This page has only limited features, please log in for full access.

Prof. Kuo-Hui Yeh
Department of Information Management, National Dong Hwa University, No. 1, Sec. 2, Da Hsueh Rd. Shoufeng, Hualien 97401, Taiwan

Basic Info


Research Keywords & Expertise

0 Authentication
0 Data Privacy
0 Mobile Security
0 Blockchain
0 Cryptology

Fingerprints

Authentication
Blockchain
IoT Security

Honors and Awards

The user has no records in this section


Career Timeline

The user has no records in this section.


Short Biography

The user biography is not available.
Following
Followers
Co Authors
The list of users this user is following is empty.
Following: 0 users

Feed

Editorial
Published: 14 July 2021 in Journal of Information Security and Applications
Reads 0
Downloads 0
ACS Style

Mian Ahmad Jan; Kuo-Hui Yeh; Zhiyuan Tan; Yulei Wu. Blockchain for edge-enabled smart cities applications. Journal of Information Security and Applications 2021, 61, 102937 .

AMA Style

Mian Ahmad Jan, Kuo-Hui Yeh, Zhiyuan Tan, Yulei Wu. Blockchain for edge-enabled smart cities applications. Journal of Information Security and Applications. 2021; 61 ():102937.

Chicago/Turabian Style

Mian Ahmad Jan; Kuo-Hui Yeh; Zhiyuan Tan; Yulei Wu. 2021. "Blockchain for edge-enabled smart cities applications." Journal of Information Security and Applications 61, no. : 102937.

Journal article
Published: 07 July 2021 in IEEE Transactions on Cloud Computing
Reads 0
Downloads 0

To satisfy the requirement of data portability, current service providers (or resource servers) usually provide OAuth-based schemes for third party applications (or clients) to access user data with the users consent. To shoulder the costs of maintaining relationships with potential third party applications, a service provider may adopt delegate the task of authentication and authorization to an authorization server. However, current OAuth specification does not specify the interactions between an authorization server and a resource server. To address this limitation, this study proposes the MyDataChain framework to enhance the existing OAuth specification with blockchain technology. The proposed framework utilizes smart contracts to establish the standard interface to support the processes of authorization requesting, granting, and revocation. As blockchain technologies can ensure data integrity, the framework can use the data stored in the blockchain to resolve disputes among different parities. Moreover, as the proposed framework uses the Non-Interactive Zero-Knowledge (NIZK) scheme, the proposed framework can achieve its purpose without storing any personal identifiable or traceable data in the blockchain.

ACS Style

Shi-Cho Cha; Chu-Lin Chang; Yang Xiang; Zi-Jia Huang; Kuo-Hui Yeh. Enhancing OAuth with Blockchain Technologies for Data Portability. IEEE Transactions on Cloud Computing 2021, PP, 1 -1.

AMA Style

Shi-Cho Cha, Chu-Lin Chang, Yang Xiang, Zi-Jia Huang, Kuo-Hui Yeh. Enhancing OAuth with Blockchain Technologies for Data Portability. IEEE Transactions on Cloud Computing. 2021; PP (99):1-1.

Chicago/Turabian Style

Shi-Cho Cha; Chu-Lin Chang; Yang Xiang; Zi-Jia Huang; Kuo-Hui Yeh. 2021. "Enhancing OAuth with Blockchain Technologies for Data Portability." IEEE Transactions on Cloud Computing PP, no. 99: 1-1.

Editorial
Published: 22 December 2020 in Sensors
Reads 0
Downloads 0

Due to rapid technical advancements, many devices in the Internet of Things (IoT) environment, such as embedded systems, mobile devices, actuators, and sensors (all of which can be referred to as smart things), can receive huge amounts of information through data exchanging and interconnection

ACS Style

Jerry Chun-Wei Lin; Kuo-Hui Yeh. Security and Privacy Techniques in IoT Environment. Sensors 2020, 21, 1 .

AMA Style

Jerry Chun-Wei Lin, Kuo-Hui Yeh. Security and Privacy Techniques in IoT Environment. Sensors. 2020; 21 (1):1.

