This page has only limited features, please log in for full access.
Hung-Yu Chien received a B.S. degree in Computer Science from NCTU, Taiwan, 1988, an M.S. degree in Computer and Information Engineering from NTU, Taiwan, 1990, and a doctoral degree in applied mathematics at NCHU 2002. He was an assistant researcher at TL, MOTC, Taiwan, the Director of the Computer Center at Nan-Kei College, an associate professor at Chaoyang University of Technology; he has been a professor at National Chi Nan University since 1998. He has won outstanding faculty research awards from the Taiwan National Science Council since 2011. He is a Chinese Association for Information Security member and an IEEE member. His research interests include cryptography, networking, network security, ontology, Internet-of-Things, and applying machine learning on multispectral data.
Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash-based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios.
Hung-Yu Chien. Dynamic Public Key Certificates with Forward Secrecy. Electronics 2021, 10, 2009 .
AMA StyleHung-Yu Chien. Dynamic Public Key Certificates with Forward Secrecy. Electronics. 2021; 10 (16):2009.
Chicago/Turabian StyleHung-Yu Chien. 2021. "Dynamic Public Key Certificates with Forward Secrecy." Electronics 10, no. 16: 2009.
Secure group key distribution is essential for many group-oriented applications such as sensor networks, multimedia broadcast services, and Internet of Things (IoT) scenarios. There are several challenges and requirements in designing secure group key distribution. Among them, computational efficiency, communication efficiency, adaptability to dynamic group membership change, robustness to various security threats, self-healing capacities, and source authentication are desirable. It is very challenging to design an efficient group distribution that satisfies all the requirements and challenges. Based on block codes, we propose an efficient self-healing group key distribution that facilitates both message source authentication and secure group key distribution, where the source identification and authentication can facilitate intrusion detection and identification. Both the privacy of the group key and the authentication of message sources are computationally secure. To the best of our knowledge, it is the first codes-based scheme that satisfies all the above requirements and facilitates message source authentication. The merits of the proposed scheme include the following: (1) it is highly efficient in terms of computation and communication, (2) it provides self-healing capacities for unstable environments, (3) it is very robust to various security threats and attacks, (4) it facilitates both message source authentication and secure group key distribution, and (5) it greatly improves the communication performance, compared to the state-of-the-art schemes. The security properties are analyzed, and the performance evaluations confirm its efficiency and practicality.
Hung-Yu Chien. Self-Healing Group Key Distribution Facilitating Source Authentication Using Block Codes. Security and Communication Networks 2021, 2021, 1 -11.
AMA StyleHung-Yu Chien. Self-Healing Group Key Distribution Facilitating Source Authentication Using Block Codes. Security and Communication Networks. 2021; 2021 ():1-11.
Chicago/Turabian StyleHung-Yu Chien. 2021. "Self-Healing Group Key Distribution Facilitating Source Authentication Using Block Codes." Security and Communication Networks 2021, no. : 1-11.
Resource limitation is quite popular in many Internet of Things (IoT) devices and eavesdropping on the identities of IoT devices could reveal the sensitive information; therefore, high efficiency (computation and communication) and anonymity protection are two desirable properties in IoT authentication and in device-to-device (D2D) authentication. Conventionally, dynamic pseudonyms are widely adopted to protect the device identity privacy in IoT authentication and in D2D communications; however, the conventional mechanisms of pseudonym-renewing and pseudonym-bound-public-keys updating could be very costly or be vulnerable to the desynchronization-based denial-of-service (DoS) attacks. In this paper, we propose a novel 2-level composite hashing (2LCH) mechanism to mitigate the problems, and propose the 2LCH-based anonymous IoT and D2D authentication schemes. The schemes simultaneously achieve high efficiency and strong anonymity for such environments; once two devices successfully complete one instance of the server-assist anonymous authentication, they can run several instances of the direct D2D anonymous authentication without the involvement of the server. The merits of the schemes include: (1) high efficiency in terms of computation and communication; (2) easy and efficient generation/synchronization of dynamic pseudonyms; (3) robustness to both desynchronization-based DoS attacks and the unreliable connections; (4) easy application to the existent IoT architectures and standards; and (5) formal security verification.
Hung-Yu Chien. Two-Level-Composite-Hashing Facilitating Highly Efficient Anonymous IoT and D2D Authentication. Electronics 2021, 10, 789 .
AMA StyleHung-Yu Chien. Two-Level-Composite-Hashing Facilitating Highly Efficient Anonymous IoT and D2D Authentication. Electronics. 2021; 10 (7):789.
Chicago/Turabian StyleHung-Yu Chien. 2021. "Two-Level-Composite-Hashing Facilitating Highly Efficient Anonymous IoT and D2D Authentication." Electronics 10, no. 7: 789.
