Publication

Proverbs 15:33 The fear of the LORD is the instruction of wisdom; and before honour is humility. (箴言 15:33 敬畏耶和華是智慧的訓誨;尊榮以前,必有謙卑。)

Journal paper:

  1. Kuo-Hui Yeh*, “BSNCare+: A Robust IoT oriented Healthcare System with Transaction Non-Repudiation,” Applied Science, Accepted at 6th December 2016. (*Corresponding Author, SCIE, Impact Factor of 2015 = 1.726) (東華大學名義)
  2. Kuo-Hui Yeh*, “A Secure IoT based Healthcare System with Body Sensor Networks,” IEEE Access, In Press, Online publication (DOI:10.1109/ACCESS.2016.2638038), December 2016. (*Corresponding Author, SCIE, Impact Factor of 2015 = 1.270) (東華大學名義)
  3. Kuo-Hui Yeh, Jia-Li Hou*, Lin-Chih Chen, Hao-Xiang Liao, Wei-Pang Yang, “Privacy Risk Assessment for SQLite based Android Applications,” Journal of Internet Technology, Accepted Manuscript, In press, (Estimated at) Vol. 18, No. 7, December 2017. (SCIE, Impact Factor of 2015= 0.533) (東華大學名義)
  4. Kuo-Hui Yeh, Nai-Wei Lo, Ren-Zong Kuo*, Chunhua SU, Hsuan-Yu Chen, “Formal Analysis on RFID Authentication Protocols against De-synchronization Attack,” Journal of Internet Technology, In press, (Estimated at) Vol.18 No.4, July 2017. (SCIE, Impact Factor of 2015= 0.533) (東華大學名義)
  5. Yung-Chun Chen, N.W. Lo, Ren-Zong Kuo, Enrico Winata, Kuo-Hui Yeh*, “A Fast Collision Arbitration Algorithm for RFID Tag Identification in Supply Chain Environment,” Journal of Internet Technology, In press, (Estimated at) January 2017. (*Corresponding Author, SCIE, Impact Factor of 2015= 0.533) (東華大學名義)
  6. Nai-Wei Lo*, Kuo-Hui Yeh, Chuan-Yen Fan, “Leakage-detection and Risk-assessment on Privacy for Android Applications: LRPdroid,” IEEE Systems Journal, Vol. 10, Issue 4, pp. 1361-1369, December 2016. (SCIE, Impact Factor of 2015 = 2.114) (東華大學名義)
  7. 陳林志,葉國暉,陳大仁,陳冠瑜,利用語意分析模型分析谷歌部落格搜尋引擎效能,資訊管理學報,已接受稿件,2016。 (TSSCI, 管院學院-B級期刊, 科技部-A級期刊) (東華大學名義)
  8. Jia-Li Hou, Kuo-Hui Yeh*, “Novel Authentication Schemes for IoT based Healthcare Systems,” International Journal of Distributed Sensor Networks, Vol. 2015, Article ID 183659, 9 pages, 2015. (DOI:10.1155/2015/183659) (*Corresponding Author, SCIE, Impact Factor of 2015= 0.906 (東華大學名義)
  9. Kuo-Hui Yeh*, “An anonymous and lightweight authentication scheme for mobile devices,” Information Technology and Control, Vol. 44, No. 2, pp. 206-214, 2015. (SCIE, Impact Factor of 2014 = 0.623) (東華大學名義)
  10. 陳林志*、陳大仁、葉國暉、吳忠澄,使用語意模型分析線上部落格文件,資訊管理學報,22:3,2015.07[民104.07], 頁273-315。(TSSCI, 管院學院-B級期刊, 科技部-A級期刊) (東華大學名義)
  11. 葉國暉*,郭仁宗,廖皓翔,楊芳捷,林秉賢,林子鈞,“適用於Android應用程式的隱私風險評估機制”,資訊安全通訊雜誌,3 月,民104。(東華大學名義)
  12. Kuo-Hui Yeh*, Nai-Wei Lo, Pei-Yun Liu, “An Efficient Resource Allocation Scheme for Cloud Federations,” Information Technology and Control, Vol. 44, No. 1, pp. 64-76, 2015. (SCIE, Impact Factor of 2014 = 0.623) (東華大學名義)
  13. Kuo-Hui Yeh*, “A lightweight authentication scheme with user untraceability,” Frontiers of Information Technology & Electronic Engineering (Journal of Zhejiang University-SCIENCE C-Computers & Electronics), Vol. 16, No. 4, pp. 259-271, 2015. (SCIE, Impact Factor of 2015 = 0.392) (東華大學名義)
