This page has only limited features, please log in for full access.
In the current medical insurance claims process, there are problems of low efficiency and complex services. When a patient applies for medical insurance claims, he/she must go to the hospital to apply for a diagnosis certificate and receipt and then send the relevant application documents to the insurance company. The patient will not receive compensation until the company completes the verification with the patient’s hospital. However, we can improve the current dilemma through blockchain technology. Blockchain technology can effectively open up the information channels of the insurance industry and medical institutions, promote industry integration, and enhance the ability of insurance companies to obtain information. In this research, we used blockchain and smart contract technology to make the following contributions to the development of Internet insurance. First, blockchain and smart contract technology can effectively solve the problem of online underwriting. Second, it is conducive to improving supervision. Third, it is conducive to solving risk control problems. Fourth, it is conducive to effective anti-money laundering. The proposed scheme fulfills the following security requirements: mutual authentication of identities, non-repudiation between each of two roles, and other major blockchain-based security requirements. In the event of a dispute, we also proposed an arbitration mechanism to divide responsibilities.
Chin-Ling Chen; Yong-Yuan Deng; Woei-Jiunn Tsaur; Chun-Ta Li; Cheng-Chi Lee; Chih-Ming Wu. A Traceable Online Insurance Claims System Based on Blockchain and Smart Contract Technology. Sustainability 2021, 13, 9386 .
AMA StyleChin-Ling Chen, Yong-Yuan Deng, Woei-Jiunn Tsaur, Chun-Ta Li, Cheng-Chi Lee, Chih-Ming Wu. A Traceable Online Insurance Claims System Based on Blockchain and Smart Contract Technology. Sustainability. 2021; 13 (16):9386.
Chicago/Turabian StyleChin-Ling Chen; Yong-Yuan Deng; Woei-Jiunn Tsaur; Chun-Ta Li; Cheng-Chi Lee; Chih-Ming Wu. 2021. "A Traceable Online Insurance Claims System Based on Blockchain and Smart Contract Technology." Sustainability 13, no. 16: 9386.
In healthcare services, telecare medicine information systems (TMIS) is the viable solution offered currently. Moreover, to provide best security to the TMIS, it attracted the various researchers to investigate the security challenges in TMIS. Subsequently, the security of TMIS is improving but the application becoming widespread hence needs robust security technique. An efficient verifier-based 3-party authentication technique in telecare medicine information systems for data exchange, which permits only two users/patients to store their verifier in the database of an authentication server, computed using own password. The authentication system will then validate the user’s verifier and help them safely and easily share electronic medical records. In this work, we present an efficient provably secure verifier-based 3-party authentication technique using partial discrete logarithm (PDL) for exchanging data in TMIS. The presented technique not utilizing any public keys of the server, and does not require additional messages and number for key confirmation rounds. The proposed technique has higher security compared to the related verifier-based methods, has lower computational costs and fewer communications, and is therefore ideal for TMIS.
Vishesh P. Gaikwad; Jitendra V. Tembhurne; Chandrashekhar Meshram; Cheng-Chi Lee; Chun-Ta Li. An Efficient Provably Secure Verifier-Based Three-Factor Authentication Technique Using PDL for Data Exchange in TMIS. IEEE Access 2021, 9, 108586 -108600.
AMA StyleVishesh P. Gaikwad, Jitendra V. Tembhurne, Chandrashekhar Meshram, Cheng-Chi Lee, Chun-Ta Li. An Efficient Provably Secure Verifier-Based Three-Factor Authentication Technique Using PDL for Data Exchange in TMIS. IEEE Access. 2021; 9 (99):108586-108600.
Chicago/Turabian StyleVishesh P. Gaikwad; Jitendra V. Tembhurne; Chandrashekhar Meshram; Cheng-Chi Lee; Chun-Ta Li. 2021. "An Efficient Provably Secure Verifier-Based Three-Factor Authentication Technique Using PDL for Data Exchange in TMIS." IEEE Access 9, no. 99: 108586-108600.
