Kuo-Hsuan Huang

Secure and efficient group key management with shared key derivation

In many network applications, including distant learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. In this paper, a new group key management protocol is proposed to reduce the communication and computation overhead of group key rekeying caused by membership changes. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The proposed protocol is shown to be secure and immune to collusion attacks, and it outperforms the other comparable protocols from our analysis and simulation. The protocol is particularly efficient with binary key trees and asynchronous rekeying, and it can be tuned to meet different rekeying delay or key size requirements.

ID-based digital signature scheme on the elliptic curve cryptosystem

Abstract The work presents a digital signature scheme on the elliptic curve cryptosystem, which is integrated with the identification scheme by Popescu [C. Popescu, An identification scheme based on the elliptic curve discrete logarithm problem, The 4th International Conference on High-Performance Computing in the Asia-Pacific Region, vol. 2 (2000) 624–625] using a one-way hash function. For making the trade-off of performance and security stand to benefit most, the proposed scheme is constructed on the elliptic curve cryptosystem. The scheme protects the signer from chosen-message attack and also identifies a forged signature.

Efficient migration for mobile computing in distributed networks

The speed and convenience of the Internet makes it advantageous to online applications. Basing on the elliptic curve cryptosystem, this study proposes a hierarchical mobile agent framework for handling key management and access control problems between mobile agent and host. It raises the security of key management, and also controls access to distributed environment in non-specific network. The proposed method successfully secures the accessing relationship between the mobile agent and the host while economizing the exhaust of storage space. Such an achievement lets the mobile agent operate efficiently, and puts in order a secure execution environment for mobile computing.

A secure electronic medical record sharing mechanism in the cloud computing platform

Privacy is a very important issue when storing electronic medical records. According to the definition set out in the Health Insurance Portability and Accountability Act (HIPPA), the confidential section of the electronic medical record needs to be protected. Thus, a mechanism to protect the patients privacy is needed during electronic medical record exchange and sharing. The privacy protection mechanism can be categorized into four types, namely anonymity, pseudonymity, unlinkability, and unobservability. In previous research in this area, mathematical conversions and cross reference tables have been utilized to conceal the confidential part of the electronic medical record to achieve privacy protection. However, it is harder to use these methods with respect to the unlinkability and unobservability mechanisms. Thus, this paper tries to improve on this aspect, and improves the unlinkability mechanism between the patient and the electronic medical record. Cloud computing is known for its fast computation capability and provides large storage space. Through cloud computing, the electronic medical record system in a hospital can be integrated, to facilitate the exchange and sharing of electronic medical records, and to provide smaller hospitals or clinics that have fewer resources with adequate electronic medical record storage space.

A conference key agreement protocol with fault-tolerant capability

Secure communication is of utmost importance to participants of Internet conferences. Secure communication thwarts eavesdropping. In an Internet conference, all conference participants together establish a common conference key to enable multi-party and secure exchange of messages. However, malicious conference participants may try to obtain the conference key through unfair means, and this could result in the generation of different conference keys. This paper is intended as a proposal of a new form of conference key agreement protocol. It emphasizes the filtering of malicious participants at the beginning of the conference to ensure that all participants obtain the same conference key. The proposed method also has fault-tolerant capability. Efficiency and security of a protocol is important in practice. The security of the proposed protocol is based on discrete logarithm problem assumption. The protocol is executed in computationally secure environment. The secret information of a user cannot be determined from its corresponding public information and therefore ensures privacy. Since efficiency of a protocol depends on low computation cost, the protocol attempts to achieve lower computation cost without compromising on security.

Bidder-anonymous English auction scheme with privacy and public verifiability

This work studies the English auction protocol, which comprises three interactive parties-the Registration Manager, the Auction Manager and the Bidder. The registration manager confirms and authenticates the identities of bidders; the auction manager issues the bidding rights and maintains order in holding the auction. The proposed scheme provides the following security features-anonymity, traceability, no framing, unforgeability, non-repudiation, fairness, public verifiability, non-linkability among various auction rounds, linkability within a single auction round, bidding efficiency, single registration, and easy revocation. The scheme developed herein can effectively reduce the load on the registration and auction managers by requiring the end server to derive the key. It also eliminates the need for bidders to download the auction key and the auction certificate. Hence, the time complexity of processing data is clearly reduced and the best interests of the bidders can be achieved. Accordingly, the scheme is consistent with the actual practice of online transactions.

Digital multi-signature scheme based on the elliptic curve cryptosystem

In the study, the digital multi-signature scheme, constructed by the integration of one-way hash function and identification scheme, are proposed based on the elliptic curvyecryptosystem (ECC). To the efficiency in performance, the ECC has been generally regarded as positive; and the security caused by the Elliptic Curve Discrete Logarithm Problem (ECDLP) is highly also taken highly important. The main characteristic of the proposed scheme is that the length of the multi-signature is fixed rather than changeable and it will not increase with the number of group members.

Application of Portable CDA for Secure Clinical-document Exchange

Health Level Seven (HL7) organization published the Clinical Document Architecture (CDA) for exchanging documents among heterogeneous systems and improving medical quality based on the design method in CDA. In practice, although the HL7 organization tried to make medical messages exchangeable, it is still hard to exchange medical messages. There are many issues when two hospitals want to exchange clinical documents, such as patient privacy, network security, budget, and the strategies of the hospital. In this article, we propose a method for the exchange and sharing of clinical documents in an offline model based on the CDA—the Portable CDA. This allows the physician to retrieve the patient’s medical record stored in a portal device, but not through the Internet in real time. The security and privacy of CDA data will also be considered.

A practical authenticated encryption scheme based on the elliptic curve cryptosystem

Abstract Encryption and decryption techniques can generally protect the confidentiality of communication delivered over networks, and the digital signature technique can be used to authenticate messages. These techniques—encryption, decryption and digital signature—are integrated in a new authenticated encryption scheme based on the elliptic curve cryptosystem, to achieve the confidentiality and authenticity of information. Moreover, the elliptic curve cryptosystem involves few operations and a short key, so the overheads of operation and communication are greatly reduced as compared to other systems, enabling the proposed scheme to be applied effectively in a network environment.

A traceable proxy multisignature scheme based on the elliptic curve cryptosystem

This study contributes to the public delivery of the delegation parameter and reduces the number of operations required to verify a proxy signature. A new proxy-protected proxy multisignature scheme is also proposed, which is based on the elliptic curve discrete logarithm problem (ECDLP). The proposed scheme inherits most of its merits from typical solutions to the discrete logarithm problem (DLP), thereby meeting the demand for security. The scheme that is based on the elliptic curve cryptosystem (ECC) can perform more efficiently than those based on DLP.