  14. Kuo-Hui Yeh, Kuo-Yu Tsai*, Chuan-Yen Fan, “An Efficient Certificateless Signature Scheme without Bilinear Pairings,” Multimedia Tools and Applications, Vol. 74, Issue 16, pp 6519–6530, August 2015. (SCIE, Impact Factor of 2015 = 1.331) (東華大學名義)
  15. Kuo-Hui Yeh*, “A Provably Secure Multi-server based Authentication Scheme,” Wireless Personal Communications, Vol.79, No. 3, pp. 1621-1634, July 2014. (*Corresponding Author, SCIE, Impact Factor of 2014 = 0.653) (東華大學名義)
  16. Kuo-Hui Yeh, Nai-Wei Lo, Kuo-Yu Tsai*, Yingjiu Li, Enrico Winata, “A Novel RFID Tag Identification Protocol: Adaptive n-Resolution and k-Collision Arbitration,” Wireless Personal Communications, Vol. 77, Issue 3, pp. 1775-1800, August 2014. (SCIE, Impact Factor of 2014 = 0.653) (東華大學名義)
  17. Kuo-Hui Yeh*, Nai-Wei Lo, Tzong-Chen Wu, and Chieh Wang, “Secure e-Health System on Passive RFID: Outpatient Clinic and Emergency Care,” International Journal of Distributed Sensor Networks, Vol. 2013, Article ID 752412, 12 pages. (*Corresponding Author, SCIE, Impact Factor of 2013 = 0.923 (東華大學名義)
  18. 葉國暉*,洪子為,范雋彥,劉政宗,劉醇錕,許聖祥,“一套新的偕同式電子發票開立機制”,資訊安全通訊雜誌,10月,民102。 (東華大學名義)
  19. Kuo-Hui Yeh, Kuo-Yu Tsai*, and Jia-Li Hou, “Analysis and Design of Smart Card based Authentication Protocol,” Journal of Zhejiang University-SCIENCE C-Computers & Electronics, Vol. 14, No. 12, pp. 909-917, December 2013. (SCIE, Impact Factor of 2013 = 0.380) (東華大學名義)
  20. Chih-Ho Chou, Kuo-Yu Tsai*, Tzong-Chen Wu, and Kuo-Hui Yeh, “Efficient and Secure Three-Party Authenticated Key Exchange Protocol for Mobile Environments,” Journal of Zhejiang University-SCIENCE C-Computers & Electronics, Vol. 14, No. 5, pp.347-355, May 2013. (SCIE, Impact Factor of 2013 = 0.380) (東華大學名義)
  21. Kuo-Hui Yeh*, N.W. Lo, Tien-Ruey Hsiang, Yi-Chun Wei, Hung-Yi Hsieh, "Chaos Between Password-Based Authentication Protocol and Dictionary Attacks," Advanced Science Letters, Vol. 19, No. 3, pp. 1048-1051(4), March 2013. (*Corresponding Author) (東華大學名義)
  22. Kuo-Hui Yeh*, N.W. Lo, Yingjiu Li (Associate professor at Singapore Management Univ.), Yung-Chun Chen and Tzong-Chen Wu, "New Findings on RFID Authentication Schemes against De-synchronization Attack," International Journal of Innovative Computing, Information and Control, Vol.8, No.7(A), pp.4431-4449, July 2012. (In cooperation with Singapore Management University) (*Corresponding Author, SCIE) (東華大學名義)
  23. Kuo-Hui Yeh*, N.W. Lo, and Enrico Winata, "An Efficient Ultralightweight Mutual Authentication Scheme for RFID Systems: Airy Protocol," Journal of Internet Technology, Vol.12, No.6, pp. 887-898, November 2011. (SCI/SCIE, Impact Factor of 2011 = 0.508, *corresponding author, 文化大學名義)
  24. Yung-Chun Chen, Kuo-Hui Yeh*, N.W. Lo, Yingjiu Li (Associate professor at Singapore Management Univ.) and Enrico Winata, "Adaptive Collision Resolution for Efficient RFID Tag Identification," EURASIP Journal on Wireless Communications and Networking 2011:139, October 2011. (SCI/SCIE, Impact Factor of 2011 = 0.873, *corresponding author, In cooperation with Singapore Management University, 文化大學名義)
  25. N.W. Lo* and Kuo-Hui Yeh, "Simple Three-Party Password Authenticated Key Exchange Protocol," Journal of Shanghai Jiaotong University (Science), vol.16, no.5, pp. 600-603, October 2011. (EI, 文化大學名義)