With the rapid development of the social economy, our lives are flooded with all kinds of counterfeit products. The public’s attitude of greedy for petty and cheap has encouraged unscrupulous manufacturers to take advantage of the opportunity to provide low-cost counterfeit products, suppress the profits of legitimate manufacturers, and also make the public lose confidence in the quality of the products. At present, the most widely used anti-counterfeiting system based on QR codes on the market. However, existing traceability systems are still mostly built in a centralized manner, and the central agency provides trust guarantees, but the public still has great doubts about the credibility of the central agency. The introduction of blockchain technology can perfectly solve the lack of existing architecture and the environment. In this research, we propose an IoT-based traceable drug anti-counterfeiting management system, a comprehensive plan from drug research and development, certification, production to sales. The framework we propose meets the requirements of information security for data integrity, resistance to replay attacks, irreversible information, and non-repudiation.
Chin-Ling Chen; Yong-Yuan Deng; Chun-Ta Li; Shunzhi Zhu; Yi-Jui Chiu; Pei-Zhi Chen. An IoT-Based Traceable Drug Anti-Counterfeiting Management System. IEEE Access 2020, 8, 224532 -224548.
AMA StyleChin-Ling Chen, Yong-Yuan Deng, Chun-Ta Li, Shunzhi Zhu, Yi-Jui Chiu, Pei-Zhi Chen. An IoT-Based Traceable Drug Anti-Counterfeiting Management System. IEEE Access. 2020; 8 (99):224532-224548.
Chicago/Turabian StyleChin-Ling Chen; Yong-Yuan Deng; Chun-Ta Li; Shunzhi Zhu; Yi-Jui Chiu; Pei-Zhi Chen. 2020. "An IoT-Based Traceable Drug Anti-Counterfeiting Management System." IEEE Access 8, no. 99: 224532-224548.
In recent years, due to the rapid development of information techniques and network technologies, more and more medical documents have been replaced by electronic files for sharing and transmitting in real time. However, medical data transmitted over public communication channels may suffer from security attacks and privacy threats. Blockchain technology has been gotten many attentions in different areas due to its unique properties such as anonymity, verifiability, immutability and decentralization. In order to secure patient privacy and provide more personal healthcare services, in this paper, we propose a data aggregation scheme based on Blockchain technology for medical environments. Moreover, in order to implement remote medical monitoring, we design a group authentication mechanism for multiple authorized users (such as patient, doctors, caregivers, family and friends) to freely access patient’s personal health records. The authorized group members in a group will agree on a group session key and use it to protect patient’s sensitive information. In case of a new member joins the medical group or an old member leaves the medical group, the group session key needs to be updated at any time. Finally, the electronic medical system will become more secure, reliable and useful by our proposed scheme.
Chun-Ta Li; Dong-Her Shih; Chun-Cheng Wang; Chin-Ling Chen; Cheng-Chi Lee. A Blockchain Based Data Aggregation and Group Authentication Scheme for Electronic Medical System. IEEE Access 2020, 8, 173904 -173917.
AMA StyleChun-Ta Li, Dong-Her Shih, Chun-Cheng Wang, Chin-Ling Chen, Cheng-Chi Lee. A Blockchain Based Data Aggregation and Group Authentication Scheme for Electronic Medical System. IEEE Access. 2020; 8 (99):173904-173917.
Chicago/Turabian StyleChun-Ta Li; Dong-Her Shih; Chun-Cheng Wang; Chin-Ling Chen; Cheng-Chi Lee. 2020. "A Blockchain Based Data Aggregation and Group Authentication Scheme for Electronic Medical System." IEEE Access 8, no. 99: 173904-173917.
Radio Frequency Identification (RFID) is a wireless communication technology nowadays widely used in almost every aspect of our lives including healthcare, logistics & supply chain management, inventory tracking, race timing, access control, toll collection, and a lot more. In RFID systems, a tag usually stores private or sensitive information, and so it needs an access control mechanism. When a tag's owner is changed, the read permission of the tag needs to be transferred from the old owner to the new owner, and this is when ownership transfer schemes come into play. In fact, not only do RFID ownership transfer schemes do ownership transfer, but they have to make sure that the ownership transfer procedure is executed under proper security protection. Besides, in some particular environments, the ownership transfer would be far more efficiently done if the tags could be treated as a group instead of individual tags. Therefore, in this paper, we propose a novel group ownership transfer protocol that satisfies all important security requirements including mutual authentication, data and location privacy, forward/backward secrecy, ownership privacy, and group ownership integrity. In addition, due to the use of cloud computing, our new protocol provides ubiquitous authentication. Based on homomorphic encryption and quadratic residues, our novel RFID group ownership transfer protocol can have encrypted data efficiently processed, and the communication cost is very low. The results of our BAN logic correctness check, security analysis, and performance evaluation confirm that the new protocol is logically correct and is capable of providing high level security/privacy protection on the basis of high cost-effective performance.
