Yao-Hsin Chen

PassMap: a map based graphical-password authentication system

Text passwords have been used in authentication systems for many decades. Users must recall the textual strings selected during registration to pass authentication. However, there are some serious problems with text passwords---recollection and security. Hence, various graphical-password authentication systems have been proposed to solve the problems of text passwords. Previous studies indicate that humans are better at recognizing and recalling images than texts. In 2005, Wiedenbeck et al. proposed PassPoints in which a password consists of a sequence of click-points (5 to 8) that a user chooses on an image. In the paper, we proposed an alternative system in which users can memorize fewer points while providing more security than PassPoints. Based on the idea of using an extremely large image as the password space, we propose a novel world map based graphical-password authentication system called PassMap in which a password consists of a sequence of 2 click-points that a user selects on an large world map. We also conducted a user study for evaluation. The result shows that the passwords of PassMap are easy to memorize for humans and PassMap is friendly to use in practice. Furthermore, PassMap provides higher entropy than PassPoints and also increases the cost of attacks.

Eliminating rouge femtocells based on distance bounding protocol and geographic information

Recently, femtocell solutions have been attracting increasing attention since coverage for broadband radios can effectively eliminate wireless notspots. To restrict malicious subscribers from accessing femtocells, 3G/WiMAX standards introduce an access control strategy, called Closed Subscriber Group (CSG). However, CSG only prevents malicious clients, but not rouge femtocells. In 2009, Han et al. proposed the first mutual authentication mechanism. This mechanism does not consider the case that an attacker can locate femtocells in an unregistered area even these femtocells are legitimate. In this paper, we first define two attacks, sinkhole and wormhole attacks, in femtocell-enabled mobile networks. Then, we design two approaches based on distance bounding protocols and geographic information to defend against these two attacks. In our design, a subscriber can confirm whether or not the femtocell he connected with is physically-present. Experiment results demonstrate that the distance bounding protocol can estimate an approximate distance between a subscribers device and the deployed femtocell. Moreover, femtocells that are deployed inside or outside can both be identified and distinguished without the bias of signal strength based on our design.

Secure and Efficient Handover Schemes for Heterogeneous Networks

With the rapid development of wireless communication, mobile users are able to manually switch their network interfaces to different types of networks. The IEEE 802.21 Draft Standard was proposed to integrate the Media Independent Handover (MIHs) between the wireless network interfaces, such as WiFi, WiMAX, 3 GPP, and 3GPP2. However, it may not hold the seamless roaming character and does not provide the security mechanism.In this paper, we propose an efficient handover mechanism among WiFi and WiMAX networks to meet the seamless roaming character by reducing the authentication processes. In addition, the proposed scheme involves security mechanisms that guarantee the handover messages to be secure and maintain the authenticity for the reduced steps.

A collaborative routing protocol against routing disruptions in MANETs

Mobile ad hoc networks (MANETs) are vulnerable to active attacks, such as dropping attacks, replay attacks, collusion attacks, and tampering attacks. Many researches have been proposed to provide security transmission. However, they cannot effectively and efficiently resist colluding attacks. Therefore, we propose a collaborative routing protocol (CRP) to detect and isolate colluding attackers via monitor mechanism. Monitor nodes observe and record the behavior of intermediate nodes. Based on the records of intermediate nodes, source node can distinguish malicious nodes and isolate them. Finally, security analyses and simulation verify that CRP can effectively and efficiently resist black hole attacks, gray hole attacks, modify and fake packet attacks, rushing attacks, and collusion attacks.

The design and implementation of IPSec conflict avoiding and recovering system

IPSec has been popularly used in protecting data over IP network; however, how to detect and avoid policy conflicts is a big challenge. Under current architecture, user- space process can directly manipulate security associations database (SADB) or security policies database (SPDB) causing inter-application conflict, lack of access control, lack of conflict avoiding and recovering, and conflict diffusion. Previous proposed algorithms can only detect conflicts afterward instead of preventing them in advance. Therefore we propose a new architecture to avoid conflicts and provide recovery mechanism. Finally, we implement these functionalities and the evaluation of performance shows that this architecture is realistic and practical.