  26. Kuo-Hui Yeh*, N.W. Lo and Enrico Winata, "CE-TIP: a Code Expansion based Tag Identification Protocol for RFID Systems," Journal of Information Science and Engineering, vol.27, no.2, pp.777-788, Feb. 2011. (SCI/SCIE, Impact Factor of 2011 = 0.175)
  27. Kuo-Hui Yeh*, N.W. Lo and Yingjiu Li, "Cryptanalysis of Hsiang-Shih’s Authentication Scheme for Multi-Server Architecture," International Journal of Communication Systems, vol.24, pp.829-836, July 2011. (SCI/SCIE, Impact Factor of 2011 = 0.406, *corresponding author, In cooperation with Singapore Management University)
  28. Kuo-Hui Yeh*, Chunhua Su, N.W. Lo, Yingjiu Li and Yi-Xiang Hung, "Two Robust Remote User Authentication Protocols Using Smart Cards," Journal of Systems and Software, vol.83, Issue 12, pp.2556-2565, Dec. 2010. (SCI/SCIE, Impact Factor of 2010 = 1.293, *corresponding author, In cooperation with Singapore Management University)
  29. Kuo-Hui Yeh* and N.W. Lo, "Improvement of Two Lightweight RFID Authentication Protocols," Information Assurance and Security Letters, vol.1, pp.6-11, 2010.
  30. Kuo-Hui Yeh* and N.W. Lo, “A Novel Remote User Authentication Scheme for Multi-server Environment without Using Smart Cards," International Journal of Innovative Computing, Information and Control, vol.6, no.8, pp.3467-3478, Aug. 2010. (SCI/SCIE, Impact Factor = 1.667, *corresponding author)
  31. N.W. Lo and Kuo-Hui Yeh, "A Novel Authentication Scheme for Mobile Commerce Transactions,” International Journal of Innovative Computing, Information and Control, vol.6, no.7, pp. 3093-3103, July 2010. (SCI/SCIE, Impact Factor = 1.667)
  32. Kuo-Hui Yeh*, N.W. Lo and Enrico Winata, "Cryptanalysis of an Efficient Remote User Authentication Scheme with Smart Cards," International Journal of Innovative Computing, Information and Control, vol.6, no.6, pp.2595-2608, June 2010. (SCI/SCIE, Impact Factor = 1.667, *corresponding author)
  33. N. W. Lo and Kuo-Hui Yeh, "A Practical Three-Party Authenticated Key Exchange Protocol," International Journal of Innovative Computing, Information and Control, vol.6, no.6, pp.2469-2484, June 2010. (SCI/SCIE, Impact Factor = 1.667)
  34. N.W. Lo and Kuo-Hui Yeh, "Mutual RFID Authentication Scheme for Resource-constrained Tags," Journal of Information Science and Engineering, vol.26, no.5, pp.1875-1889, May 2010. (SCI/SCIE, Impact Factor = 0.270)
  35. N.W. Lo and Kuo-Hui Yeh, "Anonymous Coexistence Proofs for RFID Tags," Journal of Information Science and Engineering, vol.26, no.4, pp.1213-1230, April 2010. (SCI/SCIE, Impact Factor = 0.270)
  36. N.W. Lo and Kuo-Hui Yeh*, "Cryptanalysis of Two Three-party Encrypted Key Exchange Protocols," Computer Standards and Interfaces, vol.31, no.6, pp.1167-1174, June 2009. (SCI/SCIE, Impact Factor = 0.825, *corresponding author)
  37. N.W. Lo, Kuo-Hui Yeh, and Chan Yeob Yeun, "New mutual agreement protocol to secure mobile RFID-enabled devices," Information Security Technical Report, vol.13, Issue 3, pp.151-157, Aug. 2008. (EI)