Chicago/Turabian Style

Jerry Chun-Wei Lin; Kuo-Hui Yeh. 2020. "Security and Privacy Techniques in IoT Environment." Sensors 21, no. 1: 1.

Journal article
Published: 15 December 2020 in IEEE Access
Reads 0
Downloads 0

The Internet of Things (IoT), which enables a wide variety of embedded devices, sensors, and actuators (known as smart things) to interconnect and exchange data, is a promising network scenario for bridging physical devices and virtual objects in the cyber world. Considering the limited capacity of smart things, cloud computing has been introduced to store and process the huge amount of data collected by the IoT. The appropriate integration of cloud computing and the IoT can be regarded as the best of two worlds, simultaneously providing omnipresent sensing services and powerful processing capabilities. Undoubtedly, the cloud-assisted IoT will boost the advancement of innovative applications and services including smart cities, industrial IoT, intelligent transportation, and electronic health systems. Despite the benefits of cloud-aided IoT, it is impossible to overlook the significance of security and privacy in this kind of highly heterogeneous and interconnected system. To deal with security threats to smart devices and sensitive data, hundreds of security solutions have recently been put forward for either the cloud or IoT environments. However, a few important characteristics such as heterogeneity and scalability have not been properly considered in these solutions.

ACS Style

Kuo-Hui Yeh; Weizhi Meng; Sk Hafizul Islam; Kuan Zhang; Ennan Zhai. IEEE Access Special Section Editorial: Security and Privacy for Cloud and IoT. IEEE Access 2020, 8, 219690 -219694.

AMA Style

Kuo-Hui Yeh, Weizhi Meng, Sk Hafizul Islam, Kuan Zhang, Ennan Zhai. IEEE Access Special Section Editorial: Security and Privacy for Cloud and IoT. IEEE Access. 2020; 8 ():219690-219694.

Chicago/Turabian Style

Kuo-Hui Yeh; Weizhi Meng; Sk Hafizul Islam; Kuan Zhang; Ennan Zhai. 2020. "IEEE Access Special Section Editorial: Security and Privacy for Cloud and IoT." IEEE Access 8, no. : 219690-219694.

Editorial
Published: 14 August 2020 in Future Generation Computer Systems
Reads 0
Downloads 0
ACS Style

Kuo-Hui Yeh; Robert H. Deng; Hiroaki Kikuchi. Special Issue on FinTech Security and Privacy. Future Generation Computer Systems 2020, 112, 1172 -1173.

AMA Style

Kuo-Hui Yeh, Robert H. Deng, Hiroaki Kikuchi. Special Issue on FinTech Security and Privacy. Future Generation Computer Systems. 2020; 112 ():1172-1173.

Chicago/Turabian Style

Kuo-Hui Yeh; Robert H. Deng; Hiroaki Kikuchi. 2020. "Special Issue on FinTech Security and Privacy." Future Generation Computer Systems 112, no. : 1172-1173.

Review
Published: 17 July 2020 in Symmetry
Reads 0
Downloads 0

When the Internet and other interconnected networks are used in a health system, it is referred to as “e-Health.” In this paper, we examined research studies from 2017–2020 to explore the utilization of intelligent techniques in health and its evolution over time, particularly the integration of Internet of Things (IoT) devices and cloud computing. E-Health is defined as “the ability to seek, find, understand and appraise health information derived from electronic sources and acquired knowledge to properly solve or treat health problems. As a repository for health information as well as e-Health analysis, the Internet has the potential to protect consumers from harm and empower them to participate fully in informed health-related decision-making. Most importantly, high levels of e-Health integration mitigate the risk of encountering unreliable information on the Internet. Various research perspectives related to security and privacy within IoT-cloud-based e-Health systems are examined, with an emphasis on the opportunities, benefits and challenges of the implementation such systems. The combination of IoT-based e-Health systems integrated with intelligent systems such as cloud computing that provide smart objectives and applications is a promising future trend.

ACS Style

Chanapha Butpheng; Kuo-Hui Yeh; Hu Xiong. Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review. Symmetry 2020, 12, 1191 .

