Wen-Shenq Juang

Efficient multi-server password authenticated key agreement using smart cards

Remote user authentication and key agreement scheme using smart cards is a very practical solution to validate the eligibility of a remote user and provide secure communication later. Also, due to fast progress of networks and information technology, most of provided services are in multi-server environments. In this paper, we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality. The major merits include: (1) users only need to register at the registration centre once and can use permitted services in eligible servers; (2) the scheme does not need a verification table: (3) users can freely choose their passwords; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the user and the server; and (7) it is a nonce-bayed scheme which does not have a serious time-synchronization problem.

Efficient password authenticated key agreement using smart cards

The smart-card based remote user authentication and key agreement scheme is a very practical solution to create a secure distributed computer environment. In this paper, we propose a novel user authentication and key agreement scheme with much less computational cost and more functionality. The main merits include: (1) the scheme needs no verification table; (2) users can freely choose their own passwords; (3) the communication and computation cost is very low; (4) users and servers can authenticate each other; and (5) it generates a session key agreed by the user and the server. Also, our proposed scheme is a nonce-based scheme which does not have a serious time-synchronization problem.

Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards

User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.

Robust authentication and key agreement scheme preserving the privacy of secret key

In ubiquitous computing environments, people may obtain their services from application servers by using mobile devices at any time and anywhere. For convenience, most of those devices are small and of limited power and computation capacity. In this paper, we propose a robust user authentication and key agreement scheme suitable for ubiquitous computing environments. The main merits include: (1) a security-sensitive verification table is not required in the server; (2) the password can be chosen and changed freely by the clients and cannot be derived by the privileged administrator of the server; (3) all well-known security threats are solved in our proposed scheme; (4) the scheme does not have a serious time-synchronization problem; (5) the client and the server can establish a common session key; (6) the scheme is practical and efficient; (7) the scheme can preserve the privacy of the clients secret key even if the secret information stored in a smart card is compromised.

Anonymous channel and authentication in wireless communications

In this paper, we propose a scheme for providing anonymous channel service in wireless communications. By this service, many interesting applications, such as electronic elections, anonymous group discussions, with user identification confidential can be easily realized. No one can trace a senders identification and no one but the authority centre can distinguish an anonymous message from a normal message when a user uses the anonymous channel. The user anonymity in our scheme is neither based on any trusted authority nor on the cooperation of all potential senders. Our scheme can be easily applied to existing wireless systems, such as GSM and CDPD, without changing their underlying structures.

Efficient password authenticated key agreement using bilinear pairings

For providing a secure distributed computer environment, efficient and flexible user authentication and key agreement is very important. In addition to user authentication and key agreement, identity privacy is very useful for users. In this paper, we propose an efficient and flexible password authenticated key agreement scheme using bilinear pairings. The main merits include: (1) there is no need for any password or verification table in the server; (2) users can choose or change his own password freely; (3) both the server and a user can authenticate each other; (4) it can protect the users privacy; (5) the user and the server can generate a session key; (6) it does not have a serious synchronization-clock problem; (7) even if the secret information stored in a smart card is compromised, it can prevent the offline dictionary attack.

User authentication scheme with privacy-preservation for multi-server environment

New user authentication schemes for multiple-servers environment were proposed by Liao-Wang and Tsai. In their schemes, application servers do not need to maintain a verification table and this admired merit is not addressed by previous scholarship. Besides, the privacy of users is also addressed in Liao-Wangs scheme. In this article, we show that their schemes are not secure against the server spoofing and the impersonation attacks. Then we propose a robust user authentication scheme to withstand these attacks and keep the same merits.

Two efficient two-factor authenticated key exchange protocols in public wireless LANs

Recently, Parks et al. proposed an authentication and key agreement protocol for low-power PDAs in public wireless LANs using two factors including a password and a token, e.g. a smart card. They claimed that their proposed scheme provided mutual authentication, identity privacy, half-forward secrecy and low computation cost for a client including just one symmetric key encryption and five hash operations. In this paper, we point out that Park et al.s protocol is vulnerable to the dictionary attack upon identity privacy. We propose two schemes with mutual authentication, half-forward secrecy, lower computation cost and less exchanged messages than Park et al.s protocol. In additional to these properties, identity privacy, which is not satisfied by Park et al.s protocol, is also provided by our second scheme.

D-cash: A flexible pre-paid e-cash scheme for date-attachment

The electronic payment system is one of the most important success factors in electronic commerce. In this paper, we propose D-Cash, a practical and flexible date-attachment pre-paid e-cash scheme. Briefly speaking, there are three important dates, including the withdrawal date, the effective date and the deposit date, in an e-coin lifetime before it is deposited in the bank. In pre-paid systems, the withdrawal date and the effective date are important to customers and merchants if the interest of e-cash is considered. Although several pre-paid schemes for date-attachment have been proposed, the interest of e-cash during the withdrawal date and the effective date is ignored. In D-Cash, the interest of e-cash during the withdrawal date and the effective date is addressed for attracting customers to use the pre-paid e-cash schemes, the attachment and management of dates are more simple and flexible than other date-attachment e-cash schemes, and the untraceability property is also preserved.

Refereed paper: A collision-free secret ballot protocol for computerized general elections

In secret ballot protocols, the unique voting property is crucial since without it a voter may vote more than once or his ballot may collide with others and be discarded by the authority. In this paper we present a collision-free secret ballot protocol based on the uniquely blind signature technique. Our proposed scheme can be used to hold large-scale general elections because it ensures independence among voters without the need for any global computation. This scheme preserves the privacy of a voter against the authority and other voters. Robustness is ensured in that no subset of voters can corrupt or disrupt the election. The verifiability of this protocol ensures that the authority cannot present a false tally without being caught.