We investigated a light emitting diode (LED) lighting system applied to a water bamboo field during winter season at night, and the results indicated that this lighting system can prevent the stunting of water bamboo leaves and further assist its growth. Compared with previous LED systems, in which the LED bulbs were placed directly above water bamboo leaves, our LED lighting system presents the benefit of easy handling during harvest. To prevent the inhomogeneous coverage of LED light patterns, a new design of LED lenses was also incorporated.
Vincent K. S. Hsiao; Teng-Yun Cheng; Chih-Feng Chen; Hao Shiu; Yong-Jin Yu; Chun-Fu Tsai; Pin-Chen Lai; Min-Chia Tsai; Chih-Chi Yang; Hung-Yu Chien; Ku-Fan Chen; Yung-Pin Tsai. Optimized LED-Integrated Agricultural Facilities for Adjusting the Growth of Water Bamboo (Zizania latifolia). Applied Sciences 2020, 10, 1330 .
AMA StyleVincent K. S. Hsiao, Teng-Yun Cheng, Chih-Feng Chen, Hao Shiu, Yong-Jin Yu, Chun-Fu Tsai, Pin-Chen Lai, Min-Chia Tsai, Chih-Chi Yang, Hung-Yu Chien, Ku-Fan Chen, Yung-Pin Tsai. Optimized LED-Integrated Agricultural Facilities for Adjusting the Growth of Water Bamboo (Zizania latifolia). Applied Sciences. 2020; 10 (4):1330.
Chicago/Turabian StyleVincent K. S. Hsiao; Teng-Yun Cheng; Chih-Feng Chen; Hao Shiu; Yong-Jin Yu; Chun-Fu Tsai; Pin-Chen Lai; Min-Chia Tsai; Chih-Chi Yang; Hung-Yu Chien; Ku-Fan Chen; Yung-Pin Tsai. 2020. "Optimized LED-Integrated Agricultural Facilities for Adjusting the Growth of Water Bamboo (Zizania latifolia)." Applied Sciences 10, no. 4: 1330.
Smart Grid (SM) facilitates the intelligent generation, management, and distribution of electricity. It will be a very important service in our daily lives, and the security and privacy protection of the information and the structure is critical. Privacy-Preserving Data Aggregation (PPDA) in smart grids aims at collecting the aggregated power generation or consumption while protecting the privacy of each individual Smart Meter (SM). Li et al.’s Privacy-Preserving Multisubset data Aggregation (PPMA) (Li et al. in IEEE Trans Ind Inf 14(2):462–471, 2018 [1]) is at the cutting edge of PPDA schemes. Li et al.’s PPMA scheme, in addition to the total aggregated electricity, further provides the number of users whose electricity consumptions fall within an interested range and the aggregated quantity of the specified range. However, the requirement of strict time synchronization and no single SM failure makes the scheme un-attractive to practical application. We propose a new PPMA scheme that facilitates flexible SM deployment, independent SM status reporting without strict synchronization, and fault tolerance to any SM failure as long as at least two well-function SMs.
Hung-Yu Chien; Chunhua Su. A Fault-Tolerant and Flexible Privacy-Preserving Multisubset Data Aggregation in Smart Grid. Econometrics for Financial Applications 2019, 165 -175.
AMA StyleHung-Yu Chien, Chunhua Su. A Fault-Tolerant and Flexible Privacy-Preserving Multisubset Data Aggregation in Smart Grid. Econometrics for Financial Applications. 2019; ():165-175.
Chicago/Turabian StyleHung-Yu Chien; Chunhua Su. 2019. "A Fault-Tolerant and Flexible Privacy-Preserving Multisubset Data Aggregation in Smart Grid." Econometrics for Financial Applications , no. : 165-175.
To facilitate the successful deployments of the Internet of Things (IoT) applications, the support of secure and efficient communication protocol and architecture is inevitable. Owing to its lightweight and easiness, the Message Queue Telemetry Transport (MQTT) has become one of the most popular communication protocols in the Internet-of-Things (IoT). However, the security supports in the MQTT are very weak: it assumes the security support from the underlying Secure Sockets Layer (SSL). The weakness incurs several key drawbacks. One is the support of SSL capacities is a pressure for those resources-constrained devices. One another and very important one is the lack of the support of secure group communication. Without efficient and secure group communication support, the MQTT-based IoT systems would suffer from deteriorated computational and communication performance, especially when there are tons of IoT devices accessing the systems. In this paper, we design a secure MQTT group communication framework in which each MQTT application would periodically updates the group key and the data communication can be efficiently and securely encrypted by the group keys. Both our prototype system and the analysis show that our design can improve the performance of security, computation, and communication.
Hung-Yu Chien; Xi-An Kou; Mao-Lun Chiang; Chunhua Su. Secure and Efficient MQTT Group Communication Design. Econometrics for Financial Applications 2019, 177 -186.
AMA StyleHung-Yu Chien, Xi-An Kou, Mao-Lun Chiang, Chunhua Su. Secure and Efficient MQTT Group Communication Design. Econometrics for Financial Applications. 2019; ():177-186.