AMA Style

Chanapha Butpheng, Kuo-Hui Yeh, Hu Xiong. Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review. Symmetry. 2020; 12 (7):1191.

Chicago/Turabian Style

Chanapha Butpheng; Kuo-Hui Yeh; Hu Xiong. 2020. "Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review." Symmetry 12, no. 7: 1191.

Journal article
Published: 22 June 2020 in IEEE Transactions on Emerging Topics in Computational Intelligence
Reads 0
Downloads 0

Intelligence mining is one of the most promising technologies for effectively extracting intelligence (and knowledge) to enhance the quality of decision making. In Taiwan, the government curtails underground economic activities and facilitates tax management via ubiquitous e-invoice information processing and intelligence mining for B2C transactions with management realized via privacy-preserved and robust consumer carriers. In this paper, we study the concept of carriers, a medium that facilitates the transfer of an e-invoice from a business to a consumer in a B2C transaction. Implementations of carriers not only depend on the underlying hardware, software, and network infrastructures that support their services, but also on consumers willingness to use them. In this paper, we review the Taiwan's Second Generation E-invoicing System, which is designed to promote the use of e-invoices in the consumer sector, and identify four problems that require further attention. These problems are: (1) no e-invoice data for immediate review, (2) limited readability of carriers by POS (Point of Sales), (3) lack of seamless integration into purchase behaviors, and (4) carrier traceability. We then discuss possible solutions to overcome these concerns, in hope of offering some insight into future mobile commerce based on e-invoice carriers in the cloud computing era.

ACS Style

Shih-Chao Cha; Hao Wang; Zhiyuan Tan; Yuh-Jzer Joung; Yen-Chung Tseng; Kuo-Hui Yeh. On Privacy Aware Carriers for Value-Possessed e-Invoices Considering Intelligence Mining. IEEE Transactions on Emerging Topics in Computational Intelligence 2020, 4, 641 -652.

AMA Style

Shih-Chao Cha, Hao Wang, Zhiyuan Tan, Yuh-Jzer Joung, Yen-Chung Tseng, Kuo-Hui Yeh. On Privacy Aware Carriers for Value-Possessed e-Invoices Considering Intelligence Mining. IEEE Transactions on Emerging Topics in Computational Intelligence. 2020; 4 (5):641-652.

Chicago/Turabian Style

Shih-Chao Cha; Hao Wang; Zhiyuan Tan; Yuh-Jzer Joung; Yen-Chung Tseng; Kuo-Hui Yeh. 2020. "On Privacy Aware Carriers for Value-Possessed e-Invoices Considering Intelligence Mining." IEEE Transactions on Emerging Topics in Computational Intelligence 4, no. 5: 641-652.

Journal article
Published: 24 April 2020 in Journal of Information Security and Applications
Reads 0
Downloads 0

With the continuously developing wireless communication technique, the Internet of Things (IoT) has been deployed in various domains. In the IoT, numerous smart devices exchange information transparently and seamlessly via the open channel to provide intelligent and convenient services for the citizens. Due to the vulnerable nature of the communication channel, ensuring data authenticity of the transmitted information is a challenging issue. Certificateless signature (CLS) is regarded as an appropriate cryptographical primitive to protect data authenticity in the IoT. However, the existing CLS schemes are infeasible for the practical IoT systems, since individual verification causes network congestion and service delay in the face of massive service requests. To improve the verification efficiency, plenty of CLS schemes with batch verification have been investigated to verify multiple signatures quickly at once. Despite the improvement of verification efficiency, these schemes have poor efficiency or security issue. Furthermore, the batch verification failure cannot be settled in these schemes, which reduces the advantage of batch verification significantly. Motivated by the above problems, this paper presents a secure and efficient CLS scheme with batch verification and invalid signature identification. The proposed scheme is provably secure under the random oracle model. The comprehensive comparison analysis demonstrates that the presented scheme is superior to the related works in security and performance.

ACS Style

Hu Xiong; Yan Wu; Chunhua Su; Kuo-Hui Yeh. A secure and efficient certificateless batch verification scheme with invalid signature identification for the internet of things. Journal of Information Security and Applications 2020, 53, 102507 .

