Kuo-Hui Yeh

Two robust remote user authentication protocols using smart cards

With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated by research community in these two decades. Recently, two well-designed password based authentication schemes using smart cards are introduced by Hsiang and Shih (2009) and Wang et al. (2009), respectively. Hsiang et al. proposed a static ID based authentication protocol and Wang et al. presented a dynamic ID based authentication scheme. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as mutual authentication, data security, no verification table implementation, freedom on password selection, resistance against ID-theft attack, replay attack and insider attack, as well as computation efficiency. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes.

An efficient mutual authentication scheme for EPCglobal class-1 generation-2 RFID system

The nature of data security vulnerability and location privacy invasion of RFID systems have become a serious problem after hundreds of RFID application systems deployed all over the world. One of the promising solution directions is to provide an efficient authentication scheme with the compliance of international RFID standards such as EPCglobal, ISO18000-1 and ISO18000-6. In this study, we propose a novel authentication scheme for RFID systems with excellent data security properties, robust location privacy preservation and efficient data matching/retrieval mechanism. In addition, our scheme is compatible to EPCglobal Class-1 Generation-2 RFID standards because only simple cryptographic primitives such as pseudo-random number generator and cyclic redundancy check are required to be implemented in RFID tags.

Anonymous Coexistence Proofs for RFID Tags

In a world with RFID carriers everywhere, the coexistence proof of multiple RFID-tagged objects shown at the same time and the same place can become a very useful mechanism and be adopted in many application areas such as computer forensics, evidences in law, valuables security, and warning or notification systems, etc. In order to support the correctness of derived proofs, it is necessary to design secure and robust coexistence proofs protocols based on RFID characteristics. In this paper we address the security and privacy requirements for a secure coexistence proofs protocol on RFID tags to defend against tag privacy divulgence, forward secrecy disclosure, denial-of-proof (DoP) attack, and authentication sequence disorder. Along with these design criterions, a recent published secure proofs protocol [11] is evaluated to identify the demand area for security enhancement. To overcome found security weaknesses, tag privacy divulgence and the new known DoP attack in previous proofs schemes, we introduce three anonymous coexistence proofs protocols. According to our security and performance analyses, the proposed protocols possess all required security properties with the same complexity order of the clumping-proofs protocol on computation cost.

Cryptanalysis of Hsiang-Shih's authentication scheme for multi-server architecture

From user point of view, password-based remote user authentication technique is one of the most convenient and easy-to-use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password-based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well-designed password-based authentication protocol for multi-server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright

Cryptanalysis of two three-party encrypted key exchange protocols

Due to the simplicity of maintaining human memorable passwords without any assistant storage device, password-based three-party encrypted key exchange (3PEKE) protocol has become one of the most promising research fields on user authentication and secure communication. In 2008, Chen et al. and Yoon and Yoo both pointed that Chang and Changs password-based 3PEKE scheme cannot resist against undetectable on-line password guessing attacks, and then respectively proposed an improved protocol to eliminate the security vulnerability. However, based on the security analyses conducted by us, we find that both of their protocols are still vulnerable against undetectable on-line password guessing attacks. Accordingly, we develop a novel 3PEKE protocol to remedy these authentication flaws. Moreover, our proposed protocol can achieve better performance efficiency by requiring only four message transmission rounds. In conclusion, we can claim that our proposed 3PEKE protocol is more secure and efficient in comparison with the protocols proposed by Chen et al. and Yoon and Yoo.

Novel RFID authentication schemes for security enhancement and system efficiency

As industries aggressively deploy Radio Frequency IDentification application systems, the user privacy invasion and system security threats are increasingly concernd by individuals and organizations. Recently several hash-based mutual authentication schemes have been proposed to resolve security-related problems. However, previous schemes either suffer from security loopholes or have system efficiency problem for identity match process. In this paper, the security flaws of two recently proposed hash-based authentication schemes are analyzed at first. Based on this analysis, we identify the security and privacy criterions for the authentication process of RFID systems, and propose a new mutual authentication scheme to eliminate possible security flaws and enhance privacy protection to the owner of an object with RFID tag attached on it. In addition, we develop an efficient identity match and retrieval mechanism to relieve the heavy computation load of traditional match scheme between received tag identity and records in backend database of RFID systems.

A Secure IoT-Based Healthcare System With Body Sensor Networks

The ever-increasing advancement in communication technologies of modern smart objects brings with it a newera of application development for Internet of Things (IoT)-based networks. In particular, owing to the contactless-ness nature and efficiency of the data retrieval of mobile smart objects, such as wearable equipment or tailored bio-sensors, several innovative types of healthcare systems with body sensor networks (BSN) have been proposed. In this paper, we introduce a secure IoT-based healthcare system, which operates through the BSN architecture. To simultaneously achieve system efficiency and robustness of transmission within public IoT-based communication networks, we utilize robust crypto-primitives to construct two communication mechanisms for ensuring transmission confidentiality and providing entity authentication among smart objects, the local processing unit and the backend BSN server. Moreover, we realize the implementation of the proposed healthcare system with the Raspberry PI platform to demonstrate the practicability and feasibility of the presented mechanisms.

A Provably Secure Multi-server Based Authentication Scheme

With the rapid growth of electronic commerce and demand on variants of Internet based applications, the system providing resources and business services often consists of many servers around the world. So far, a variety of authentication schemes have been published to achieve remote user authentication on multi-server communication environment. Recently, Pippal et al. proposed a multi-server based authentication protocol to pursue the system security and computation efficiency. Nevertheless, based on our analysis, the proposed scheme is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this study, we first demonstrate how these malicious attacks can be invoked by an adversary. Then, a security enhanced authentication protocol is developed to eliminate all identified weaknesses. Meanwhile, the proposed protocol can achieve the same order of computation complexity as Pippal et al.’s protocol does.

An efficient certificateless signature scheme without bilinear pairings

During these years, the research field of certificateless signature (CLS) scheme is promptly investigated as the key escrow problem in identity-based cryptography can be solved via CLS concept. However, due to the bandwidth limitation of mobile communication and the resource-constraint property of handheld mobile devices, most CLS schemes cannot fulfill the requirement of computation efficiency for mobile communication architecture. Hence, the design of lightweight CLS protocol refined from traditional cryptosystem technologies for existing mobile communication environment becomes one of the most important research trends. In this paper, we demonstrate a novel CLS scheme which is immune against bilinear pairings. Without the heavy computation of bilinear pairings, our proposed scheme is efficient and practical for mobile communication. Meanwhile, the proposed CLS scheme possesses strong security density owing to the adoption of point addition of elliptic curve cryptography. A formal security analysis is presented to guarantee the security robustness of our CLS protocol under the hardness of breaking elliptic curve discrete logarithm problem.

Novel authentication schemes for iot based healthcare systems

With the advancement of information communication technologies, the evolution of the Internet has given rise to a ubiquitous network consisting of interconnected objects (or things), called the Internet of Things (IoT). Recently, the academic community has made great strides in researching and developing security for IoT based applications, focusing, in particular, on healthcare systems based on IoT networks. In this paper, we propose a sensor (or sensor tags) based communication architecture for future IoT based healthcare service systems. A secure single sign-on based authentication scheme and a robust coexistence proof protocol for IoT based healthcare systems are proposed. With the formal security analysis, the robustness of the two proposed schemes is guaranteed under the adversary model.