Chun-Ta Li

An efficient biometrics-based remote user authentication scheme using smart cards

In this paper, we propose an efficient biometric-based remote user authentication scheme using smart cards, in which the computation cost is relatively low compared with other related schemes. The security of the proposed scheme is based on the one-way hash function, biometrics verification and smart card. Moreover, the proposed scheme enables the user to change their passwords freely and provides mutual authentication between the users and the remote server. In addition, many remote authentication schemes use timestamps to resist replay attacks. Therefore, synchronized clock is required between the user and the remote server. In our scheme, it does not require synchronized clocks between two entities because we use random numbers in place of timestamps.

A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks

Privacy and security should be paid much more attention in secure vehicular ad hoc networks (VANETs). However, as far as we know, few researches on secure VANET protocols have addressed both the privacy issues and authenticated key establishment. Therefore, in this work, a lightweight authenticated key establishment scheme with privacy preservation to secure the communications between mobile vehicles and roadside infrastructure in a VANET is proposed, which is called SECSPP. Our proposed scheme not only accomplishes vehicle-to-vehicle and vehicle-to-roadside infrastructure authentication and key establishment for communication between members, but also integrates blind signature techniques into the scheme in allowing mobile vehicles to anonymously interact with the services of roadside infrastructure. We also show that our scheme is efficient in its implementation on mobile vehicles in comparison with other related proposals.

A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card

Password authentication has been widely used in computer networks to provide secure remote access control. In this study, the authors show that the improved password authentication and update scheme based on elliptic curve cryptography proposed by Islam and Biswas is vulnerable to offline password guessing, stolen-verifier and insider attacks. We propose an advanced smart card-based password authentication and update scheme and extend the scheme to provide the privacy of the client. By comparing the criteria with other related schemes, our scheme not only solves several hard security threats but also satisfies more functionality features.

A Robust Remote User Authentication Scheme Using Smart Card

Remote user authentication is important to identify whether communicating parties are genuine and trust- worthy using the password and the smart card between a login user and a remote server. A number of password-based authentication schemes using smart cards have been proposed in recent years. We find that two most recent password-based authentication schemes (Hsiang and Shih 2009, Chen and Huang 2010) assume that the attacker cannot extract the secret information of the smart card. However, in reality, the authors in (Kocher et al. 1999 and Messerges et al. 2002) show that the secrets stored in the card can be extracted by monitoring its power consumption. Therefore, these schemes fail to resist smart card security breach. As the main contribution of this paper, a robust remote user authentication scheme against smart card security breach is presented, while keeping the merits of the well-known smart card based authentication schemes. http://dx.doi.org/10.5755/j01.itc.40.3.632

A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.’s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.’s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.’s scheme. In this paper, we found that both Lee’s and Jiang et al.’s authentication schemes have a serious security problem in that a registered user’s secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee’s scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee’s and Jiang et al.’s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks

More attention should be paid to anonymous routing protocols in secure wireless ad hoc networks. However, as far as we know, only a few papers on secure routing protocols have addressed both issues of anonymity and efficiency. Most recent protocols adopted public key Infrastructure (PKI) solutions to ensure the anonymity and security of route constructing mechanisms. Since PKI solution requires huge and expensive infrastructure with complex computations and the resource constraints of small ad hoc devices; a two-layer authentication protocol with anonymous routing (TAPAR) is proposed in this paper. TAPAR does not adopt public key computations to provide secure and anonymous communications between source and destination nodes over wireless ad hoc networks. Moreover, TAPAR accomplishes mutual authentication, session key agreement, and forward secrecy among communicating nodes; along with integration of non-PKI techniques into the routing protocol allowing the source node to anonymously interact with the destination node through a number of intermediate nodes. Without adopting PKI en/decryptions, our proposed TAPAR can be efficiently implemented on small ad hoc devices while at least reducing the computational overhead of participating nodes in TAPAR by 21.75%. Our protocol is certainly favorable when compared with other related protocols.

An electronic voting protocol with deniable authentication for mobile ad hoc networks

In this article, we propose a deniable electronic voting authentication protocol for mobile ad hoc networks, which meets the essential requirements of a secure e-voting system. Due to the characteristics, constraints, and security requirements of mobile ad hoc networks, our protocol does not require the aid of any centralized administration and mobile nodes could cooperate with each other to securely facilitate e-voting. Finally, the proposed protocol provides the ability to deniable authentication. When a legal voter casts a vote with this voting system, he/she can deny that he/she has voted for a third party and the third party cannot judge who votes.

A secure routing protocol with node selfishness resistance in MANETs

In Mobile Ad hoc Networks (MANETs), available nodes must act as their own router and also rely on other nodes to relay communication packets. However, some intermediate nodes may refuse to forward packets to other nodes or discard route-discovery requests from others to save power, as much as those consumed during the message transmission phase. In order to prevent node sel?shness, we have proposed a novel approach to message security using a payment-based mechanism in MANETs. In this way, the proposed routing protocol with payment mechanism not only avoids the sel?sh nodes that may refuse to route packets, but also restrains the nodes from sending useless packets into the networks. Finally, the proposed payment mechanism ensures ad hoc communications in a sel?ess environment by providing economic encouragement to enforce node cooperation in MANETs.

SECURE SMART CARD BASED PASSWORD AUTHENTICATION SCHEME WITH USER ANONYMITY

Recently, a smart card based authentication and key agreement scheme preserving the user anonymity was proposed by Wang, Juang and Lei, that is designed to provide users with secure activities in ubiquitous computing environments. The authors proved that their scheme delivers important security properties and functionalities, such as without maintaining password/verification tables, freedom on password selection and alteration, mutual authentication, user anonymity, no time synchronization problem, key agreement implementation, forgery attack resistance and computation efficiency. However, we show that Wang et al.s scheme has potential security flaws, which enable malicious attackers to counterfeit an application server to spoof the victim client and damage the security of session key and the property of user anonymity. In this paper, we propose an enhanced version of Wang et al.s scheme to remedy these flaws. The proposed scheme not only ensures the merits of their scheme but also enhances the security of their scheme without raising any computation cost. http://dx.doi.org/10.5755/j01.itc.40.2.431

Further improvement on a novel privacy preserving authentication and access control scheme for pervasive computing environments

Privacy and authentication are very important concepts and service levels to anonymous communications and data confidentiality. Recently, Ren et al. proposed an authentication and access control scheme for preserving privacy in pervasive computing environments (PCEs). However, in this paper, it is demonstrated that the so-called secure, privacy preserving authentication and access control scheme proposed by Ren et al. is vulnerable to service abuse attacks and, as a result, illegitimate users can freely access the service through the service provider without any worries and this flaw would lead to a serious accounting problem with their scheme. Therefore, we proposed a security improvement to their scheme to neutralize this weakness and an efficiency improvement to enhance the performance of their scheme in the user operational phase. More importantly, a new improved proposal for a scheme can still allow the mobile user to anonymously interact with the service provider in a PCE is demonstrated.