Cheng-Chi Lee; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai. A novel group ownership transfer protocol for RFID systems. Ad Hoc Networks 2019, 91, 101873 .
AMA StyleCheng-Chi Lee, Chun-Ta Li, Chung-Lun Cheng, Yan-Ming Lai. A novel group ownership transfer protocol for RFID systems. Ad Hoc Networks. 2019; 91 ():101873.
Chicago/Turabian StyleCheng-Chi Lee; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai. 2019. "A novel group ownership transfer protocol for RFID systems." Ad Hoc Networks 91, no. : 101873.
As the internet makes data transmission easy and fast, digital contents of all kinds can be spread all over the world at a shocking speed. Along with such amazing swiftness and convenience, however, modern computer and communication technologies have also brought various kinds of issues associated with digital rights management. Digital rights management (DRM) systems are access control technologies used to restrict the use, modification, and distribution of proprietary hardware and copyrighted works. Now, in view of modern people's heavy dependence on their mobile devices, we consider it a good idea to design a DRM scheme on the basis of elliptic curve cryptography (ECC). In this paper, we shall review Amin et al.'s (2016) scheme and point out some security weaknesses we have found. Then, with the security flaws mended, we shall propose an improved ECC-based protocol for DRM that is especially suitable for applications on mobile devices.
Cheng Chi Lee; Chun Ta Li; Zhi Wei Chen; Shun Der Chen; Yan Ming Lai. A novel authentication scheme for anonymity and digital rights management based on elliptic curve cryptography. International Journal of Electronic Security and Digital Forensics 2019, 11, 1 .
AMA StyleCheng Chi Lee, Chun Ta Li, Zhi Wei Chen, Shun Der Chen, Yan Ming Lai. A novel authentication scheme for anonymity and digital rights management based on elliptic curve cryptography. International Journal of Electronic Security and Digital Forensics. 2019; 11 (1):1.
Chicago/Turabian StyleCheng Chi Lee; Chun Ta Li; Zhi Wei Chen; Shun Der Chen; Yan Ming Lai. 2019. "A novel authentication scheme for anonymity and digital rights management based on elliptic curve cryptography." International Journal of Electronic Security and Digital Forensics 11, no. 1: 1.
Cheng Chi Lee; Shun Der Chen; Chun Ta Li; Yan Ming Lai; Zhi Wei Chen. A novel authentication scheme for anonymity and digital rights management based on elliptic curve cryptography. International Journal of Electronic Security and Digital Forensics 2019, 11, 96 .
AMA StyleCheng Chi Lee, Shun Der Chen, Chun Ta Li, Yan Ming Lai, Zhi Wei Chen. A novel authentication scheme for anonymity and digital rights management based on elliptic curve cryptography. International Journal of Electronic Security and Digital Forensics. 2019; 11 (1):96.
Chicago/Turabian StyleCheng Chi Lee; Shun Der Chen; Chun Ta Li; Yan Ming Lai; Zhi Wei Chen. 2019. "A novel authentication scheme for anonymity and digital rights management based on elliptic curve cryptography." International Journal of Electronic Security and Digital Forensics 11, no. 1: 96.
