Jue-Sam Chou

A novel mutual authentication scheme based on quadratic residues for RFID systems

Recently, Chen et al. proposed a novel and efficient mutual authentication scheme based on quadratic residues for RFID systems. The scheme is efficient in that it uses direct indexing to search the back-end database, instead of brute-force search in most existing schemes. In addition, the scheme satisfies all the security requirements needed in an RFID system; i.e., (1) tag ID (TID) anonymity, (2) individual location privacy, (3) forward secrecy, (4) resistance to replay attack, and (5) resistance to denial-of-service (DOS) attack. In this paper, however, we will show that their scheme is vulnerable to tag tracking attacks and reader/server spoofing attacks. We, then, present an improvement to overcome these drawbacks, while preserving all their merits.

A novel electronic cash system with trustee-based anonymity revocation from pairing

Untraceable electronic cash is an attractive payment tool for electronic-commerce because its anonymity property can ensure the privacy of payers. However, this anonymity property is easily abused by criminals. In this paper, several recent untraceable e-cash systems are examined. Most of these provide identity revealing only when the e-cash is double spent. Only two of these systems can disclose the identity whenever there is a need, and only these two systems can prevent crime. We propose a novel e-cash system based on identity-based bilinear pairing to create an anonymity revocation function. We construct an identity-based blind signature scheme, in which a bank can blindly sign on a message containing a trustee-approved token that includes the users identity. On demand, the trustee can disclose the identity for e-cash using only one symmetric operation. Our scheme is the first attempt to incorporate mutual authentication and key agreement into e-cash protocols. This allows the proposed system to attain improvement in communication efficiency when compared to previous works.

An efficient mutual authentication RFID scheme based on elliptic curve cryptography

Radio frequency identification (RFID) tags have been widely deployed in many applications, such as supply chain management, inventory control, and traffic card payment. However, these applications can suffer from security issues or privacy violations when the underlying data-protection techniques are not properly designed. Hence, many secure RFID authentication protocols have been proposed. According to the resource usage of the tags, secure RFID protocols are classified into four types: full-fledged, simple, lightweight, and ultra-lightweight. In general, non-full-fledged protocols are vulnerable to desynchronization, impersonation, and tracking attacks, and they also lack scalability. If the tag resources allow more flexibility, full-fledged protocols seem to be an attractive solution. In this study, we examine full-fledged RFID authentication protocols and discuss their security issues. We then design a novel RFID authentication protocol based on elliptic curve cryptography, to avoid these issues. In addition, we present a detailed security analysis and a comparison with related studies; the results show that our scheme is more resistant to a variety of attacks and that it has the best scalability, while maintaining competitive levels of efficiency.

ECC-based untraceable authentication for large-scale active-tag RFID systems

Radio frequency identification tag authentication protocols are generally classified as non-full-fledged and full-fledged, according to the resource usage of the tags. The non-full-fledged protocols typically suffer de-synchronization, impersonation and tracking attacks, and usually lack scalability. The full-fledged protocols, supporting cryptographic functions, are designed to overcome these weaknesses. This paper examines several elliptic-curve-cryptography (ECC)-based full-fledged protocols. We found that some still have security and privacy issues, and others generate excessive communication costs between the tag and the back-end server. Motivated by these observations, we construct two novel protocols, PI and PII. PI is designed for secure environments and is suitable for applications, including E-Passport and toll payment in vehicular ad-hoc networks. PII is for hostile environments and can be applied in pseudonymous payment and anti-counterfeiting services. After analysis, we conclude that PII can resist many attacks, outperform previous ECC-based proposals in communication efficiency, and provide mutual authentication function and scalability.

A novel hierarchical key management scheme based on quadratic residues

In 1997, Lin [1] proposed a dynamic key management scheme using user hierarchical structure. After that, Lee [2] brought to two comments on Lins method. In 2002, Lin [3] proposed a more efficient hierarchical key management scheme based on Elliptic Curve. Lins efficient scheme solves the weaknesses appearing in Lees scheme in [1]. In this paper, we further use Quadratic Residues (Q.R.) theorem to reduce the computing complexity of Lins method.