  38. N.W. Lo and Kuo-Hui Yeh*, "An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System," Emerging Directions in Embedded and Ubiquitous Computing (LNCS 4809), pp.43-56, Dec. 2007. (EI, *corresponding author)
  39. N.W. Lo and Kuo-Hui Yeh*, "Novel RFID Authentication Schemes for Security Enhancement and System Efficiency," Secure Data Management (LNCS 4721), pp.203-212, Sep. 2007. (EI, *corresponding author)

Conference paper:

  1. Nai-Wei Lo, Kuo-Hui Yeh*, Raylin Tso, Kuo-Yu Tsai, Bor-Shiun Lin, Tzu-Yin Chang, Chih-Hao Liu, “Real-time Public Sentiments Analysis and Information Integration Platform for Disaster Prevention and Victims of Disaster Rescue based on Social Networks,” in Proc. of the 15th GSDI World Conference, 29 November to 2nd December, 2016. (東華大學名義)
  2. Kuo-Hui Yeh, “A Secure IoT based e-Nursing System with Wearable Healthcare Devices,” in Proc. of the 5th International Multi-Conference on Engineering and Technology Innovation  (IMETI 2016), Taichung, Taiwan, 28 October - 01 November, 2016. (東華大學名義)
  3. 葉國暉、張騵中、柯冠廷,基於MapReduce之社群網路輿情分析系統,TANET 2016,花蓮,台灣,民105年,10月。(東華大學名義)
  4. Kuo-Hui Yeh, Chunhua Su, Chien-Lung Hsu, Wayne Chiu, Yu-Fan Hsueh, “Transparent Authentication Scheme with Adaptive Biometric Features for IoT Networks,” in Proc. of IEEE 5th Global Conference on Consumer Electronics (GCCE 2016), Kyoto, Japan, 11-14 October, 2016. (東華大學名義)
  5. Kuo-Hui Yeh, Nai-Wei Lo, Lin-Chih Chen, Ping-Hsien Lin, “A Fraud Detection System for Real-time Messaging Communication on Android Facebook Messenger,” in Proc. of IEEE 4th Global Conference on Consumer Electronics (GCCE 2015), Osaka, Japan, 27-30 October, 2015. (東華大學名義)
  6. Kuo-Hui Yeh, YuShan Chen, Fan-Wei Wang, “An Authentication Scheme for Ubiquitous RFID Systems,” in Proc. of 2014 Workshop on RFID Security (RFIDsec’14 Asia), Hualien, Taiwan, 27-28 November, 2014. (東華大學名義)
  7. Kuo-Hui Yeh, Nai-Wei Lo, Chuan-Yen Fan, “An Analysis Framework for Information Loss and Privacy Leakage on Android Applications,” in Proc. of IEEE 3rd Global Conference on Consumer Electronics (GCCE 2014), Tokyo, Japan, 7-10 October, 2014. (東華大學名義)
  8. Kuo-Hui Yeh, Kuo-Yu Tsai, Hao-Xiang Liao, “A Scalable Single Sign-On Scheme for Distributed Networks,” 第二十四屆資訊安全會議 (CISC 2014), 台北, 台灣, 民103年5月30-31日. (東華大學名義)
  9. Kuo-Hui Yeh, “A Novel Multi-server based Authentication Scheme,” in Proc. of 2014 International Conference on Information Science, Electronics and Electrical Engineering (ISEEE 2014), Sapporo, Japan, April 26-28, 2014. (東華大學名義)
  10. Kuo-Hui Yeh, Kuo-Yu Tsai, Ren-Zong Kuo, Tzong-Chen Wu, “Robust Certificateless Signature Scheme without Bilinear Pairings,” in Proc. of the International Conference on IT Convergence and Security (ICITCS 2013), Macau, China, December 16-18, 2013. (東華大學名義)
  11. Kuo-Hui Yeh, Fan-Wei Wang, Teng-Wun Yu, "Cryptanalysis of a Ubiquitous Authentication Scheme for RFID Systems," in Proc. of the International Conference on Applied and Theoretical Information Systems Research (ATISR 2013), Taipei, Taiwan, November 22-24, 2013. (東華大學名義)
  12. Kuo-Hui Yeh, Kuo-Yu Tsai, Chuan-Yen Fan, "Cryptanalysis of a Certificateless Signature Scheme without Bilinear Pairings," 2013台灣網際網路研討會(TANET 2013), 台中, 台灣, October 23-25, 2013. (東華大學名義)
