Jheng-Jia Huang

Strongly Privacy-Preserving Communication Protocol for VANETs

Vehicular ad hoc networks (VANETs) are advanced instances of mobile ad hoc networks with the aim of enhancing the safety and efficiency of road traffic. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. Traffic accident notifications) to other vehicles and remind drivers to change their routes immediately or slow down to avoid dangers. However, some concerns on security and privacy are also raised in this environment. Messages should be signed and verified before they are trusted while the real identities of vehicles should not be revealed to guarantee source privacy, but they must be still traceable when VANETs were abused (e.g. Sending a fake message). Many related works have been presented in the literature so far. They can be generally divided into two constructions, where one is based on pseudonymous authentication and the other is based on group signatures. However, both of the two constructions have some drawbacks. In a pseudonymous-authentication-based scheme, a large revocation list is usually transmitted among vehicles. A group-signature-based scheme needs a large amount of computations for revocation checking. Furthermore, most of the previous schemes cannot support privacy preservation between roadside units (RSUs) and vehicles. Consequently, in this paper, we come up with a provably secure and strong privacy preserving protocol based on the blind signature technique to guarantee privacy and fulfill other essential security requirements in the vehicular communication environment. Furthermore, compared with other similar works, we offer an efficient tracing mechanism to trace and revoke the vehicles which abused the VANETs. Finally, we provide security analysis to show that our proposed scheme is secure.

Lightweight Authentication Scheme with Dynamic Group Members in IoT Environments

In IoT environments, the user may have many devices to connect each other and share the data. Also, the device will not have the powerful computation and storage ability. Many studies have focused on the lightweight authentication between the cloud server and the client in this environment. They can use the cloud server to help sensors or proxies to finish the authentication. But in the client side, how to create the group session key without the cloud capability is the most important issue in IoT environments. The most popular application network of IoT environments is the wireless body area network (WBAN). In WBAN, the proxy usually needs to control and monitor users health data transmitted from the sensors. In this situation, the group authentication and group session key generation is needed. In this paper, in order to provide an efficient and robust group authentication and group session key generation in the client side of IoT environments, we propose a lightweight authentication scheme with dynamic group members in IoT environments. Our proposed scheme can satisfy the properties including the flexible generation of shared group keys, the dynamic participation, the active revocation, the low communication and computation cost, and no time synchronization problem. Also our scheme can achieve the security requirements including the mutual authentication, the group session key agreement, and prevent all various well-known attacks.

Verifiable Privacy-Preserving Payment Mechanism for Smart Grids

Smart grids have become a future trend due to the development of technology and increased energy demand and consumption. In smart grids, a user’s electricity consumption is recorded by their smart meters, and the smart meters submit the data to the operation center in each time unit for monitoring. The operation center analyzes the data it receives to estimate user’s electricity usage in the next time unit and to ensure dynamic energy distribution. Compared to traditional grids, the electricity can be flexibly controlled, and waste is decreased in smart grids. However, details of user’s daily lives may be leaked out through the frequent monitoring of user’s electricity usage, which causes the problem of privacy preserving. To solve the problem, data aggregation mechanisms are adopted in this environment. The power usage data in the same units are aggregated before being sent to the operation center. This aggregation prevents personal electricity usage data from being shared with the operation center. Thus, a user’s privacy is protected. Along with the increase in the number of research studies on smart grids, many studies on the privacy-preserving issues of power usage have been published. However, both power usage data and electricity payment data may jeopardize user’s privacy. The operation center is able to obtain user’s private information by analyzing a user’s electricity payments. Therefore, we propose a verifiable privacy-preserving payment mechanism for smart grids. In our scheme, users can submit electricity payments without revealing any private information and the operation center can verify the correctness of the payment.

Homomorphic encryption supporting logical operations

Homomorphic encryption is a form of encryption that allows computations to be carried out on ciphertext and generate an encrypted result which, when decrypted, matches the result of operations performed on the plaintexts. The feature of homomorphic encryption is used in modern communication system architectures and cryptosystems. In view of the previous works, most of homomorphic encryptions support additive or multiplicative homomorphism. There is few homomorphic encryption schemes tailored for logical operations. In this paper, we propose a homomorphic encryption scheme that supports logical operations. Additionally, our proposed scheme can be applied to 2-DNF and k-CNF. Furthermore, the security of the proposed scheme is based on the subgroup decision assumption.

