Yao-Hsin Chen

Bio: Yao-Hsin Chen is an academic researcher from National Tsing Hua University. The author has contributed to research in topics: Authentication & Routing protocol. The author has an hindex of 9, co-authored 15 publications receiving 308 citations. Previous affiliations of Yao-Hsin Chen include Industrial Technology Research Institute.

oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks

Abstract: Text password is the most popular form of user authentication on websites due to its convenience and simplicity. However, users' passwords are prone to be stolen and compromised under different threats and vulnerabilities. Firstly, users often select weak passwords and reuse the same passwords across different websites. Routinely reusing passwords causes a domino effect; when an adversary compromises one password, she will exploit it to gain access to more websites. Second, typing passwords into untrusted computers suffers password thief threat. An adversary can launch several password stealing attacks to snatch passwords, such as phishing, keyloggers and malware. In this paper, we design a user authentication protocol named oPass which leverages a user's cellphone and short message service to thwart password stealing and password reuse attacks. oPass only requires each participating website possesses a unique phone number, and involves a telecommunication service provider in registration and recovery phases. Through oPass, users only need to remember a long-term password for login on all websites. After evaluating the oPass prototype, we believe oPass is efficient and affordable compared with the conventional web authentication mechanisms.

PassMap: a map based graphical-password authentication system

Abstract: Text passwords have been used in authentication systems for many decades. Users must recall the textual strings selected during registration to pass authentication. However, there are some serious problems with text passwords---recollection and security. Hence, various graphical-password authentication systems have been proposed to solve the problems of text passwords. Previous studies indicate that humans are better at recognizing and recalling images than texts. In 2005, Wiedenbeck et al. proposed PassPoints in which a password consists of a sequence of click-points (5 to 8) that a user chooses on an image. In the paper, we proposed an alternative system in which users can memorize fewer points while providing more security than PassPoints. Based on the idea of using an extremely large image as the password space, we propose a novel world map based graphical-password authentication system called PassMap in which a password consists of a sequence of 2 click-points that a user selects on an large world map. We also conducted a user study for evaluation. The result shows that the passwords of PassMap are easy to memorize for humans and PassMap is friendly to use in practice. Furthermore, PassMap provides higher entropy than PassPoints and also increases the cost of attacks.

SPATE: Small-Group PKI-Less Authenticated Trust Establishment

Abstract: Establishing trust between a group of individuals remains a difficult problem. Prior works assume trusted infrastructure, require an individual to trust unknown entities, or provide relatively low probabilistic guarantees of authenticity (95 percent for realistic settings). This work presents SPATE, a primitive that allows users to establish trust via mobile devices and physical interaction. Once the SPATE protocol runs to completion, its participants' mobile devices have authentic data that their applications can use to interact securely (i.e., the probability of a successful attack is 2-24). For this work, we leverage SPATE as part of a larger system to facilitate efficient, secure, and user-friendly collaboration via e-mail, file-sharing, and text messaging services. Our implementation of SPATE on Nokia N70 smartphones allows users to establish trust in small groups of up to eight users in less than one minute. The example SPATE applications provide increased security with little overhead noticeable to users once keys are established.

Eliminating rouge femtocells based on distance bounding protocol and geographic information

Abstract: Recently, femtocell solutions have been attracting increasing attention since coverage for broadband radios can effectively eliminate wireless notspots. To restrict malicious subscribers from accessing femtocells, 3G/WiMAX standards introduce an access control strategy, called Closed Subscriber Group (CSG). However, CSG only prevents malicious clients, but not rouge femtocells. In 2009, Han et al. proposed the first mutual authentication mechanism. This mechanism does not consider the case that an attacker can locate femtocells in an unregistered area even these femtocells are legitimate. In this paper, we first define two attacks, sinkhole and wormhole attacks, in femtocell-enabled mobile networks. Then, we design two approaches based on distance bounding protocols and geographic information to defend against these two attacks. In our design, a subscriber can confirm whether or not the femtocell he connected with is physically-present. Experiment results demonstrate that the distance bounding protocol can estimate an approximate distance between a subscriber's device and the deployed femtocell. Moreover, femtocells that are deployed inside or outside can both be identified and distinguished without the bias of signal strength based on our design.

SASHIMI: Secure Aggregation via Successively Hierarchical Inspecting of Message Integrity on WSN

Abstract: Aggregation schemes for reducing transmission cost have been proposed for wireless sensor networks for a long time. Aggregated results can be easily altered by adver- saries since sensors are prone to being captured in a harsh environment. Hence, several secure data aggregation schemes have been proposed to solve this problem. Many schemes ensure data integrity during aggregation procedures, but most of them are post-active since integrity can only be confirmed after the data reaches the base station. Another limitation is that the network topology is assumed to be fixed. However, this assumption violates the characteristic of sensor networks. In this paper, we present a secure data aggrega- tion scheme called SASHIMI. SASHIMI utilizes successively hierarchical inspecting of message integrity during aggregation. If attacks arise during aggregation, attacks can be detected within two levels of the hierarchal tree structure. In other words, penalty and overhead caused by attacks can be reduced. In average, SASHIMI incurs only O(n) communication cost where n is the number of nodes. In the case of attacks, SASHIMI performs better than existing schemes. Moreover, SASHIMI supports dynamic network topology. Finally, a comprehensive analysis demonstrates that SASHIMI is more secure and efficient than other schemes. keyword: Wireless Sensor Network; Data aggregation; Data integrity

Phoolproof Phishing Prevention

Abstract: Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution. Phishing attacks succeed by exploiting a user's inability to distinguish legitimate sites from spoofed sites. Most prior research focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process will enhance security and eliminate many forms of fraud. We propose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware. We demonstrate the practicality of our system with a prototype implementation.

Intercrossed Access Controls for Secure Financial Services on Multimedia Big Data in Cloud Systems

Abstract: The dramatically growing demand of Cyber Physical and Social Computing (CPSC) has enabled a variety of novel channels to reach services in the financial industry. Combining cloud systems with multimedia big data is a novel approach for Financial Service Institutions (FSIs) to diversify service offerings in an efficient manner. However, the security issue is still a great issue in which the service availability often conflicts with the security constraints when the service media channels are varied. This paper focuses on this problem and proposes a novel approach using the Semantic-Based Access Control (SBAC) techniques for acquiring secure financial services on multimedia big data in cloud computing. The proposed approach is entitled IntercroSsed Secure Big Multimedia Model (2SBM), which is designed to secure accesses between various media through the multiple cloud platforms. The main algorithms supporting the proposed model include the Ontology-Based Access Recognition (OBAR) Algorithm and the Semantic Information Matching (SIM) Algorithm. We implement an experimental evaluation to prove the correctness and adoptability of our proposed scheme.

Privacy-Preserving Schemes for Ad Hoc Social Networks: A Survey

Abstract: We review the state of the art of privacy-preserving schemes for ad hoc social networks including mobile social networks (MSNs) and vehicular social networks (VSNs). Specifically, we select and examine in-detail 33 privacy-preserving schemes developed for or applied in the context of ad hoc social networks. Based on novel schemes published between 2008 and 2016, we survey privacy preservation models including location privacy, identity privacy, anonymity, traceability, interest privacy, backward privacy, and content oriented privacy. Recent significant attacks of leaking privacy, countermeasures, and game theoretic approaches in VSNs and MSNs are summarized in the form of tables. In addition, an overview of recommendations for further research is provided. With this survey, readers can acquire a thorough understanding of research trends in privacy-preserving schemes for ad hoc social networks.