protocol, attacks on the wireless sensor network can be avoided.

An Ownership Transfer Scheme Using Mobile RFIDs

RFID reader equipment is widely used in hand-held devices; thus, the security of the connection between mobile readers and RFID servers is an important issue. In this paper, we propose a novel scheme with low implementation costs and conforming to EPC C1G2 standards. The benefits include reducing the manpower required for market management, market members using the mobile readers to query product information, as well as ensuring secure and efficient cash transactions. The membership can also access after-sales service or make ownership transfers with other users. Moreover, in order to achieve mutual authentication, our proposed scheme integrates fingerprint biometrics, related cryptology and a hash function mechanism to ensure the security of the transmitted messages.

Extension of an Efficient 3GPP Authentication and Key Agreement Protocol

Recently, Zhang and Fang proposed a security analysis and enhancements of 3GPP authentication and key agreement protocol (AP-AKA for short). The enhancements of 3GPP authentication and key agreement protocol is proposed to improve some drawbacks of the current third-generation wireless communications. It also eliminates the need of synchronization between a mobile station and its home network. However, this paper shows that AP-AKA has some drawbacks, including the huge bandwidth consumption between foreign network and the home network, and the overhead of the stored space in the foreign network, and the overloaded home network with authentication of mobile stations. As a result, an extension of AP-AKA is proposed, which improves theses drawbacks, while preserving the superior merits of AP-AKA.