Wen-Shenq Juang

Bio: Wen-Shenq Juang is an academic researcher from National Kaohsiung First University of Science and Technology. The author has contributed to research in topics: Authentication & Password. The author has an hindex of 18, co-authored 56 publications receiving 1430 citations. Previous affiliations of Wen-Shenq Juang include Shih Hsin University & National Taiwan University.

Efficient multi-server password authenticated key agreement using smart cards

Abstract: Remote user authentication and key agreement scheme using smart cards is a very practical solution to validate the eligibility of a remote user and provide secure communication later. Also, due to fast progress of networks and information technology, most of provided services are in multi-server environments. In this paper, we propose a novel user authentication and key agreement scheme using smart cards for multi-server environments with much less computational cost and more functionality. The major merits include: (1) users only need to register at the registration centre once and can use permitted services in eligible servers; (2) the scheme does not need a verification table: (3) users can freely choose their passwords; (4) the computation and communication cost is very low; (5) servers and users can authenticate each other; (6) it generates a session key agreed by the user and the server; and (7) it is a nonce-bayed scheme which does not have a serious time-synchronization problem.

Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards

Abstract: User authentication and key agreement is an important security primitive for creating a securely distributed information system. Additionally, user authentication and key agreement is very useful for providing identity privacy to users. In this paper, we propose a robust and efficient user authentication and key agreement scheme using smart cards. The main merits include the following: 1) the computation and communication cost is very low; 2) there is no need for any password or verification table in the server; 3) a user can freely choose and change his own password; 4) it is a nonce-based scheme that does not have a serious time-synchronization problem; 5) servers and users can authenticate each other; 6) the server can revoke a lost card and issue a new card for a user without changing his identity; 7) the privacy of users can be protected; 8) it generates a session key agreed upon by the user and the server; and 9) it can prevent the offline dictionary attack even if the secret information stored in a smart card is compromised.

[서평]「Applied Cryptography」

Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

The knowledge complexity of interactive proof-systems

Abstract: Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

Information privacy research: an interdisciplinary review

Abstract: To date, many important threads of information privacy research have developed, but these threads have not been woven together into a cohesive fabric. This paper provides an interdisciplinary review of privacy-related research in order to enable a more cohesive treatment. With a sample of 320 privacy articles and 128 books and book sections, we classify previous literature in two ways: (1) using an ethics-based nomenclature of normative, purely descriptive, and empirically descriptive, and (2) based on their level of analysis: individual, group, organizational, and societal. Based upon our analyses via these two classification approaches, we identify three major areas in which previous research contributions reside: the conceptualization of information privacy, the relationship between information privacy and other constructs, and the contextual nature of these relationships. As we consider these major areas, we draw three overarching conclusions. First, there are many theoretical developments in the body of normative and purely descriptive studies that have not been addressed in empirical research on privacy. Rigorous studies that either trace processes associated with, or test implied assertions from, these value-laden arguments could add great value. Second, some of the levels of analysis have received less attention in certain contexts than have others in the research to date. Future empirical studies-both positivist and interpretive--could profitably be targeted to these under-researched levels of analysis. Third, positivist empirical studies will add the greatest value if they focus on antecedents to privacy concerns and on actual outcomes. In that light, we recommend that researchers be alert to an overarching macro model that we term APCO (Antecedents → Privacy Concerns → Outcomes).