As wireless sensor networks (WSN) and Internet of things (IoT) have rapidly developed over recent years, the smart vehicular system is designed in the environment of WSN to provide vehicle related applications such as traffic safety for drivers, controlling traffic signal, broadcasting traffic information and speed monitoring etc. Recently, Mohit et al. have proposed an authentication protocol for WSN-based smart vehicular system. Their protocol consists of three main entities namely vehicle sensor, sink node and user. Vehicle sensors collected traffic data and send it to a sink node of WSN. User used traffic data from sink node in off-line mode for the traffic management. Mohit et al. claimed that the proposed protocol is secure against various attacks such as untraceable, impersonation and password guessing attacks. However, their proposed protocol still has some vulnerabilities such as absence of session key, suffering user duplication and sink node impersonation attacks. Thus their protocol cannot guarantee complete security. In this paper, we aim to propose an improved protocol based on their work which overcomes these security loopholes in their protocol. The informal security analysis shows that our proposed protocol is cable to defend the security weaknesses found in Mohit et al.’s authentication protocol.
Chun-Ta Li; Chi-Yao Weng; Chin-Ling Chen; Cheng-Chi Lee. A Secure Authentication Protocol for Wireless Sensor Network in Smart Vehicular System. Privacy Enhancing Technologies 2018, 278 -288.
AMA StyleChun-Ta Li, Chi-Yao Weng, Chin-Ling Chen, Cheng-Chi Lee. A Secure Authentication Protocol for Wireless Sensor Network in Smart Vehicular System. Privacy Enhancing Technologies. 2018; ():278-288.
Chicago/Turabian StyleChun-Ta Li; Chi-Yao Weng; Chin-Ling Chen; Cheng-Chi Lee. 2018. "A Secure Authentication Protocol for Wireless Sensor Network in Smart Vehicular System." Privacy Enhancing Technologies , no. : 278-288.
With the rapid growth in the popularity of mobile devices and development of network technologies, various online social networking applications have grown in popularity. While these social networking sites provide benefits in terms of enhanced connectivity with people all around the world, they can also pose security threats and raise privacy concerns due to their vulnerability to be exploited by malicious agents. Such social networking sites where members can transmit or share their social information via public channels increases the risk that these information may be exposed to unwanted users. Therefore, it is important to enhance the security of these online social network services using group session keys. These group session keys also need to be updated in case a new member joins the group or an old member leaves the social group. To enhance the trustworthiness of the online social network systems, in this paper we propose a secure chaotic maps-based group key agreement scheme. In this proposed scheme, we also provide member anonymity to ensure the privacy of the communication between the social networking platform and the members. The proposed solution does not rely on a centralized online key center or a trusted group chairman, thus ensuring fairness. We integrate the mechanisms of message encryption and member verification into the scheme to allow the members to anonymously interact with the services of the online social network.We verify the formal security of the proposed solution using the widely accepted BAN logic analysis and simulation verification with Proverif to prove that our scheme is secure against both passive and active attacks. We also demonstrate that the proposed scheme is efficient in its implementation and achieves greater functionality criteria in comparison with similar existing proposals.
Chun-Ta Li; Tsu-Yang Wu; Chien-Ming Chen. A Provably Secure Group Key Agreement Scheme With Privacy Preservation for Online Social Networks Using Extended Chaotic Maps. IEEE Access 2018, 6, 66742 -66753.
AMA StyleChun-Ta Li, Tsu-Yang Wu, Chien-Ming Chen. A Provably Secure Group Key Agreement Scheme With Privacy Preservation for Online Social Networks Using Extended Chaotic Maps. IEEE Access. 2018; 6 (99):66742-66753.
Chicago/Turabian StyleChun-Ta Li; Tsu-Yang Wu; Chien-Ming Chen. 2018. "A Provably Secure Group Key Agreement Scheme With Privacy Preservation for Online Social Networks Using Extended Chaotic Maps." IEEE Access 6, no. 99: 66742-66753.