AMA Style

Hu Xiong, Yan Wu, Chunhua Su, Kuo-Hui Yeh. A secure and efficient certificateless batch verification scheme with invalid signature identification for the internet of things. Journal of Information Security and Applications. 2020; 53 ():102507.

Chicago/Turabian Style

Hu Xiong; Yan Wu; Chunhua Su; Kuo-Hui Yeh. 2020. "A secure and efficient certificateless batch verification scheme with invalid signature identification for the internet of things." Journal of Information Security and Applications 53, no. : 102507.

Editorial
Published: 21 April 2020 in International Journal of Information Security
Reads 0
Downloads 0

Correspondence to Kuo-Hui Yeh. Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Reprints and Permissions Yeh, K., Su, C., Deng, R.H. et al. Special issue on security and privacy of blockchain technologies. Int. J. Inf. Secur. (2020). https://doi.org/10.1007/s10207-020-00496-6 Download citation Published: 21 April 2020 DOI: https://doi.org/10.1007/s10207-020-00496-6

ACS Style

Kuo-Hui Yeh; Chunhua Su; Robert H. Deng; Moti Yung; Miroslaw Kutylowski. Special issue on security and privacy of blockchain technologies. International Journal of Information Security 2020, 19, 243 -244.

AMA Style

Kuo-Hui Yeh, Chunhua Su, Robert H. Deng, Moti Yung, Miroslaw Kutylowski. Special issue on security and privacy of blockchain technologies. International Journal of Information Security. 2020; 19 (3):243-244.

Chicago/Turabian Style

Kuo-Hui Yeh; Chunhua Su; Robert H. Deng; Moti Yung; Miroslaw Kutylowski. 2020. "Special issue on security and privacy of blockchain technologies." International Journal of Information Security 19, no. 3: 243-244.

Journal article
Published: 18 April 2020 in Computer Communications
Reads 0
Downloads 0

This study proposes a framework, called bleRPC, for people to enhance the ability of their home set-top boxes to control nearby IoT devices. The blePRC supported set-top boxes would implement common components and associated interfaces, such that IoT device vendors could develop application services for IoT devices, and users could deploy these services on their set-top boxes and control related IoT devices with their smartphones via Bluetooth Low Energy (BLE) technology, thereby eliminating the need to install several vendor-specific gateways at home. As BLE technology is designed for device-to-device communication, the bleRPC framework provides a means for a service in a bleRPC supported set-top box to distinguish between remote applications in the same user smartphone. Consequently, this study also contributes to providing application-level authentication and access control mechanisms for BLE-based service. This study implements the bleRPC framework on the Android TV platform, which is one of the state-of-the-art set-top box platforms. In terms of practicability, proof-of-concept experiments are conducted to demonstrate the performance of the proposed framework.

ACS Style

Shi-Cho Cha; Kuo-Hui Yeh; Zi-Jia Huang. bleRPC: A plug-and-play RPC framework over BLE. Computer Communications 2020, 157, 298 -307.

AMA Style

Shi-Cho Cha, Kuo-Hui Yeh, Zi-Jia Huang. bleRPC: A plug-and-play RPC framework over BLE. Computer Communications. 2020; 157 ():298-307.

Chicago/Turabian Style

Shi-Cho Cha; Kuo-Hui Yeh; Zi-Jia Huang. 2020. "bleRPC: A plug-and-play RPC framework over BLE." Computer Communications 157, no. : 298-307.

Journal article
Published: 08 March 2019 in Future Generation Computer Systems
Reads 0
Downloads 0

The rapid growth of data has successfully promoted the development of edge computing, which is used for processing the data at the edge of network. The emergence of edge computing compensates for the network delay caused by massive data uploads to the cloud. However, the issues of data security and privacy protection still need to be resolved. In this paper, we propose an efficient ciphertext-policy attribute-based encryption (CP-ABE) scheme that for the first time simultaneously achieves partially hidden policy, direct revocation, and verifiable outsourced decryption. Specifically, in our scheme, the concept of partially hidden policy is introduced to protect private information in an access policy. In addition, after a revocation is successfully executed, the revoked users will not be able to access the message without affecting any other non-revoked users. Our new scheme leverages the outsourcing technique to minimize the overhead required of the user. We demonstrate that our scheme is secure under the Decisional (q−1) Diffie-Hellman assumption and the Decisional Bilinear Diffie-Hellman assumption, as well as evaluating its performance using simulations.

