Shin-Yan Chiou

Efficient Authentication Schemes for Handover in Mobile WiMAX

Mobile WiMAX is the next generation of broadband wireless network. It allows users to roam over the network under vehicular speeds. However, when a mobile station changes from one base station to another, it should be authenticated again. This may lead to delay in communication, especially for real-time applications, such as VoIP and Pay-TV systems. In this paper, we propose two efficient schemes to enhance the performance of authentication during handover in mobile WiMAX. The first scheme adopts, instead of the standard EAP method used in handover authentication, an efficient shared key-based EAP method. The second one, skips the standard EAP method, does the authentication in SA-TEK three-way handshake in PKMv2 process. In addition, the security proofs of our schemes are provided in this paper.

Modifying the ECC-Based Grouping-Proof RFID System to Increase Inpatient Medication Safety

RFID technology is increasingly used in applications that require tracking, identification, and authentication. It attaches RFID-readable tags to objects for identification and execution of specific RFID-enabled applications. Recently, research has focused on the use of grouping-proofs for preserving privacy in RFID applications, wherein a proof of two or more tags must be simultaneously scanned. In 2010, a privacy-preserving grouping proof protocol for RFID based on ECC in public-key cryptosystem was proposed but was shown to be vulnerable to tracking attacks. A proposed enhancement protocol was also shown to have defects which prevented proper execution. In 2012, Lin et al. proposed a more efficient RFID ECC-based grouping proof protocol to promote inpatient medication safety. However, we found this protocol is also vulnerable to tracking and impersonation attacks. We then propose a secure privacy-preserving RFID grouping proof protocol for inpatient medication safety and demonstrate its resistance to such attacks.

Secure Method for Biometric-Based Recognition with Integrated Cryptographic Functions

Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied.

Common Friends Discovery with Privacy and Authenticity

In this paper, we propose a common friend discovery algorithm considering the privacy of users and the authenticity of friend relationships. The privacy means users’ other friends’ information does not be leaked except their common friends. The authenticity signifies anyone can not successfully claim he is a friend of someone unless he really is. It has many applications such as playing games by friends, finding talking-topics by strangers, finding introducer of job interview, finding matchmaker of someone you desire to know, etc. We consider its security and matching probability. We also implement the algorithm in two mobile phones to prove that it is workable.

Mobile common friends discovery with friendship ownership and replay-attack resistance

Online social networking applications are nearly ubiquitous, but are currently limited to trusted infrastructure. For example, two unfamiliar users can exploit their social proximity to discover common friends, but otherwise face considerable difficulty in discovering of things they may have in common. However, social proximity depends on access personal data, raising concerns regarding potential data leakage from databases, the degree of trust in the particular social proximity, and user unwillingness to disclose the nature of personal friendships. Previous works have used mobile middleware to provide alternatives to hosting personal data in a fixed database, but these approaches still require users to divulge private information. Other approaches have used private-preserved decentralized online social networks to solve centralization and privacy issues, but these methods are still subject to other security problems such as mutual authentication, data-spoofing and replay attacks. This paper proposes the development of secure mobile common friends discovery methods to preserve the privacy of friendship data, establish mutual authentication between contact users, provide mutual proof of friendship, and provide protection against friendship spoofing and replay attacks. The proposed methods are shown to be secure and efficient, and are implemented in mobile phones that allow users to find common friends securely in seconds.

An improvement of privacy-preserving ECC-based grouping proof for RFID

In 2010, Batina et al. proposed a privacy-preserving grouping proof protocol for RFID (Radio-Frequency Identification) based on ECC (Elliptic Curve Cryptography). Recently, Lv et al. have shown that Batina et al.s protocol is not secure against the tracking attack. Lv et al. also proposed an enhancement protocol based on Batina et al.s work to against the tracking attack. In this paper we proved Lv et al.s protocol can not work. We also present an improvement version of privacy-preserving ECC-based grouping-proof protocol to against the tracking attack.

A Trustable Reputation Scheme Based on Private Relationships

Online reviews are widely used for purchase decisions. Their trustworthiness is limited, however, by fake reviews. Fortunately, opinions from friends in a social network are more reliable but less convenient to obtain. Combining the advantages of online reviews and opinions from friends can be achieved by enabling users to recognize the online reviews originating from their friends. By leveraging buyers’ trust to nearby friends within their social network, it is possible to provide them in some cases with online reviews they can entirely trust. In this paper we present techniques to enable users to recognize the online reviews from their friends in a privacy-preserving manner. Our approach has many applications such as Internet auctions and online gaming.

Micropayment schemes with ability to return changes

Many secure micropayment schemes have been proposed as the desire to support the low-value and the high-volume purchases of some e-commerce applications such as mobile commerce services or web-based interactive video services. However it seems that no one studies how to add the ability of returning changes in micropayment schemes. In this paper, we take the lead in studying the micropayment schemes with ability to return changes (MSRC), which reduce the hash operations in transaction phase. When compared with the previous micropayment schemes, the proposed MSRC have the low computation costs and thus is more suitable and practical for mobile commerce environments, where have the limited computation capability and the limited bandwidth.

An Authenticated Privacy-Preserving Mobile Matchmaking Protocol Based on Social Connections with Friendship Ownership

The increase of mobile device use for social interaction drives the proliferation of online social applications. However, it prompts a series of security and existence problems. Some common problems are the authenticity of social contacts, the privacy of online communication, and the lack of physical interaction. This work presents mobile private matchmaking protocols that allow users to privately and immediately search the targets which match their planning purposes via mobile devices and wireless network. Based on social networks, the relationships of targets can be unlimited or limited to friends or friends of friends. It considers the privacy of users and the authenticity of friendships. The privacy means that no private information, except chosen targets, is leaked and the authenticity that signifies no forgery relationships can be successfully claimed. It applies to many applications such as searching for a person to talk to, to dine with, to play games with, or to see a movie with. The proposed scheme is demonstrated to be secure, effective, and efficient. The implementation of the proposed algorithms on Android system mobile devices allows users to securely find their target via mobile phones.

Authenticated Blind Issuing of Symmetric Keys for Mobile Access Control System without Trusted Parties

Mobile authentication can be used to verify a mobile user’s identity. Normally this is accomplished through the use of logon passwords, but this can raise the secret-key agreement problem between entities. This issue can be resolved by using a public-key cryptosystem, but mobile devices have limited computation ability and battery capacity and a PKI is needed. In this paper, we propose an efficient, non-PKI, authenticated, and blind issued symmetric key protocol for mobile access control systems. An easy-to-deploy authentication and authenticated key agreement system is designed such that empowered mobile devices can directly authorize other mobile devices to exchange keys with the server upon authentication using a non-PKI system without trusted parties. Empowered mobile users do not know the key value of the other mobile devices, preventing users from impersonating other individuals. Also, for security considerations, this system can revoke specific keys or keys issued by a specific user. The scheme is secure, efficient, and feasible and can be implemented in existing environments.