Tzer-Shyong Chen

Secure Dynamic Access Control Scheme of PHR in Cloud Computing

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system “personal health records (PHR)” is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access scheme in Cloud computing environments is proven flexible and secure and could effectively correspond to real-time appending and deleting user access authorization and appending and revising PHR records.

Efficient migration for mobile computing in distributed networks

The speed and convenience of the Internet makes it advantageous to online applications. Basing on the elliptic curve cryptosystem, this study proposes a hierarchical mobile agent framework for handling key management and access control problems between mobile agent and host. It raises the security of key management, and also controls access to distributed environment in non-specific network. The proposed method successfully secures the accessing relationship between the mobile agent and the host while economizing the exhaust of storage space. Such an achievement lets the mobile agent operate efficiently, and puts in order a secure execution environment for mobile computing.

A Password-Based User Authentication Scheme for the Integrated EPR Information System

With the rapid development of the Internet, digitization and electronic orientation are required in various applications of our daily life. For e-medicine, establishing Electronic patient records (EPRs) for all the patients has become the top issue during the last decade. Simultaneously, constructing an integrated EPR information system of all the patients is beneficial because it can provide medical institutions and the academia with most of the patients’ information in details for them to make correct decisions and clinical decisions, to maintain and analyze patients’ health. Also beneficial to doctors and scholars, the EPR system can give them record linkage for researches, payment audits, or other services bound to be developed and integrated into medicine. To tackle the illegal access and to prevent the information from theft during transmission over the insecure Internet, we propose a password-based user authentication scheme suitable for information integration.

A conference key agreement protocol with fault-tolerant capability

Secure communication is of utmost importance to participants of Internet conferences. Secure communication thwarts eavesdropping. In an Internet conference, all conference participants together establish a common conference key to enable multi-party and secure exchange of messages. However, malicious conference participants may try to obtain the conference key through unfair means, and this could result in the generation of different conference keys. This paper is intended as a proposal of a new form of conference key agreement protocol. It emphasizes the filtering of malicious participants at the beginning of the conference to ensure that all participants obtain the same conference key. The proposed method also has fault-tolerant capability. Efficiency and security of a protocol is important in practice. The security of the proposed protocol is based on discrete logarithm problem assumption. The protocol is executed in computationally secure environment. The secret information of a user cannot be determined from its corresponding public information and therefore ensures privacy. Since efficiency of a protocol depends on low computation cost, the protocol attempts to achieve lower computation cost without compromising on security.

The Enhancement of Security in Healthcare Information Systems

With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the “Internet”. For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

An agent-based English auction protocol using Elliptic Curve Cryptosystem for mobile commerce

Rapid development of the Internet and the extensive use of mobile phones have increased demand for mobile devices in Internet auctions. This trend is acting as an incentive to develop an auction model for mobile-based environment. Recently, Kuo-Hsuan Huang proposed a mobile auction agent model (MoAAM), which allows the bidders to participate in online auctions through a mobile agent. He used modular exponentiation operations in his method. As a result, the processing time for key generation, bidding, and verification were long. Thus, we propose to add the concept of Elliptic Curve Cryptosystem (ECC) onto MoAAM, because ECC has low computation amount and small key size, both of which will aid to increase the speed in generating keys, bidding, and verification. In terms of reduction of computation load on mobile devices and auction-manager server, the proposed method will make online auction system more efficient as well as more convenient to use. This paper mainly uses the English auction protocol as the key auction protocol. The protocol consists of four entities: Registration Manager (RM), Agent House (AH), Auction House (AUH), and Bidders (B). The Registration Manager registers and verifies Bidder identity. The Agent House manages the agents and assigns public transaction keys to Bidders. The Auction House provides a place for auction and maintains all necessary operations for a smooth online auction. Bidders are buyers who are interested in purchasing items at the auction. Our proposed method conforms to the requirements of an online auction protocol in terms of anonymity, traceability, no framing, unforgetability, non-repudiation, fairness, public verifiability, unlinkability among various auction rounds, linkability within a single auction round, efficiency of bidding, one-time registration, and easy revocation.