ACS Style

Hu Xiong; Yanan Zhao; Li Peng; Hao Zhang; Kuo-Hui Yeh. Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Generation Computer Systems 2019, 97, 453 -461.

AMA Style

Hu Xiong, Yanan Zhao, Li Peng, Hao Zhang, Kuo-Hui Yeh. Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Generation Computer Systems. 2019; 97 ():453-461.

Chicago/Turabian Style

Hu Xiong; Yanan Zhao; Li Peng; Hao Zhang; Kuo-Hui Yeh. 2019. "Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing." Future Generation Computer Systems 97, no. : 453-461.

Journal article
Published: 06 November 2018 in BioMedical Engineering OnLine
Reads 0
Downloads 0

The significant advancement in the mobile sensing technologies has brought great interests on application development for the Internet-of-Things (IoT). With the advantages of contactlessness data retrieval and efficient data processing of intelligent IoT-based objects, versatile innovative types of on-demand medical relevant services have promptly been developed and deployed. Critical characteristics involved within the data processing and operation must thoroughly be considered. To achieve the efficiency of data retrieval and the robustness of communications among IoT-based objects, sturdy security primitives are required to preserve data confidentiality and entity authentication. A robust nursing-care support system is developed for efficient and secure communication among mobile bio-sensors, active intelligent objects, the IoT gateway and the backend nursing-care server in which further data analysis can be performed to provide high-quality and on-demand nursing-care service. We realize the system implementation with an IoT-based testbed, i.e. the Raspberry PI II platform, to present the practicability of the proposed IoT-oriented nursing-care support system in which a user-friendly computation cost, i.e. 6.33 ms, is required for a normal session of our proposed system. Based on the protocol analysis we conducted, the security robustness of the proposed nursing-care support system is guaranteed. According to the protocol analysis and performance evaluation, the practicability of the proposed method is demonstrated. In brief, we can claim that our proposed system is very suitable for IoT-based environments and will be a highly competitive candidate for the next generation of nursing-care service systems.

ACS Style

Cheng-Fa Chiang; Fang-Ming Hsu; Kuo-Hui Yeh. Robust IoT-based nursing-care support system with smart bio-objects. BioMedical Engineering OnLine 2018, 17, 154 .

AMA Style

Cheng-Fa Chiang, Fang-Ming Hsu, Kuo-Hui Yeh. Robust IoT-based nursing-care support system with smart bio-objects. BioMedical Engineering OnLine. 2018; 17 (2):154.

Chicago/Turabian Style

Cheng-Fa Chiang; Fang-Ming Hsu; Kuo-Hui Yeh. 2018. "Robust IoT-based nursing-care support system with smart bio-objects." BioMedical Engineering OnLine 17, no. 2: 154.

Journal article
Published: 30 October 2018 in IEEE Internet of Things Journal
Reads 0
Downloads 0

Internet of Things (IoT) devices have brought much efficiency and convenience to our daily life. However, the devices may collect a myriad of data from people without their consent. Controlling the large amount of data generated from the devices from being misused is critical to mitigate privacy risks. Therefore, privacy protection on personal data has become an important factor in the development of the IoT. Historically, privacy enhancing technologies (PETs) can effectively enhance the privacy and protect users' personally identifiable information. To date, many researchers have stressed the importance of PETs and proposed solutions relevant to different application fields of the IoT. However, to the best of our knowledge, none of the research has analyzed the PETs in IoT from the aspects of privacy threat issues and privacy legislation. As a result, this paper surveys on the solutions of PETs in the field of IoT, which has filtered down from the large number of published academic papers to the 120 primary studies published between 2014 and 2017. After collecting the papers, we categorized them based on the functions and the coverage of privacy protection, and analyzed them from different aspects, ranging from high-level principles of general data protection regulations and ISO/IEC 29100:2011 requirements to the actual resolution of privacy threats in IoT. Thus, we aim to identify the current state of development of the PETs in various fields and examine whether the existing PETs comply with the latest legal principles and privacy standards and reduce the threats to privacy. Finally, recommendations for future research are given based on the results.