A novel anonymous proxy signature scheme

Recently, several studies about proxy signature schemes have been conducted. In 2009, Yu et al. proposed an anonymous proxy signature scheme attempting to protect the proxy signers privacy from outsiders. They claimed that their scheme can make the proxy signer anonymous. However, based on our research, we determined that this was not the case and the proxy signers privacy was not anonymous. Hence, in this paper, we propose a new anonymous proxy signature scheme that truly makes the proxy signer anonymous whilemaking it more secure and efficient when compared with Yu et al.s scheme. Our proxy signature scheme consists of two contributions. First, we mainly use random numbers and bilinear pairings to attain the anonymous property. Secondly, we increase the security and efficiency of our proxy in the design.

A novel k -out-of- n oblivious transfer protocol from bilinear pairing

Oblivious transfer (OT) protocols mainly contain three categories: 1-out-of-2 OT, 1-out-of-n OT, and k-out-of-n OT. In most cases, they are treated as cryptographic primitives and are usually executed without consideration of possible attacks that might frequently occur in an open network, such as an impersonation, replaying, or man-in-the-middle attack. Therefore, when used in certain applications, such as mental poker games and fair contract signings, some extra mechanisms must be combined to ensure the security of the protocol. However, after a combination, we found that very few of the resulting schemes are efficient enough in terms of communicational cost, which is a significant concern for generic commercial transactions. Therefore, we propose a novel k-out-of-n oblivious transfer protocol based on bilinear pairing, which not only satisfies the requirements of a k-out-of-n OT protocol, but also provides mutual authentication to resist malicious attacks. Meanwhile, it is efficient in terms of communication cost.

Improved multi-server authentication protocol

In a multi-server environment, a user only needs to register at the registration center once instead of repeatedly registering in each server. After registration, the user can access the resources of any of the servers in the system. Many protocols have been proposed for the same. Recently, Geng–Zhang, Zhu et al., and Yoon–Yoo each proposed a multi-server authentication scheme. They claimed that their schemes are secure and can withstand various attacks. However, after analyses, we found that their schemes are deficient. In this paper, we first demonstrate the deficiencies of these three protocols in turn and then show our improvement on Geng–Zhangs protocol. Our improvement makes use of both the users and the servers secrecy to achieve mutual authentication. This results in a two-pass multi-server authentication scheme. We have analyzed its security with respect to several factors such as mutual authentication, perfect forward and backward secrecy, and prevention of smart-card-lost attack. Moreover, almost all of the parameters required for a user to log on to a server can be pre-computed. This is very important for a low-energy mobile computing device. That is, our improvement is not only one of the most efficient and secure schemes in this area but also suitable for mobile device. Copyright

An efficient session key generation for NTDR networks based on bilinear paring

Near-term digital radio (NTDR) network is a kind of MANET in which mobile nodes are assigned into different clusters. Therefore, it can let the nodes to communicate with each other efficiently in a large area. Despite several NTDR protocols have been proposed, there still lacks an efficient secure one. Accordingly, in this paper, we propose a new method based on ID-based bilinear pairings to overcome the unsolved security problems nowadays. After our analysis, we conclude that our scheme is the first protocol for NTDR network that is not only secure but also very efficient.

A constant-time identifying large-scale RFID tags using lines on a plane

In this paper, we propose a new approach to identify a tag of a radio frequency identification system in constant time while keeping untraceability to the tag. Our scheme does not use any cryptographic primitives. Instead, we use a line in a plane to represent a tag. The points on the line, which are infinite and different each other, can be used as tag identification. We also explore the scalability of the proposed scheme. The result of experiments showed that a tag of the radio frequency identification system over 1000000 tags, embedded 3K memory, can store 559 dynamic identity proofs. Copyright