Due to the advancement of convenience technology for people, the era of Internet of Things (IoT) has going on thriving, which has brought more and more attention to Radio Frequency Identification (RFID), as RFID is key to the sensor technology in IoT. As promoting of IoT, kind of protocols combine cloud to store authentication data and perform heavily computing which achieve the property of geographical restrictions in IoT. An ideal RFID system design should offer thorough protection in aspects of confidentiality, system security as well as user privacy. The protection should cover all functions and phases, among which is when the ownership is being transferred. A smooth ownership transfer mechanism can both help efficiently recycle used tags thus keeping the system cost down and provide the system with a high degree of flexibility so that different users other than the original owner can be properly authorized and then have a certain degree of control over the data and the sensors. So far, quite a number of studies about RFID ownership security issues have been brought up in the literature concerned with possible solutions provided; unfortunately, most of the existing ownership transfer protocols either come with some security weaknesses in the design itself and so are easy targets of attacks or cannot seem to fit in with the cloud environments. Recently, Cao et al. proposed an ingenious ownership transfer protocol, which still has some security flaws including vulnerability to the desynchronization attack as well as the tag impersonation attack and a tendency towards plaintext miscalculations. In this paper, we shall propose an improved, especially lightweight version of Cao et al.’s protocol we have developed on the basis of quadratic residues. With the identified security flaws mended, the improved protocol ensures a higher level of protection for ownership transfer at a much lower cost. Also included in this paper are some correctness and security analyses we have completed to prove the practicability of the proposed protocol. Moreover, we have compared the proposed protocol with some related works to show its superiority in terms of efficiency and scalability.
Cheng-Chi Lee; Shun-Der Chen; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai. Security enhancement on an RFID ownership transfer protocol based on cloud. Future Generation Computer Systems 2018, 93, 266 -277.
AMA StyleCheng-Chi Lee, Shun-Der Chen, Chun-Ta Li, Chung-Lun Cheng, Yan-Ming Lai. Security enhancement on an RFID ownership transfer protocol based on cloud. Future Generation Computer Systems. 2018; 93 ():266-277.
Chicago/Turabian StyleCheng-Chi Lee; Shun-Der Chen; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai. 2018. "Security enhancement on an RFID ownership transfer protocol based on cloud." Future Generation Computer Systems 93, no. : 266-277.
In recent years, information technology has become a focus of attention. All hardware, software, and communication technologies are growing rapidly. Nowadays, we can’t live without technology. We use technology anywhere and anytime, and enjoy the convenience of technology. In particular, all kinds of network services and applications. These communication technologies and services constitute the concept of cloud computing. Cloud computing involves virtualization of service resources on the network; the entire service resources include scheduling, management, maintenance, and so on, which are carried out by specialized personnel. The goal of cloud computing is enabling users to use virtual resource pools maximally and handle large-scale computing problems anytime and anywhere via the network. Robotics is one of the rapidly developing technologies. Although there are numerous research teams working on cloud robots, research on cloud robot systems is still in its infancy and many problems have not yet been considered, such as the issues of robot privatization and communication security. Therefore, we propose a robot cloud service system and focus on four crucial issues: cloud platform central control, robot intelligence technology, robot privatization, and communication security. Finally, we use BAN logic to prove that the proposed scheme achieves mutual authentication and user anonymity. The proposed scheme can also defend against several kinds of attacks, like eavesdropping attack, impersonation attack, parallel session attack, man-in-the-middle attack, and replay attack.
Chin-Ling Chen; Yanting Li; Yong-Yuan Deng; Chun-Ta Li. Robot Identification and Authentication in a Robot Cloud Service System. IEEE Access 2018, 6, 56488 -56503.
AMA StyleChin-Ling Chen, Yanting Li, Yong-Yuan Deng, Chun-Ta Li. Robot Identification and Authentication in a Robot Cloud Service System. IEEE Access. 2018; 6 ():56488-56503.
Chicago/Turabian StyleChin-Ling Chen; Yanting Li; Yong-Yuan Deng; Chun-Ta Li. 2018. "Robot Identification and Authentication in a Robot Cloud Service System." IEEE Access 6, no. : 56488-56503.