Chicago/Turabian StyleHung-Yu Chien; Xi-An Kou; Mao-Lun Chiang; Chunhua Su. 2019. "Secure and Efficient MQTT Group Communication Design." Econometrics for Financial Applications , no. : 177-186.
Applying Internet-of-Things (IoT) technologies in various agriculture challenges and ecosystem challenges not only can reduce the man efforts but also improve the productivity and the efficiency. Among many agriculture or ecosystem challenges, monitoring bees is one of the most interesting and imperative ones, as bees play a critical role in both the ecosystem and the agriculture and their habitats are under very serious pressures. Even though there are several commercial beehive monitoring systems on the market, localization and customization of such systems is inevitable, due to various environments, climates, box designs, or various bee-keeping practices. In this article, we introduce the challenges here in Taiwan and the design to cope these challenges. Based on some low-cost components (like raspberry pi, various sensors, and communication facilities) on the market, we design our bee monitoring system which can monitor various environment data (like temperature, humidity, and GPS) and bee data (like bee sound and infra-red images). The prototype has been tested in the field, and we are evaluating its effectiveness.
Yi-Liang Chen; Hung-Yu Chien; Ting-Hsuan Hsu; Yi-Jhen Jing; Chun-Yu Lin; Yi-Chun Lin. A Pi-Based Beehive IoT System Design. Advances in Intelligent Systems and Computing 2019, 535 -543.
AMA StyleYi-Liang Chen, Hung-Yu Chien, Ting-Hsuan Hsu, Yi-Jhen Jing, Chun-Yu Lin, Yi-Chun Lin. A Pi-Based Beehive IoT System Design. Advances in Intelligent Systems and Computing. 2019; ():535-543.
Chicago/Turabian StyleYi-Liang Chen; Hung-Yu Chien; Ting-Hsuan Hsu; Yi-Jhen Jing; Chun-Yu Lin; Yi-Chun Lin. 2019. "A Pi-Based Beehive IoT System Design." Advances in Intelligent Systems and Computing , no. : 535-543.
Honey has been one previous natural food in human history. However, as the supply cannot satisfy the market demand, many incidents of adulterated and fraudulent honey have been reported. In Taiwan, some common adulterated honey and fraudulent honey incidents include (1) mixing honey with fructose, (2) importing cheap honey abroad but labeling them as domestic honey, and (3) labeling cheaper honey (for example, nectar and lychee honey) as high-price honey (for example, longan honey). It is very difficult for consumers to tell the genuineness of the labeling of honey. To protect consumers and honest honey producers, we aim at exploring and developing an efficient and convenient technology that can effectively classify honey. We analyze the infrared spectra of honey samples and apply machine learning technologies to classify honey. The experimental results confirm that this technology can effectively distinguish several main honey types in Taiwan. This technology has the advantages of non-destruction, immediacy, and low manpower. It can serve as an effective tool to fast screen honey products.
Hung-Yu Chien; An-Tong Shih; Bo-Shuen Yang; Vincent K. S. Hsiao. Fast honey classification using infrared spectrum and machine learning. Mathematical Biosciences and Engineering 2019, 16, 6874 -6891.
AMA StyleHung-Yu Chien, An-Tong Shih, Bo-Shuen Yang, Vincent K. S. Hsiao. Fast honey classification using infrared spectrum and machine learning. Mathematical Biosciences and Engineering. 2019; 16 (6):6874-6891.
Chicago/Turabian StyleHung-Yu Chien; An-Tong Shih; Bo-Shuen Yang; Vincent K. S. Hsiao. 2019. "Fast honey classification using infrared spectrum and machine learning." Mathematical Biosciences and Engineering 16, no. 6: 6874-6891.
Now, Internet of Things (IoT) brings people innovative experiences and applications through connectivity of numerous computing devices. In these applications, computing devices generate and exchange a large number of critical and sensitive data. Typically, these computing devices are putted on some unprotected environments that make them to be attractive attack targets while easily suffering from a new kind of threat, called “side-channel attacks By side-channel attacks, an adversary could obtain partial information of secret values (or internal states) stored in these devices by observing execution timing or energy consumption. However, most adversary models of previous cryptographic schemes/protocols do not concern with such side-channel attacks. Indeed, leakage-resilient cryptography is a flexible solution for resisting to side-channel attacks. So far, little work focuses on the design of leakage-resilient certificate-based encryption (LR-CBE) schemes. In the article, we propose the first LR-CBE scheme resilient to continuous key leakage of user's private keys, system secret key and random values. In the generic bilinear group model, security analysis is given to show that the proposed LR-CBE scheme is provably secure against chosen cipher-text attacks under the continual leakage model. Performance evaluation is made to demonstrate that our scheme is suitable for embedded devices.
