I-Pin Chang scite author profile

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost.

show abstract

A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System

Lee¹,

Chang²,

Lin³

et al. 2013

J Med Syst

View full text Add to dashboard Cite

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

show abstract

Simple Group Password-based Authenticated Key Agreements for the Integrated EPR Information System

Lee¹,

Chang²,

Wang³

2013

J Med Syst

View full text Add to dashboard Cite

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

show abstract

Blockchain-Based Healthcare Information Preservation Using Extended Chaotic Maps for HIPAA Privacy/Security Regulations

2021

View full text Add to dashboard Cite

A healthcare information system allows patients and other users to remotely login to medical services to access health data through the Internet. To protect the privacy of patients and security over the public network, secure communication is required. Therefore, the security of data in transmission has been attracting increasing attention. In recent years, blockchain technology has also attracted more attention. Relevant research has been published at a high rate. Most methods of satisfying relevant security-related regulations use modular and exponential calculation. This study proposes a medical care information preservation mechanism that considers the entire process of data storage in devices from wearable devices to mobile devices to medical center servers. The entire process is protected and complies with HIPAA privacy and security regulations. The proposed scheme uses extended chaotic map technology to develop ID-based key negotiation for wearable devices, and thereby reduces the amount of computing that must be carried out by wearable devices and achieve lightness quantify. It also uses the non-tamperability of the blockchain to ensure that the data have not been tampered with, improving data security. The proposed mechanism can resist a variety of attacks and is computationally lighter than the elliptic curve point multiplication that has been used elsewhere, while retaining its security characteristics.

show abstract

Efficient three‐party encrypted key exchange using trapdoor functions

Lee

Chang

Wang

2013

Security Comm Networks

View full text Add to dashboard Cite

Three‐party encrypted key exchange (3PEKE) enables two communicating parties to securely exchange confidential and authenticated information over an insecure network via a trusted server. This investigation presents a novel efficient and secure 3PEKE protocol using a super‐poly‐to‐one trapdoor function. The proposed protocol employs the Diffie–Hellman key exchange and adopts the technique that the clients can publicly exchange the factors for generating the session key without the help of the server to reduce the numbers of transmissions. A round‐efficient version of the proposed 3PEKE protocol is also described. Compared with related approaches, the proposed protocol not only retains security requirements and possesses lower computational cost but also has fewer transmissions and realizes the lower bounds of communications. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

I-Pin Chang

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks

A Secure and Efficient Password-Based User Authentication Scheme Using Smart Cards for the Integrated EPR Information System

Simple Group Password-based Authenticated Key Agreements for the Integrated EPR Information System

Blockchain-Based Healthcare Information Preservation Using Extended Chaotic Maps for HIPAA Privacy/Security Regulations

Efficient three‐party encrypted key exchange using trapdoor functions

Contact Info

Product

Resources

About