Due to the rapid development of computer technologies, many traditional contents have been digitized, adding to the immensity of digital contents. Through the Internet, various digital contents can be accessed and spread all over the world within the snap of a finger. However, such amazing swiftness and convenience have also brought various kinds of data security, privacy and copyright protection issues. Digital rights management (DRM) systems are access control technologies used to restrict the use, modification, and distribution of protected digital contents. The success of a DRM system relies heavily on a good user authentication mechanism, and user identity verification through biometric information check is a great idea in that the biological characteristics are unique to each user and that such a mechanism releases the user of the trouble of keeping the login info safe from being stolen or mistaken or forgotten. On the other hand, in response to modern people’s prevalent use of mobile devices, DRM systems should also support mobile digital content access. In this paper, we shall propose a novel biometric-based authentication and anonymity scheme for DRM system. To develop our new scheme, we have carefully studied Jung et al.'s scheme, a biometric-based protocol whose architecture is similar to that of a DRM system but not quite the same, and modified it to fit the requirements of a DRM system environment. Our correctness check, security analysis, and performance evaluation have proved the superiority of our new scheme over related schemes.DOI: http://dx.doi.org/10.5755/j01.itc.47.2.18506
Cheng-Chi Lee; Chun-Ta Li; Zhi-Wei Chen; Yan-Ming Lai. A Biometric-Based Authentication and Anonymity Scheme for Digital Rights Management System. Information Technology and Control 2018, 47, 262 - 274 .
AMA StyleCheng-Chi Lee, Chun-Ta Li, Zhi-Wei Chen, Yan-Ming Lai. A Biometric-Based Authentication and Anonymity Scheme for Digital Rights Management System. Information Technology and Control. 2018; 47 (2):262 - 274.
Chicago/Turabian StyleCheng-Chi Lee; Chun-Ta Li; Zhi-Wei Chen; Yan-Ming Lai. 2018. "A Biometric-Based Authentication and Anonymity Scheme for Digital Rights Management System." Information Technology and Control 47, no. 2: 262 - 274.
Recently, the chaos theory has been dealt with as a decent approach to reducing the computational complexity of a cryptographic technique while fulfilling the security necessities. In an ID-based cryptographic system where public keys are distributed to individual users, the application of chaotic maps allows users to set their network addresses or names as their individual public keys. This makes the public key cryptographic technique very user-friendly in that the public key confirmation process can be very informal and direct. In such a design, no huge public key database is required, and therefore, those security issues arising as a result of the existence of a public key database can be avoided. The aim of this article is to go deep into the possibility of transforming a chaotic-map-based cryptosystem into an ID-based technique without having to build a new framework from scratch or to do adjustment to the chaotic maps.
Chandrashekhar Meshram; Cheng-Chi Lee; Sarita Gajbhiye Meshram; Chun-Ta Li. An efficient ID-based cryptographic transformation model for extended chaotic-map-based cryptosystem. Soft Computing 2018, 23, 6937 -6946.
AMA StyleChandrashekhar Meshram, Cheng-Chi Lee, Sarita Gajbhiye Meshram, Chun-Ta Li. An efficient ID-based cryptographic transformation model for extended chaotic-map-based cryptosystem. Soft Computing. 2018; 23 (16):6937-6946.
Chicago/Turabian StyleChandrashekhar Meshram; Cheng-Chi Lee; Sarita Gajbhiye Meshram; Chun-Ta Li. 2018. "An efficient ID-based cryptographic transformation model for extended chaotic-map-based cryptosystem." Soft Computing 23, no. 16: 6937-6946.
Due to the advancement of modern technology, the era of Internet of Things (IoT) has come with cloud computing going on thriving, which has brought more and more attention to Radio Frequency Identification (RFID), as RFID is key to the sensor technology in IoT. In 2016, Cao et al. proposed an ingenious RFID ownership transfer protocol based on cloud. However, we shall point out that the proposed scheme is vulnerable to some security weaknesses such as the desynchronization attack as well as the tag impersonation attack and a tendency towards plaintext miscalculations. In the future, anyone can propose an improved scheme to remedy these security weaknesses.
Cheng-Chi Lee; Shun-Der Chen; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai. Cryptanalysis of AN RFID Ownership Transfer Protocol Based on Cloud. 2018 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2018 4th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) 2018, 134 -139.
AMA StyleCheng-Chi Lee, Shun-Der Chen, Chun-Ta Li, Chung-Lun Cheng, Yan-Ming Lai. Cryptanalysis of AN RFID Ownership Transfer Protocol Based on Cloud. 2018 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2018 4th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). 2018; ():134-139.
Chicago/Turabian StyleCheng-Chi Lee; Shun-Der Chen; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai. 2018. "Cryptanalysis of AN RFID Ownership Transfer Protocol Based on Cloud." 2018 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2018 4th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) , no. : 134-139.