Multireceiver Predicate Encryption for Online Social Networks

Among the applications of the internet and cloud computing, online social network (OSN) is a very popular service. Since a lot of personal information is stored on the OSN platform, privacy protection on such an application has become a critical issue. Apart from this, OSN platforms need advertisement revenue to enable continued operations. However, if the users encrypt their messages, then OSN providers cannot generate accurate advertisement to users. Thus, how to achieve both privacy preserving and accurate advertisement is a worth-discussing issue. Unfortunately, none of the works on OSNs can achieve both privacy preserving and accurate advertisement simultaneously. In view of this, we propose the first multireceiver predicate encryption scheme for OSN platforms. Not only does the proposed scheme protects the users’ privacy but it achieves customized advertisement as well. Compared with other predicate encryptions deployed in OSN platforms, the proposed scheme gains much shorter ciphertext. The semantic security and attribute hiding of the proposed scheme are proved under the standard model.

An Efficient Signature Scheme for Anonymous Credentials

After Chaum introduced the concept of anonymous credential systems, a number of similar systems have been proposed; however, these systems use zero-knowledge protocols to authenticate users resulting in inefficient authentication in the possession of credential proving stage. In order to overcome this drawback of anonymous credential systems, we use partially blind signatures and chameleon hash functions to propose a signature scheme such that both the prover and the verifier achieve efficient authentication. In addition to giving a computational cost comparison table to show that the proposed signature scheme achieves more efficient possession proving than others, we provide concrete security proofs under the random oracle model to demonstrate that the proposed scheme satisfies the properties of anonymous credentials.

Flexible Authentication Protocol with Key Reconstruction in WBAN Environments

Wireless body area network (WBAN) plays an important part in mobile healthcare. WBAN can be imagined as a small wireless local area network around our body. In WBAN, there exist three roles: sensors, gateway, and healthcare center. However, the communication distance between sensors and gateway is only 1-2 meters. If the gateway is lost or leaves the range of WBAN consisting of the sensors, the sensed data will not be aggregated and forwarded. Furthermore, the original gateway holds the long-term key shared with the healthcare center, but the users devices which may serve as the backup gateway do not hold the long-term key. In order to deal with the problems, we propose a key reconstruction protocol for WBAN. In the proposed protocol, the original gateway enables the backup gateway to reconstruct a temporary token, and the backup gateway will use the temporary token to establish a secure channel with the healthcare center without using the long-term key of the original gateway.

A Secure and Efficient Smartphone Payment Scheme in IoT/Cloud Environments

In IoT/Cloud environments, to provide an efficient and flexible payment service is very important since the client/device may not have a large storage and computation capability to finish the payment process. In these environments, any thin client/device may issue a service request to the cloud. For the fast progress of smartphone systems, a smartphone can help the client/device to finish the payment process with the help of the carrier. Although the smart phone may have more storage and computation capability than the client/device, the computation ability is also restricted. In this paper, in order to provide an efficient payment and authentication service framework in the IOT/Cloud environments, we propose a secure and efficient smartphone payment scheme in IoT/Cloud environments. Our proposed scheme can satisfy the properties including low communication and computation cost, no time synchronization problem, unforgeability, non-repudiation, and integrity. Also our scheme can achieve the security requirements including mutual authentication, session key agreement, and preventing all various well-known attacks.

Secure Certificateless Signature Scheme Supporting Batch Verification

In this paper, we propose a secure certificate less signature scheme supporting batch verification, which makes it possible for a verifier to verify a set of signatures more efficiently than verifying them one by one. In our proposed scheme, it is impossible for PKG to produce a signature which is indistinguishable from any signature produced by a user. Compared with existing signature schemes with batch verification, although our proposed scheme is not the most efficient one, it achieves Giraults Level-3 security, while the others have Giraults Level-1 or Level-2 security only.