ACS Style

Shi-Cho Cha; Tzu-Yang Hsu; Yang Xiang; Kuo-Hui Yeh. Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges. IEEE Internet of Things Journal 2018, 6, 2159 -2187.

AMA Style

Shi-Cho Cha, Tzu-Yang Hsu, Yang Xiang, Kuo-Hui Yeh. Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges. IEEE Internet of Things Journal. 2018; 6 (2):2159-2187.

Chicago/Turabian Style

Shi-Cho Cha; Tzu-Yang Hsu; Yang Xiang; Kuo-Hui Yeh. 2018. "Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges." IEEE Internet of Things Journal 6, no. 2: 2159-2187.

Journal article
Published: 23 October 2018 in Symmetry
Reads 0
Downloads 0

The Internet-of-Things (IoT) is an emerging paradigm seamlessly integrating a great number of smart objects ubiquitously connected to the Internet. With the rise in interest in the IoT, industry and academia have introduced a variety of authentication technologies to deal with security challenges. Authentication in IoT involves not only shifting intelligent access control down to the end smart objects, but also user identification and verification. In this paper, we build an authentication system based on brainwave reactions to a chain of events. Brainwaves, as external signals of a functioning brain, provide a glimpse into how we think and react. However, seen another way, we could reasonably expect that a given action or event could be linked back to its corresponding brainwave reaction. Recently, commercial products in the form of wearable brainwave headsets have appeared on the market, opening up the possibility of exploiting brainwaves for various purposes and making this more feasible. In the proposed system, we use a commercially available brainwave headset to collect brainwave data from participants for use in the proposed authentication system. After the brainwave data collection process, we apply a machine learning-based approach to extract features from brainwaves to serve as authentication tokens in the system and support the authentication system itself.

ACS Style

Wayne Chiu; Chunhua Su; Chuan-Yen Fan; Chien-Ming Chen; Kuo-Hui Yeh. Authentication with What You See and Remember in the Internet of Things. Symmetry 2018, 10, 537 .

AMA Style

Wayne Chiu, Chunhua Su, Chuan-Yen Fan, Chien-Ming Chen, Kuo-Hui Yeh. Authentication with What You See and Remember in the Internet of Things. Symmetry. 2018; 10 (11):537.

Chicago/Turabian Style

Wayne Chiu; Chunhua Su; Chuan-Yen Fan; Chien-Ming Chen; Kuo-Hui Yeh. 2018. "Authentication with What You See and Remember in the Internet of Things." Symmetry 10, no. 11: 537.

Journal article
Published: 05 October 2018 in IEEE Access
Reads 0
Downloads 0

Recently, the popularity and universality of smart-devices has led to rapid advancement in the development of applications for mobile commerce around the world. Novel mobile payment schemes, such as Apple pay, Android pay, and Samsung pay are becoming an increasingly popular ways to conduct online transactions, no matter what type of smart devices are used. Due to the attendant growth in the importance of security, significant attention has been devoted to the challenge of designing and implementing a robust mobile payment scheme for securing online transactions. In this paper, we demonstrate a robust mobile payment scheme based on sturdy certificateless signatures with bilinear pairing. We elegantly refine the proposed mobile payment scheme to make it suitable for computation-constrained mobile devices. The practicability of the proposed mobile payment scheme is then certified via a rigorous security analysis and thorough performance evaluation using the Raspberry PI as the implementation platform for our proposed scheme. Furthermore, we implement a transaction repository with the aid of smart contract technology. The simulation results, based on Ethereum, demonstrate the feasibility of employing the smart contract technology to secure mobile payments.

ACS Style

Kuo-Hui Yeh; Chunhua Su; Jia-Li Hou; Wayne Chiu; Chien-Ming Chen. A Robust Mobile Payment Scheme With Smart Contract-Based Transaction Repository. IEEE Access 2018, 6, 59394 -59404.