Yuh-Min Tseng; Jui-Di Wu; Ruo-Wei Hung; Hung-Yu Chien. Leakage-Resilient Certificate-based Encryption Scheme for IoT Environments. 2018 9th International Conference on Awareness Science and Technology (iCAST) 2018, 251 -256.
AMA StyleYuh-Min Tseng, Jui-Di Wu, Ruo-Wei Hung, Hung-Yu Chien. Leakage-Resilient Certificate-based Encryption Scheme for IoT Environments. 2018 9th International Conference on Awareness Science and Technology (iCAST). 2018; ():251-256.
Chicago/Turabian StyleYuh-Min Tseng; Jui-Di Wu; Ruo-Wei Hung; Hung-Yu Chien. 2018. "Leakage-Resilient Certificate-based Encryption Scheme for IoT Environments." 2018 9th International Conference on Awareness Science and Technology (iCAST) , no. : 251-256.
Applying Internet-of-Things (IoT) technologies in agriculture not only can reduce the man efforts but also improve the productivity and the efficiency. Through the IoT technologies, one can collect various data like luminosity, temperature, humidity, PH value, etc to analyze and control the facilities. In this study, we focus on exploring the application of the infra-red data on agriculture IoT systems, in addition to the design of our green-house IoT system. Through the infra-red data, we can analyze various biological data of the plants and the fruits. Based on several low-cost devices (like Raspberry pi, NoIR camera, thermal camera, various sensors), some open source platforms, and the Splunk software, we design and build an green-house IoT system that not only collects various environment data but also analyze the biological data of plants via the infra-red data. Some preliminary experiments and analysis are given in this paper. The results show that low-cost infra-red devices could have a great potential contribution to improving agriculture practice.
Hung-Yu Chien; Yuh-Min Tseng; Ruo-Wei Hung. Some Study of Applying Infra-Red in Agriculture IoT. 2018 9th International Conference on Awareness Science and Technology (iCAST) 2018, 1 -5.
AMA StyleHung-Yu Chien, Yuh-Min Tseng, Ruo-Wei Hung. Some Study of Applying Infra-Red in Agriculture IoT. 2018 9th International Conference on Awareness Science and Technology (iCAST). 2018; ():1-5.
Chicago/Turabian StyleHung-Yu Chien; Yuh-Min Tseng; Ruo-Wei Hung. 2018. "Some Study of Applying Infra-Red in Agriculture IoT." 2018 9th International Conference on Awareness Science and Technology (iCAST) , no. : 1-5.
Authenticating the Internet-of-Things (IoT) devices in mobile systems is extremely challenging, because there will be billions of the IoT devices. Most existent proposals only focus on reducing the number of interactions to reduce the authentication overhead. However, there are several critical issues that need to be tackled. In this paper, we address the aggregated authentication overhead issue, the secure key agreement challenges, and the homogeneous trust and authorization issue in the mobile-system-based IoT scenarios. Based on the range-bound key assignment technique and our grouping mechanism, we propose the group-oriented-range-bound authenticated key agreement to solve these challenges. The main contributions are threefold. First, it drastically reduces the aggregated authentication overhead. Second, it greatly improves the security properties of the key agreement. Third, it facilitates the service providers the fine-grained control of the authentication delegation. To the best of our knowledge, the scheme demands the least authentication overhead among its counterparts; it is the first key agreement scheme that deals specifically with the homogeneous trust and authorization issue and facilitates the dynamic and adaptive authentication delegation. The security properties of the key agreement schemes are verified using a formal security verification tool, the AVISPA, and are analytically proved.
Hung-Yu Chien. Group-Oriented Range-Bound Key Agreement for Internet of Things Scenarios. IEEE Internet of Things Journal 2018, 5, 1890 -1903.
AMA StyleHung-Yu Chien. Group-Oriented Range-Bound Key Agreement for Internet of Things Scenarios. IEEE Internet of Things Journal. 2018; 5 (3):1890-1903.
Chicago/Turabian StyleHung-Yu Chien. 2018. "Group-Oriented Range-Bound Key Agreement for Internet of Things Scenarios." IEEE Internet of Things Journal 5, no. 3: 1890-1903.
Greenhouse agriculture has the advantage of protecting the plants from outside harsh conditions and providing suitable conditions for plant growth; it can effectively improve the crop yield and quality. But the traditional monitoring/control system of greenhouse construction costs a lot and the traditional control interface is not friendly (some are just manual setting); it is, therefore, not very cost-effective, friendly and high-productive. With the advent of the cloud computing and low-cost Internet-of-Things (IoT) systems, we can apply these low-cost and effective technologies to monitor environment conditions/plant growth and control the facilities. In addition to conveniently monitor/control greenhouse facilities, a real-time platform to dynamically analyzing the collected data can greatly improve the efficiency of greenhouse cultivation, maintenance costs and decision making. In this study, a low-cost greenhouse monitoring system is developed for small-sized and medium-sized greenhouse installations with real-time data analysis. With RethinkDB, raspyberry pi, tornado, and Splunk, we develop an efficient-and-effective greenhouse system to achieve the above goals. This system design acts as a promising solution/bridge toward the final precise agriculture.