A novel application of grey system theory to information security (Part I)

This study applies the grey data generating techniques in grey system theory on a novel cryptosystem, which is guiding a new research in the field of information security. In this paper, we present the concepts of sum-lock, difference-lock, sum-ladder, and difference-ladder. Using these concepts, we can obtain a cryptosystem with lock generation and sum-difference mixed ladder. The cryptographic algorithms for our cryptosystem are also presented and an illustrative example is used to verify it.

A Mobile Agent Approach for Secure Integrated Medical Information Systems

Different patient-related information in medical organizations is the primary reference for medical personnel diagnosing, treating, and caring patients. With the rapid development of information technology, paper-based medical records have gradually been changed to electronic forms. However, different medical organizations present individual system specifications and data-saving formats so that the medical information of the same patient cannot be exchanged, shared, and securely accessed. In order not to largely change the present medical information systems as well as not to increase abundant costs, Virtual Integrated Medical-information Systems (VIMS) is proposed to assist various hospitals in information exchange. Furthermore, with Mobile Agent, the dispersed medical information can be securely integrated. It presents confidentiality, non-repudiation, source authentication, and integrity in network transmission. Virtual Integrated Medical-information Systems (VIMS) is a virtual electronic integration system combined with Mobile Agent technology. With the features of independence, adaptability, mobility, objectives, and autonomy, Mobile Agent is applied to overcome the problems from heterogeneous systems. With the features, the over-dispersed medical records can be integrated. Moreover, Mobile Agent can ensure the instantaneity and usability of medical records from which doctors can make the most appropriate evaluation and diagnoses. It will avoid the waste of medical resources, such as repetition medication, as well as become the reference of further consultation or health check. Not only can it improve the medical care quality, but it can be provided for medical research.

Efficient Hierarchical Key Management Scheme for Access Control in the Mobile Agent

Technologies and their applications related to e-commerce have always been the topic of interests to attract researchers and widely discussed. Among them, the use of the mobile agent in e-commerce is a highly potential technology which has accumulated a lot of interests in recent years. Since the mobile agent has high autonomy and mobility, it can move, unbridled, in different execution environments. At the same time, it can automatically detect its current environment and respond accordingly. Finally, it can also carry out work, or tasks assigned to it by its user. The above qualities make the mobile agent very suitable for use in e-commerce. The internet is an open environment. When there is a need to transfer, or exchange confidential information over the internet, the security of the present Internet environment must be improved. Even so, during its execution, a mobile agent needs to roam around the internet between different servers on the internet. At the same time, a mobile agent may also come in contact, or interact with other mobile agents or hosts. Therefore, the users may worry that a mobile agent may not work properly if it meets with a malicious program, or if it is tampered with by a malicious host, or that confidential information carried by the mobile agent may be stolen by other agents. To ensure the safety of mobile agents on the internet, this paper proposes a security scheme suitable for use to mobile agents: The scheme includes access control and key management to ensure the security and confidentiality of information and the system. In view of the access control and key management scheme for mobile agents proposed by Volker and Mehrdad[l], this paper proposes a new scheme that uses the concepts of polynomial interpolation formula[19], the hierarchy structure and the superkey[8] to improve the previous security schemes which need a large amount of space for the mobile agent. According to this papers security and performance analysis, it is proved that the proposed scheme can efficiently protect the mobile agents.

Digital multi-signature scheme based on the elliptic curve cryptosystem

In the study, the digital multi-signature scheme, constructed by the integration of one-way hash function and identification scheme, are proposed based on the elliptic curvyecryptosystem (ECC). To the efficiency in performance, the ECC has been generally regarded as positive; and the security caused by the Elliptic Curve Discrete Logarithm Problem (ECDLP) is highly also taken highly important. The main characteristic of the proposed scheme is that the length of the multi-signature is fixed rather than changeable and it will not increase with the number of group members.