  13. Kuo-Hui Yeh, Nai-Wei Lo, Shih-Chao Cha, Shuo-Yan Chou, Chun-Kun Liu, Sheng-Hsiang Hsu, "A Novel Consumer-oriented e-Invoicing System in Taiwan," in Proc. of the International Conference on Internet Studies (NETs 2013), Hong Kong, China, September 7-8, 2013. (東華大學名義)
  14. Kuo-Hui Yeh, Kuo-Yu Tsai, Hung-Lun Chang, "Anonymous Authentication Scheme for Large-Scale Mobile Networks," in Proc. of The FTRA 9th International Symposium on Wireless sensor network Technologies and Applications for Smart Space (WTA 2013), Gwangju, Korea, September 4-6, 2013. (東華大學名義)
  15. Kuo-Hui Yeh, Kuo-Yu Tsai, Chung-Fu Lu, Nai-Wei Lo, "Scalable and Anonymous Authentication Scheme," 第二十三屆資訊安全會議 (CISC 2013), 台南, 台灣, 民102年. (最佳論文獎佳作,東華大學名義)
  16. Kuo-Hui Yeh, N.W. Lo, Tien-Ruey Hsiang, Yi-Chun Wei, Hung-Yi Hsieh, "Chaos Between Password-Based Authentication Protocol and Dictionary Attacks," in Proc. of the 2nd International Conference on Wireless Networks and Information Systems (ICWNIS 2013), Taipei, Taiwan, January, 15-16, 2013. (東華大學名義)
  17. Nai-Wei Lo, Kuo-Hui Yeh, Hsuan-Yu Chen, "Cryptanalyses of Two Ultralightweight RFID Authentication Protocols," in Proc. of the 2012 Workshop on RFID and IoT Security (RFIDsec'12 Asia), Taipei, Taiwan, Nov. 08-09, 2012. (東華大學名義)
  18. Kuo-Hui Yeh, N.W. Lo, Chieh Wang, "A Patient Privacy-aware e-Health System based on Passive RFID," in Proc. of the 2012 International Workshop on Ubiquitous Information Security Techniques and Applications (UISTA 2012, in conjunction with UIC 2012), Fukuoka, Japan, September 04-07, 2012. (東華大學名義)
  19. N.W. Lo, Kuo-Hui Yeh and PeiYun Liu, "An Efficient Resource Allocation Scheme for Cross-Cloud Federation," in Proc. of the 6th International Conference on Anti-counterfeiting, Security, and Identification (ASID 2012), Taipei, Taiwan, August 24-26, 2012. (東華大學名義)
  20. Kuo-Hui Yeh, N.W. Lo, Chieh Wang, "Coexistence Proof on Passive RFID for Medication Error Elimination," in Proc. of the International Conference on Internet Studies (NETs 2012), Bangkok, Thailand, August 17-19, 2012. (東華大學名義)
  21. Kuo-Hui Yeh, N.W. Lo, Tzong-Chen Wu, Ta-Chi Yang and Horng-Twu Liaw, "Analysis of an eHealth Care System with Smart Card based Authentication," in Proc. of the 7th Asia Joint Conference on Information Security (AsiaJCIS 2012), Tokyo, Japan, August 09-10, 2012. (東華大學名義)
  22. N.W. Lo, Kuo-Hui Yeh, Hsuan-Yu Chen, "Analysis against Secret Redundancy Mechanism for RFID Authentication Protocol," in Proc. of the IEEE International Conference on Communication, Networks and Satellite (COMNETSAT 2012), Bali, Indonesia, July 12-14, 2012. (東華大學名義)
  23. N.W. Lo, Kuo-Hui Yeh, Hsuan-Yu Chen, "De-synchronization Attack Model for Ultra-lightweight RFID Authentication Protocols," 第二十二屆資訊安全會議 (CISC 2012), 台中, 台灣, 民101年. (Candidate for Best Paper,東華大學名義)
  24. Kuo-Hui Yeh, Yung-Chun Chen, N.W. Lo, Chia-Chun Lin, "An Efficient Anti-collision Protocol for RFID-based Supply Chain Networks," in Proc. of the 2011 International Conference on Computing, Information and Control (ICNVSP 2011), Bangkok, Thailand, May 2011.