Yi-Jui Chen; Hung-Yu Chien. IoT-based green house system with splunk data analysis. 2017 IEEE 8th International Conference on Awareness Science and Technology (iCAST) 2017, 260 -263.
AMA StyleYi-Jui Chen, Hung-Yu Chien. IoT-based green house system with splunk data analysis. 2017 IEEE 8th International Conference on Awareness Science and Technology (iCAST). 2017; ():260-263.
Chicago/Turabian StyleYi-Jui Chen; Hung-Yu Chien. 2017. "IoT-based green house system with splunk data analysis." 2017 IEEE 8th International Conference on Awareness Science and Technology (iCAST) , no. : 260-263.
A three-party authenticated key agreement (3PAKA) scheme is a protocol that enables a pair of registered clients to establish session keys via the help of a trusted server such that each client pre-shares its secret key with the server only. This approach greatly improves the scalability of key agreement protocols and provides better user convenience. Conventionally, 3PAKA-like many other key agreement schemes are based on the classic computational Diffie–Hellman problem (CDHP) to establish the session keys, and each client requires at least two modular exponentiations. However, as more and more mobile devices with limited resources are becoming popular, it is desirable to reduce the computational load for those clients while still preserving its strong security. In this paper, based on the modified CDHP, we propose new 3PAKA schemes which require only four message steps and reduce clients’ exponentiation computations up to 50%, compared to those schemes that are based on the CDHP and provide the same functions. The security of the proposed schemes is formally proved. The excellent performance makes them very attractive to those clients with limited resources.
Hung-Yu Chien. Using the Modified Diffie–Hellman Problem to Enhance Client Computational Performance in a Three-Party Authenticated Key Agreement. Arabian Journal for Science and Engineering 2017, 43, 637 -644.
AMA StyleHung-Yu Chien. Using the Modified Diffie–Hellman Problem to Enhance Client Computational Performance in a Three-Party Authenticated Key Agreement. Arabian Journal for Science and Engineering. 2017; 43 (2):637-644.
Chicago/Turabian StyleHung-Yu Chien. 2017. "Using the Modified Diffie–Hellman Problem to Enhance Client Computational Performance in a Three-Party Authenticated Key Agreement." Arabian Journal for Science and Engineering 43, no. 2: 637-644.
Air pollution has become a major threat today and the related respiration illnesses have deteriorated the wellness of many people. Herb, as one option of the medicine and also as diet, can provide very promising solution to the above threats. However, even though herbs are easily accessible in every cultures and areas, the knowledge of applying herbs on improving health is complicated and it takes quite lots of efforts to acquire the knowledge. In this paper, we design an ontology-based herb therapy recommendation web for respiration system health.
Hung-Yu Chien; Jian-Fan Chen; Yu-Yu Chen; Pei-Syuan Lin; Yi-Ting Chang; Rong-Chung Chen. An Ontology-Based Herb Therapy Recommendation for Respiration System. Advances in Intelligent Information Hiding and Multimedia Signal Processing 2017, 74 -81.
AMA StyleHung-Yu Chien, Jian-Fan Chen, Yu-Yu Chen, Pei-Syuan Lin, Yi-Ting Chang, Rong-Chung Chen. An Ontology-Based Herb Therapy Recommendation for Respiration System. Advances in Intelligent Information Hiding and Multimedia Signal Processing. 2017; ():74-81.
Chicago/Turabian StyleHung-Yu Chien; Jian-Fan Chen; Yu-Yu Chen; Pei-Syuan Lin; Yi-Ting Chang; Rong-Chung Chen. 2017. "An Ontology-Based Herb Therapy Recommendation for Respiration System." Advances in Intelligent Information Hiding and Multimedia Signal Processing , no. : 74-81.
Authentication and key agreement (AKA) is a challenge-response-like security protocol that uses symmetric-key cryptography to establish authenticated keys between 2 parties. Its application in the third-generation mobile system universal mobile telecommunications system (UMTS) is called UMTS-AKA, and the version applied in the fourth-generation mobile communication system long-term evolution (LTE) is called LTE-AKA. Both UMTS-AKA and LTE-AKA share the same weakness: the network operators need to maintain a large space of authentication vectors for visiting stations, and the transmission of the vectors causes lots of overhead. This weakness will be amplified when there are billions of devices accessing the network in the Internet-of-things scenarios. In addition, these schemes provide only key distribution (not key agreement) and cannot provide session key forward secrecy. In this paper, we propose a range-bound key assignment technique to tackle the challenges. The proposed scheme drastically reduces the communication overhead and greatly strengthens the security robustness. The securities are analyzed and are verified using the AVISPA toolset.