With the rapid development of information science and network technology, Internet has become an important platform for the dissemination of digital content, which can be easily copied and distributed through the Internet. Although convenience is increased, it causes significant damage to authors of digital content. Digital rights management system (DRM system) is an access control system that is designed to protect digital content and ensure illegal users from maliciously spreading digital content. Enterprise Digital Rights Management system (E-DRM system) is a DRM system that prevents unauthorized users from stealing the enterprise's confidential data. User authentication is the most important method to ensure digital rights management. In order to verify the validity of user, the biometrics-based authentication protocol is widely used due to the biological characteristics of each user are unique. By using biometric identification, it can ensure the correctness of user identity. In addition, due to the popularity of mobile device and Internet, user can access digital content and network information at anytime and anywhere. Recently, Mishra et al. proposed an anonymous and secure biometric-based enterprise digital rights management system for mobile environment. Although biometrics-based authentication is used to prevent users from being forged, the anonymity of users and the preservation of digital content are not ensured in their proposed system. Therefore, in this paper, we will propose a more efficient and secure biometric-based enterprise digital rights management system with user anonymity for mobile environments.
Cheng-Chi Lee; Chun-Ta Li; Zhi-Wei Chen; Yan-Ming Lai; Jiann-Cherng Shieh. An improved E-DRM scheme for mobile environments. Journal of Information Security and Applications 2018, 39, 19 -30.
AMA StyleCheng-Chi Lee, Chun-Ta Li, Zhi-Wei Chen, Yan-Ming Lai, Jiann-Cherng Shieh. An improved E-DRM scheme for mobile environments. Journal of Information Security and Applications. 2018; 39 ():19-30.
Chicago/Turabian StyleCheng-Chi Lee; Chun-Ta Li; Zhi-Wei Chen; Yan-Ming Lai; Jiann-Cherng Shieh. 2018. "An improved E-DRM scheme for mobile environments." Journal of Information Security and Applications 39, no. : 19-30.
We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency.
Chun-Ta Li; Dong-Her Shih; Chun-Cheng Wang. Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Computer Methods and Programs in Biomedicine 2018, 157, 191 -203.
AMA StyleChun-Ta Li, Dong-Her Shih, Chun-Cheng Wang. Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. Computer Methods and Programs in Biomedicine. 2018; 157 ():191-203.
Chicago/Turabian StyleChun-Ta Li; Dong-Her Shih; Chun-Cheng Wang. 2018. "Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems." Computer Methods and Programs in Biomedicine 157, no. : 191-203.
In recent years, Radio Frequency Identification (RFID) applications of various kinds have been blooming. However, along with the stunning advancement have come all sorts of security and privacy issues, for RFID tags oftentimes store private data and so the permission to read a tag or any other kind of access needs to be carefully controlled. Therefore, of all the RFID-related researches released so far, a big portion focuses on the issue of authentication. There have been so many cases where the legal access to or control over a tag needs to be switched from one reader to another, which has encouraged the development of quite a number of different kinds of ownership transfer protocols. On the other hand, not only has the need for ownership transfer been increasing, but a part of it has also been evolving from individual ownership transfer into group ownership transfer. However, in spite of the growing need for practical group ownership transfer services, little research has been done to offer an answer to the need. In this paper, we shall present a new RFID time-bound group ownership delegate protocol based on homomorphic encryption and quadratic residues. In addition, in order to provide more comprehensive service, on top of mutual authentication and ownership delegation, we also offer options for the e-th time verification as well as the revocation of earlier delegation.
Cheng-Chi Lee; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai; Athanasios V. Vasilakos. A Novel Group Ownership Delegate Protocol for RFID Systems. Information Systems Frontiers 2018, 21, 1153 -1166.
AMA StyleCheng-Chi Lee, Chun-Ta Li, Chung-Lun Cheng, Yan-Ming Lai, Athanasios V. Vasilakos. A Novel Group Ownership Delegate Protocol for RFID Systems. Information Systems Frontiers. 2018; 21 (5):1153-1166.
