Hung-Min Sun

An efficient remote use authentication scheme using smart cards

Based on the discrete logarithm problem, Hwang and Li (see ibid., vol.46, no.1, p.28-30, Feb. 2000) proposed a remote user authentication scheme using smart cards. Their scheme is very novel because no password table is required to keep in a system. In this paper, we further propose an efficient and practical remote user authentication scheme using smart cards. The proposed scheme not only provides the same advantages as that of Hwang and Lis scheme, but also significantly reduces the communication and computation costs.

Adaptive Data Hiding in Edge Areas of Images With Spatial LSB Domain Systems

This paper proposes a new adaptive least-significant- bit (LSB) steganographic method using pixel-value differencing (PVD) that provides a larger embedding capacity and imperceptible stegoimages. The method exploits the difference value of two consecutive pixels to estimate how many secret bits will be embedded into the two pixels. Pixels located in the edge areas are embedded by a k-bit LSB substitution method with a larger value of k than that of the pixels located in smooth areas. The range of difference values is adaptively divided into lower level, middle level, and higher level. For any pair of consecutive pixels, both pixels are embedded by the k-bit LSB substitution method. However, the value k is adaptive and is decided by the level which the difference value belongs to. In order to remain at the same level where the difference value of two consecutive pixels belongs, before and after embedding, a delicate readjusting phase is used. When compared to the past study of Wu et al.s PVD and LSB replacement method, our experimental results show that our proposed approach provides both larger embedding capacity and higher image quality.

An efficient nonrepudiable threshold proxy signature scheme with known signers

A (t,n) threshold proxy signature scheme allows t or more proxy signers from a designated group of n proxy signers to sign messages on behalf of an original signer. A threshold proxy signature scheme with the nonrepudiation property is a scheme with the capability that any verifier can identify the proxy group which is responsible for a proxy signature, while the proxy group cannot deny. So far, there have been two threshold proxy signature schemes proposed. Of these, Kims scheme is nonrepudiable, but Zhangs scheme is not. In these two schemes, the t proxy signers from the group who actually sign the message are unknown and unidentified. This is very inconvenient for auditing purposes. For the responsibility of the actual signers and the traceability of adversarial signers, it is sometimes necessary to identify who the actual signers are. In this article, we propose the nonrepudiable threshold proxy signature scheme with known signers which is a nonrepudiable threshold proxy signature scheme with the property that the actual signers from the proxy group are known and identified.

Three-party encrypted key exchange without server public-keys

Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.

A novel mutual authentication scheme based on quadratic residues for RFID systems

Recently, Chen et al. proposed a novel and efficient mutual authentication scheme based on quadratic residues for RFID systems. The scheme is efficient in that it uses direct indexing to search the back-end database, instead of brute-force search in most existing schemes. In addition, the scheme satisfies all the security requirements needed in an RFID system; i.e., (1) tag ID (TID) anonymity, (2) individual location privacy, (3) forward secrecy, (4) resistance to replay attack, and (5) resistance to denial-of-service (DOS) attack. In this paper, however, we will show that their scheme is vulnerable to tag tracking attacks and reader/server spoofing attacks. We, then, present an improvement to overcome these drawbacks, while preserving all their merits.

Secure key agreement protocols for three-party against guessing attacks

Key exchange protocol is important for sending secret messages using the session key between two parties. In order to reach the objective, the premise is to generate a session key securely. Encryption key exchange was first proposed to generate a session key with a weak authenticated password against guessing attacks. Next, another authenticated key exchange protocols for three-party, two clients who request the session key and one server who authenticates the users identity and assist in generating at session key, were proposed. In this paper, we focus on the three-party authenticated key exchange protocol. In addition to analyzing and improving a password-based atuthenticated key exchange protocol, a new verified-based protocol is also proposed.

On the Security of Chien's Ultralightweight RFID Authentication Protocol

Security issues become more and more significant in RFID development. Recently, Chien proposed an ultralightweight RFID authentication protocol in order to achieve privacy and authenticity with limited computation and transmission resources. However, we find two desynchronization attacks to break the protocol. In order to repair the protocol, two patches that slightly modify the protocol are presented in the paper.

RCDA: Recoverable Concealed Data Aggregation for Data Integrity in Wireless Sensor Networks

Recently, several data aggregation schemes based on privacy homomorphism encryption have been proposed and investigated on wireless sensor networks. These data aggregation schemes provide better security compared with traditional aggregation since cluster heads (aggregator) can directly aggregate the ciphertexts without decryption; consequently, transmission overhead is reduced. However, the base station only retrieves the aggregated result, not individual data, which causes two problems. First, the usage of aggregation functions is constrained. For example, the base station cannot retrieve the maximum value of all sensing data if the aggregated result is the summation of sensing data. Second, the base station cannot confirm data integrity and authenticity via attaching message digests or signatures to each sensing sample. In this paper, we attempt to overcome the above two drawbacks. In our design, the base station can recover all sensing data even these data has been aggregated. This property is called “recoverable.” Experiment results demonstrate that the transmission overhead is still reduced even if our approach is recoverable on sensing data. Furthermore, the design has been generalized and adopted on both homogeneous and heterogeneous wireless sensor networks.

A Gen2-Based RFID Authentication Protocol for Security and Privacy

EPCglobal Class-1 Generation-2 specification (Gen2 in brief) has been approved as ISO18000-6C for global use, but the identity of tag (TID) is transmitted in plaintext which makes the tag traceable and clonable. Several solutions have been proposed based on traditional encryption methods, such as symmetric or asymmetric ciphers, but they are not suitable for low-cost RFID tags. Recently, some lightweight authentication protocols conforming to Gen2 have been proposed. However, the message flow of these protocols is different from Gen2. Existing readers may fail to read new tags. In this paper, we propose a novel authentication protocol based on Gen2, called Gen2+, for low-cost RFID tags. Our protocol follows every message flow in Gen2 to provide backward compatibility. Gen2+ is a multiple round protocol using shared pseudonyms and Cyclic Redundancy Check (CRC) to achieve reader-to-tag authentication. Conversely, Gen2+ uses the memory read command defined in Gen2 to achieve tag-to-reader authentication. We show that Gen2+ is more secure under tracing and cloning attacks.

Dual RSA and Its Security Analysis

We present new variants of an RSA whose key generation algorithms output two distinct RSA key pairs having the same public and private exponents. This family of variants, called dual RSA, can be used in scenarios that require two instances of RSA with the advantage of reducing the storage requirements for the keys. Two applications for dual RSA, blind signatures and authentication/secrecy, are proposed. In addition, we also provide the security analysis of dual RSA. Compared to normal RSA, the security boundary should be raised when applying dual RSA to the types of small-d, small-e, and rebalanced-RSA.