Hung-Yu Chien. An effective approach to solving large communication overhead issue and strengthening the securities of AKA protocols. International Journal of Communication Systems 2017, 31, e3381 .
AMA StyleHung-Yu Chien. An effective approach to solving large communication overhead issue and strengthening the securities of AKA protocols. International Journal of Communication Systems. 2017; 31 (1):e3381.
Chicago/Turabian StyleHung-Yu Chien. 2017. "An effective approach to solving large communication overhead issue and strengthening the securities of AKA protocols." International Journal of Communication Systems 31, no. 1: e3381.
Group authentication aims at facilitating efficient authentication of a group of provers by a group of verifiers. A new group authentication scheme is proposed to improve the security of existent asynchronous group authentication schemes and to achieve better computational performance. The new scheme allows any groups of legitimate members to execute multiple authentication trials even under the participation of active attackers.1. IntroductionAuthentication is a must for securing computer and network applications. Conventional authentications, either user authentication or device authentication, all focus on the one-to-one scenario where one verifier aims at verifying the legitimacy of one prover at one time. As more and more Internet-of-Things (IoTs) [1, 2] applications and many social networking applications require the authentication of a group of participants efficiently, these many-to-many authentication scenarios call for new kinds of group authentications in which many verifiers would like to verify the legitimacy of many provers at one time to save cost and increase efficiency.Based on Shamir’s secret sharing [3], Harn [4] proposed three group authentication schemes, where t represents the minimum threshold of participants, denotes the number of participants in one trial, and denotes the total number of members of the group. As long as the number and all these participants are legitimate, the group authentication succeeds; otherwise, it fails. These group authentication schemes can efficiently authenticate a group of legitimate entities or act as a preprocess to detect the existence of any illegitimate participants. One of Harn’s group authentication schemes is synchronous group authentication in which all participants are required to release their secret tokens simultaneously; otherwise, an illegitimate participant might forge valid tokens, using the released tokens of others. The other two schemes are the asynchronous group authentication and the asynchronous group authentication with multiple authentications; we, respectively, call them Harn’s asynchronous GAS1 and Harn’s asynchronous GAS2 in the rest of this paper. The two schemes all allow the participants release their tokens asynchronously; Harn’s asynchronous GAS2 further provides the group to execute multiple authentications (to recover multiple system secrets) using the same set of predistributed tokens.This paper would focus on the asynchronous schemes because the synchronous case is impractical. We find that Harn’s two asynchronous schemes could not support legitimate entities execute multiple trials even if the specific secret is not yet recovered. This weakness has two implications; if the groups of entities try several times to recover a specific secret (for group authentications), then an attacker might derive entities’ tokens and further derive the system secret; if the system only allows at most one trial for any specific secret (corresponds to a specific group authentication), then an attacker can easily paralyze the system by simply releasing invalid tokens. In Harn’s publication [4], it only emphasizes that once a secret is recovered, then the corresponding group authentication is no longer valid; however, the security of the cases that the members try several times for the not-yet-recovered secret has been neglected.This paper will show the weaknesses of Harn’s asynchronous schemes and propose a new scheme to conquer the weaknesses and improve the efficiency. This rest of this paper is organized as follows. Section 2 reviews Harn’s asynchronous schemes. Section 3 shows the weaknesses. Section 4 proposes our new scheme, and Section 5 analyzes its securities and evaluates its performance. Section 6 states our conclusions.2. Review of Harn’s Asynchronous Group Authentication Schemes (GAS)The schemes consist of two phases: the initialization phase and the group authentication phase. The group manager (GM) initializes the system parameters and assigns each registered entity some secret tokens in the initialization phase. Then, any groups of legitimate entities with can execute the group authentication to verify the legitimacy of the participating entities.2.1. Asynchronous GAS-Harn’s Asynchronous GAS1Initially, the group manager (GM) selects (where ) random polynomials with degree , , where is a prime and . He also generates and assigns secret tokens , to each entity , where is ’s public identity. For any secret , the GM finds integers , in GF(), such that , where for every pair of and . The GM publishes these parameters , and , where is a secure cryptographic hash function.When entities would like to authenticate each other, each computes and releases . After gathering all the released values, the participants compute and verify whether the equation holds. If the verification succeeds, then the group authentication succeeds; otherwise, it fails. This scheme only allows one valid group authentication.2.2. Asynchronous GAS with Multiple Authentications-Harn’s Asynchronous GAS2The asynchronous GAS with multiple authentications allows the tokens to be reused for multiple authentications (for multiple secrets).Initially, the GM selects two large primes and , such that divides , GF(q) is a subgroup of GF(), and every is a generator for the subgroup GF(). The GM selects two random polynomials, , having degree each with coefficients in GF(p). The GM generates tokens, , for each registered member . The GM selects multiple secrets s. For each secret , the GM selects , in GF(q), where . The secret is determined as . The GM publishes these numbers , and .When entities would like to perform the group authentication corresponding to the reconstruction of the secret , each participant computes and . Each releases . After collecting all , the participating entities compute and check whether holds. If it holds, then the group authentication succeeds; otherwise, it fails.3. The Weaknesses of Harn’s Asynchronous SchemesWe find that both Harn’s asynchronous GAS1 and Harn’s asynchronous GAS2 share one critical weakness. The schemes perform group authentication by recovering and verifying the sealed secret. If the schemes allow users to launch several trials before the secret is recovered, then an attacker would recover both the system secrets and the users’ secret tokens by joining the process several times. On the other hand, if each secret only allows one trial of authentication no matter whether the specific secret is recovered or not, then the system is vulnerable to Denial of Service (DOS) attacks by simply releasing a false value to spoil the authentication instance and the group authentication function of the system. After releasing a fake data, any groups of valid members can no longer perform any group authentications.The key idea of our attack on Harn’s asynchronous GAS1 is introduced in the following phases.Phase 1. Even though the secret tokens s are well protected in the released value , one could solve these unknown variables s as long as he gets k distinct , where each corresponds to the value released by a specific user in an authentication instance and there is at least one member different in any pair of groups in these authentication instances; in such cases, the attacker will have k independent equations with k unknown variables s and he can solve the equations. Let denote the set of secret tokens owned by the user ; after the above attack, the attacker can acquire . Now the attacker continues the next phase to acquire the secret polynomials.Phase 2. The attacker repeatedly involves the authentication instances and acquires the secret tokens until he gets the secret tokens of more than t users. Denote these secret token set as . At this point, he organizes these secret tokens as , . Based on , the attacker applies the Lagrange polynomial equation to reconstruct the polynomials . The attacker then continues the next phase to derive the system secrets and the secret tokens of other remaining members.Phase 3. Using the polynomials , the attacker compute for the system secret. For any user and the secret tokens of that have not yet been disclosed, the attacker computes . At this point, the attacker has derived all the system secrets and all the secret tokens of all users. The minimum number of runs that the attacker should participate in is .The above attack can be easily extended to plot on Harn’s asynchronous GAS2. Attackers can acquire the secret values valid and corresponding to the secret tokens and the system secrets .Example 1. Now we take one example to demonstrate the attack process.System Initialization. Let , , , , , and be the system parameters. and are the two secret polynomials, and the system secret is . The group of users, , is with identity . gets the secret tokens , gets the secret tokens , gets the secret tokens , gets the secret tokens , gets the secret tokens , and gets the secret tokens .Now we show the attack.Attack Phase 1. Assume that the attacker participates in two runs of authentications with and, respectively, impersonates in these runs.In run 1, will getWe list the calculations as follows:In run 2, will getas follows:So now has the following independent equations in (5a), (5b), and (5c). He then solves the equations and gets . applies the Lagrange polynomial formula on and derives the polynomial , applies the formula on , and derives . Finally, he computes . He can further computes the secret tokens of other remaining members .4. An Improved Scheme That Enables Multiple Trials and Multiple AuthenticationsNow we will propose an improved scheme that not only conquers the weaknesses of Harn’s asynchronous schemes but also improves the system performance. The GM in our scheme only publishes simple public data and the members can execute group authentication with multiple authentications and multiple trials.4.1. PreliminariesWe shall propose our scheme, based on elliptic curve cryptography and bilinear pairing. W
Hung-Yu Chien. Group Authentication with Multiple Trials and Multiple Authentications. Security and Communication Networks 2017, 2017, 1 -7.
AMA StyleHung-Yu Chien. Group Authentication with Multiple Trials and Multiple Authentications. Security and Communication Networks. 2017; 2017 ():1-7.
Chicago/Turabian StyleHung-Yu Chien. 2017. "Group Authentication with Multiple Trials and Multiple Authentications." Security and Communication Networks 2017, no. : 1-7.
Various radio-frequency identification standards and products have been designed to meet various market needs. To satisfy various requirements and integrate important features of existent standards, EPCglobal (2013/11) announced the new Gen2 standard called EPC Class 2 Generation 2 version 2. Even though inheriting the name Gen2, Generation 2 version 2 goes far beyond the features and functions of Generation 2 version 1. Generation 2 version 2 is a super set of several existent radio-frequency identification standards. It opens up great opportunities of novel radio-frequency identification applications that could not be implemented using conventional radio-frequency identification standards and products. In this article, we introduce the new standards and propose one new mutual authentication scheme which protects tags’ identifications. This scheme is the first radio-frequency identification authentication that could protect tags from unauthorized tracing and unauthorized identification using coming standard-based products. The analysis shows that the proposed scheme owns better performance than their counterparts in the multi-tag setting.
Hung-Yu Chien. Efficient authentication scheme with tag-identity protection for EPC Class 2 Generation 2 version 2 standards. International Journal of Distributed Sensor Networks 2017, 13, 1 .