AMA Style

Kuo-Hui Yeh, Chunhua Su, Jia-Li Hou, Wayne Chiu, Chien-Ming Chen. A Robust Mobile Payment Scheme With Smart Contract-Based Transaction Repository. IEEE Access. 2018; 6 ():59394-59404.

Chicago/Turabian Style

Kuo-Hui Yeh; Chunhua Su; Jia-Li Hou; Wayne Chiu; Chien-Ming Chen. 2018. "A Robust Mobile Payment Scheme With Smart Contract-Based Transaction Repository." IEEE Access 6, no. : 59394-59404.

Journal article
Published: 01 October 2018 in Applied Sciences
Reads 0
Downloads 0

Session initiation protocol (SIP) is the most widely used application layer control protocol for creating, modifying, and terminating session processes. Many authentication schemes have been proposed for SIP aimed at providing secure communication. Recently, a new authentication and key agreement scheme for SIP has been proposed, and it was claimed that it could resist a variety of attacks. However, in this paper, we show that this scheme is vulnerable to an offline password guessing attack and a stolen memory device attack. Furthermore, we show that it lacks the verification mechanism for a wrong password, and that the password updating process is not efficient. To mitigate the flaws and inefficiencies of this scheme, we design a new robust mutual authentication with a key agreement scheme for SIP. A security analysis revealed that our proposed scheme was robust to several kinds of attacks. In addition, the proposed scheme was simulated by the automatic cryptographic protocol tool ProVerif. A performance analysis showed that our proposed scheme was superior to other related schemes.

ACS Style

Chien-Ming Chen; Bin Xiang; King-Hang Wang; Kuo-Hui Yeh; Tsu-Yang Wu. A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol. Applied Sciences 2018, 8, 1789 .

AMA Style

Chien-Ming Chen, Bin Xiang, King-Hang Wang, Kuo-Hui Yeh, Tsu-Yang Wu. A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol. Applied Sciences. 2018; 8 (10):1789.

Chicago/Turabian Style

Chien-Ming Chen; Bin Xiang; King-Hang Wang; Kuo-Hui Yeh; Tsu-Yang Wu. 2018. "A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol." Applied Sciences 8, no. 10: 1789.

Original research
Published: 10 September 2018 in Journal of Ambient Intelligence and Humanized Computing
Reads 0
Downloads 0

A secure authenticated key exchange protocol is an essential key to bootstrap a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Lu et al. addresses the needs of a three parties secure communication by presenting a new protocol that claimed to be resistance against various attacks. However we found that their protocol is still vulnerable against an off-line password guessing attack. In this attack, an adversary can obtain the password of an user without any direct interactions with the server. To surmount such problem, we propose a new three-party password-based authenticated key exchange protocol. The security of our protocol are proved by the automatic cryptographic protocol tool proverif. The protocol presented is also more secure and efficient comparing with other similar protocols in the literature.

ACS Style

Chien-Ming Chen; King-Hang Wang; Kuo-Hui Yeh; Bin Xiang; Tsu-Yang Wu. Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. Journal of Ambient Intelligence and Humanized Computing 2018, 10, 3133 -3142.

AMA Style

Chien-Ming Chen, King-Hang Wang, Kuo-Hui Yeh, Bin Xiang, Tsu-Yang Wu. Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. Journal of Ambient Intelligence and Humanized Computing. 2018; 10 (8):3133-3142.

Chicago/Turabian Style

Chien-Ming Chen; King-Hang Wang; Kuo-Hui Yeh; Bin Xiang; Tsu-Yang Wu. 2018. "Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications." Journal of Ambient Intelligence and Humanized Computing 10, no. 8: 3133-3142.