Chicago/Turabian StyleCheng-Chi Lee; Chun-Ta Li; Chung-Lun Cheng; Yan-Ming Lai; Athanasios V. Vasilakos. 2018. "A Novel Group Ownership Delegate Protocol for RFID Systems." Information Systems Frontiers 21, no. 5: 1153-1166.
The proxy blind signature scheme (PBSS), allows the authorized proxy signer to use his proxy private key to create a legal blind signature on behalf of original signer. Recently, Alghazzawi, Salim and Hasan (A-S-H), presented the elliptic curve cryptography (ECC) based PBSS. However, we found their scheme is vulnerable to a linkability attack, which shows that there was lacked of unlinkability. In this paper, the improvements are being done in this regards in such a manner that the proposed signature scheme satisfies all the security properties, including unlinkability property. The security of the proposed PBSS rely on the elliptic curve discrete logarithm problem (ECDLP). The signature scheme presented can be implemented in low power and small processor device such as smart card.
Manoj Kumar Chande; Cheng-Chi Lee; Chun-Ta Li. Cryptanalysis and improvement of a ECDLP based proxy blind signature scheme. Journal of Discrete Mathematical Sciences and Cryptography 2018, 21, 23 -34.
AMA StyleManoj Kumar Chande, Cheng-Chi Lee, Chun-Ta Li. Cryptanalysis and improvement of a ECDLP based proxy blind signature scheme. Journal of Discrete Mathematical Sciences and Cryptography. 2018; 21 (1):23-34.
Chicago/Turabian StyleManoj Kumar Chande; Cheng-Chi Lee; Chun-Ta Li. 2018. "Cryptanalysis and improvement of a ECDLP based proxy blind signature scheme." Journal of Discrete Mathematical Sciences and Cryptography 21, no. 1: 23-34.
In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.
Chun-Ta Li; Tsu-Yang Wu; Chin-Ling Chen; Cheng-Chi Lee; Chien-Ming Chen. An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System. Sensors 2017, 17, 1482 .
AMA StyleChun-Ta Li, Tsu-Yang Wu, Chin-Ling Chen, Cheng-Chi Lee, Chien-Ming Chen. An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System. Sensors. 2017; 17 (7):1482.
Chicago/Turabian StyleChun-Ta Li; Tsu-Yang Wu; Chin-Ling Chen; Cheng-Chi Lee; Chien-Ming Chen. 2017. "An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System." Sensors 17, no. 7: 1482.
Recently, Wu et al. proposed a secure channel free searchable encryption (SCF-PEKS) scheme which not only can guard against keyword guessing and record disclosure attacks but also can provide much better performance than other related scheme for shareable EMRs. However, in this paper, we demonstrated that Wu et al.’s SCF-PEKS scheme has some design flaws and security weaknesses such as (1) it fails to ensure the properties of message authentication and untraceability, (2) it fails to prevent the malicious outsider from forging a fake EMR as the sender, (3) it fails to prevent the privileged cloud insider from revealing sender’s secret keyword and sensitive record. The aforementioned security flaws in Wu et al.’s scheme may lead to privacy exposure and the receiver misled the contents of this fake record.
Chun-Ta Li; Cheng-Chi Lee; Chi-Yao Weng; Tsu-Yang Wu; Chien-Ming Chen. Cryptanalysis of “An Efficient Searchable Encryption Against Keyword Guessing Attacks for Shareable Electronic Medical Records in Cloud-Based System”. Lecture Notes in Electrical Engineering 2017, 424, 282 -289.
AMA StyleChun-Ta Li, Cheng-Chi Lee, Chi-Yao Weng, Tsu-Yang Wu, Chien-Ming Chen. Cryptanalysis of “An Efficient Searchable Encryption Against Keyword Guessing Attacks for Shareable Electronic Medical Records in Cloud-Based System”. Lecture Notes in Electrical Engineering. 2017; 424 ():282-289.
Chicago/Turabian StyleChun-Ta Li; Cheng-Chi Lee; Chi-Yao Weng; Tsu-Yang Wu; Chien-Ming Chen. 2017. "Cryptanalysis of “An Efficient Searchable Encryption Against Keyword Guessing Attacks for Shareable Electronic Medical Records in Cloud-Based System”." Lecture Notes in Electrical Engineering 424, no. : 282-289.