AMA StyleHung-Yu Chien. Efficient authentication scheme with tag-identity protection for EPC Class 2 Generation 2 version 2 standards. International Journal of Distributed Sensor Networks. 2017; 13 (3):1.
Chicago/Turabian StyleHung-Yu Chien. 2017. "Efficient authentication scheme with tag-identity protection for EPC Class 2 Generation 2 version 2 standards." International Journal of Distributed Sensor Networks 13, no. 3: 1.
The challenge of authentication for radio frequency identification (RFID) with low computing capacities call for computation-efficient authentication that can achieve mutual authentication, anonymity, and tracking resistance. The excellent performance of elliptic curve cryptography (ECC) including its strong security, its small key size and efficient computation has attracted many researchers’ attention in designing RFID authentication. Recently there are several promising ECC-based RFID authentication schemes aimed at achieving the above functions. Despite of their good performance in terms of computation and general security properties, we find that they all fall in the same security pitfall-being vulnerable to active tracking. In this paper, we identify these weaknesses and then propose a new ECC-based RFID authentication which conquers the weakness and even improves the computational performance.
Hung-Yu Chien. Elliptic Curve Cryptography-Based RFID Authentication Resisting Active Tracking. Wireless Personal Communications 2016, 94, 2925 -2936.
AMA StyleHung-Yu Chien. Elliptic Curve Cryptography-Based RFID Authentication Resisting Active Tracking. Wireless Personal Communications. 2016; 94 (4):2925-2936.
Chicago/Turabian StyleHung-Yu Chien. 2016. "Elliptic Curve Cryptography-Based RFID Authentication Resisting Active Tracking." Wireless Personal Communications 94, no. 4: 2925-2936.
Authenticated Diffie–Hellman key (D-H key) agreement is the de facto standard for establishing secure session keys in many security systems. However, the modular exponentiation computation of D-H key puts a heavy load of those thin clients like Radio Frequency IDentification (RFID), NFC and Zigbee, where either the computational capacity or the battery is limited and precious. Therefore, many standards and implementations of these thin clients opt out key agreement schemes to meet computational efficiency requirements thereby accepting some security risks. As these devices are becoming more popular and security threats are increasing, it is desirable to reduce the computational load of key agreement while still providing sound security. In this paper, we propose a new problem—the modified Computational Diffie–Hellman Problem (MCDHP) and prove its security being equivalent to the Computational Diffie–Hellman Problem. Based on the MCDHP, we propose a general technique to enhance the computational load for thin clients when establishing secure D-H keys. The proposed approach achieves the same security of conventional authenticated D-H key agreement except the perfect forward secrecy. Examples of secure applications on existing D-H key agreement schemes are demonstrated in this paper.
Hung-Yu Chien. A Generic Approach to Improving Diffie–Hellman Key Agreement Efficiency for Thin Clients. The Computer Journal 2015, 59, 592 -601.
AMA StyleHung-Yu Chien. A Generic Approach to Improving Diffie–Hellman Key Agreement Efficiency for Thin Clients. The Computer Journal. 2015; 59 (4):592-601.
Chicago/Turabian StyleHung-Yu Chien. 2015. "A Generic Approach to Improving Diffie–Hellman Key Agreement Efficiency for Thin Clients." The Computer Journal 59, no. 4: 592-601.
Authenticated Diffie-Hellman key agreement (D-H key) is the de facto building block for establishing secure session keys in many security systems. Regarding the computations of authenticated D-H key agreement, the operation of modular exponentiation is the most expensive computation, which incurs a heavy loading on those clients where either their computational capacities or their batteries are limited and precious. As client’s privacy is a big concern in several e-commerce applications, it is desirable to extend authenticated D-H key agreement to protect client’s identity privacy. This paper proposes a new problem: the modified elliptic curves computational Diffie-Hellman problem (MECDHP) and proves that the MECDHP is as hard as the conventional elliptic curves computational Diffie-Hellman problem (ECDHP). Based on the MECDHP, we propose an authenticated D-H key agreement scheme which greatly improves client computational efficiency and protects client’s anonymity from outsiders. This new scheme is attractive to those applications where the clients need identity protection and lightweight computation.
Hung-Yu Chien. Authenticated Diffie-Hellman Key Agreement Scheme that Protects Client Anonymity and Achieves Half-Forward Secrecy. Mobile Information Systems 2015, 2015, 1 -7.
AMA StyleHung-Yu Chien. Authenticated Diffie-Hellman Key Agreement Scheme that Protects Client Anonymity and Achieves Half-Forward Secrecy. Mobile Information Systems. 2015; 2015 ():1-7.
Chicago/Turabian StyleHung-Yu Chien. 2015. "Authenticated Diffie-Hellman Key Agreement Scheme that Protects Client Anonymity and Achieves Half-Forward Secrecy." Mobile Information Systems 2015, no. : 1-7.