Conference paper
Published: 06 September 2018 in Transactions on Petri Nets and Other Models of Concurrency XV
Reads 0
Downloads 0

Brainwaves, as external signals of a functioning brain, provide a possible glimpse into how we think and react. However, seen another way, we could reasonably expect that a given action or event could be linked back to its corresponding brainwave reaction. Recently, commercial products in the form of commercial brainwave headsets have flooded into the market, opening up the possibility of exploiting brainwaves for various purposes and making this more feasible. In this paper, we build an authentication system based on brainwave reactions to a chain of events. We use a commercially available brainwave headset to collect brainwave data of participants for use in the proposed authentication system. After the brainwave data collection process, we apply a machine learning-based approach to extract features from brainwaves to serve as authentication tokens in the system and to support the authentication system itself.

ACS Style

Wayne Chiu; Kuo-Hui Yeh; Akihito Nakamura. Seeing Is Believing: Authenticating Users with What They See and Remember. Transactions on Petri Nets and Other Models of Concurrency XV 2018, 391 -403.

AMA Style

Wayne Chiu, Kuo-Hui Yeh, Akihito Nakamura. Seeing Is Believing: Authenticating Users with What They See and Remember. Transactions on Petri Nets and Other Models of Concurrency XV. 2018; ():391-403.

Chicago/Turabian Style

Wayne Chiu; Kuo-Hui Yeh; Akihito Nakamura. 2018. "Seeing Is Believing: Authenticating Users with What They See and Remember." Transactions on Petri Nets and Other Models of Concurrency XV , no. : 391-403.

Journal article
Published: 05 September 2018 in IEEE Access
Reads 0
Downloads 0

To protect collected personal data, current data protection laws and regulations usually request organizations that accumulate and use personal data to adopt reasonable security safeguards. In this case, risk assessment approaches enable organizations to specify security controls as appropriate risks to their personal data. This paper proposes a data-driven risk assessment approach for personal data protection. In the proposed approach, an organization can model flows of collected personal data using extended data flow diagrams. In addition to recognizing scenarios of personal data collection and usage, the organization can identify components used to process, store, and transmit data. Based on associated components for further risk evaluation, the organization can identify potential incidents to each personal data. Compared to a traditional asset-oriented risk assessment approach, the proposed method diminishes risks to assets associated with sensitive personal data. In addition, compared to a process-oriented risk assessment approach, our approach prevents organizations from overlooking risks to sensitive data that are not used in critical business processes. While the proposed approach can improve the risk assessment accuracy of personal data protection, the study may hopefully help organizations adopt more appropriate security safeguards to protect personal data.

ACS Style

Shi-Cho Cha; Kuo-Hui Yeh. A Data-Driven Security Risk Assessment Scheme for Personal Data Protection. IEEE Access 2018, 6, 50510 -50517.

AMA Style

Shi-Cho Cha, Kuo-Hui Yeh. A Data-Driven Security Risk Assessment Scheme for Personal Data Protection. IEEE Access. 2018; 6 ():50510-50517.

Chicago/Turabian Style

Shi-Cho Cha; Kuo-Hui Yeh. 2018. "A Data-Driven Security Risk Assessment Scheme for Personal Data Protection." IEEE Access 6, no. : 50510-50517.

Journal article
Published: 05 September 2018 in IEEE Signal Processing Magazine
Reads 0
Downloads 0

Endpoint devices form a core part of the architecture of the Industrial Internet of Things (IIoT). Aspects of endpoint device security also extend to related technology paradigms, such as cyberphysical systems (CPSs), edge computing, and fog computing. In this sphere, there have been several initiatives to define and promote safer and more secure IIoT networks, with the Industrial Internet Consortium (IIC) and OpenFog Consortium having developed security framework specifications detailing the techniques and technologies to secure industrial endpoints.

ACS Style

Lu Zhou; Kuo-Hui Yeh; Gerhard Hancke; Zhe Liu; Chunhua Su. Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints. IEEE Signal Processing Magazine 2018, 35, 76 -87.

AMA Style

Lu Zhou, Kuo-Hui Yeh, Gerhard Hancke, Zhe Liu, Chunhua Su. Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints. IEEE Signal Processing Magazine. 2018; 35 (5):76-87.

Chicago/Turabian Style

Lu Zhou; Kuo-Hui Yeh; Gerhard Hancke; Zhe Liu; Chunhua Su. 2018. "Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints." IEEE Signal Processing Magazine 35, no. 5: 76-87.