  25. N.W. Lo and Kuo-Hui Yeh, "A Simple Three-party Authenticated Key Exchange Protocol," in Proc. of the CSCIC 2011 (資訊安全國際研討會暨第一屆海峽兩岸資訊安全研討會), HangZhou, China, April 2011.
  26. N.W. Lo and Kuo-Hui Yeh, "De-synchronization Attack on RFID Authentication Protocols," in Proc. of the International Symposium on Information Theory and its Applications (ISITA 2010), Taichung, Taiwan, October 2010.
  27. Kuo-Hui Yeh, N.W. Lo and Tzong-Chen Wu, "Formal Analysis on RFID Authentication Availability," in Proc. of the 5th Joint Workshop on Information Security (JWIS 2010), Guangzhou, China, August 2010.
  28. Kuo-Hui Yeh and N.W. Lo, "Tag Identification Efficiency for RFID Systems," in Proc. of the Doctoral Consortium in PACIS 2010, Taipei, Taiwan, July 2010. (On Behalf of Department of Information Management at National Taiwan University of Science and Technology)
  29. Kuo-Hui Yeh, N.W. Lo, Yingjiu Li (Associate professor at Singapore Management Univ.) and Enrico Winata, "An Adaptive n-Resolution Anti-Collision Algorithm for RFID Tag Identification," in Proc. of the 6th International Workshop on Heterogeneous Wireless Networks (in conjunction with AINA 2010), Perth, Australia, April 2010. (In cooperation with Singapore Management University)
  30. N.W. Lo and Kuo-Hui Yeh, "A Secure Communication Protocol for EPCglobal Class 1 Generation 2 RFID Systems," in Proc. of the 3rd International Workshop on RFID & WSN and its Industrial Applications (in conjunction with AINA 2010), Perth, Australia, April 2010.
  31.  Kuo-Hui Yeh, N.W. Lo and Enrico Winata, "An Efficient Ultralightweight Authentication Protocol for RFID Systems," in Proc. of the 2010 Workshop on RFID Security (RFIDsec’10 Asia), Singapore, Feb. 2010.
  32. N.W. Lo, Enrico Winata and Kuo-Hui Yeh, "Adaptive Delay Splitting for Efficient RFID Tag Identification," in Proc. of the 4th International Conference on Innovative Computing, Information and Control (ICICIC 2009), Kaohsiung, Taiwan, Dec. 2009.
  33. Kuo-Hui Yeh and N.W. Lo, "Improvement of an EPC Gen2 compliant RFID authentication protocol," in Proc. of the 5th International Conference on Information Assurance and Security (IAS09), Xi’an, China, Aug. 2009.
  34. N.W. Lo, Kuo-Hui Yeh and Meng-Chih Chiang, "Cryptanalysis of a Simple Three-party Key Exchange Protocol," in Proc. of the 4th Joint Workshop on Information Security (JWIS 2009), Kaohsiung, Taiwan, July 2009.
  35. N.W. Lo, Chu-Hsiang Yang and Kuo-Hui Yeh, "Performance Evaluation of Two Secure Communication Schemes on Vehicular Ad Hoc Networks," in Proc. of the International Computer Symposium 2008 (ISC 2008), Taipei, Taiwan, Nov. 2008.
  36. N.W. Lo and Kuo-Hui Yeh, "Potential Threat of Communication Scheme on Vehicular Ad Hoc Networks," in Proc. of the 3rd Joint Workshop on Information Security (JWIS 2008), Seoul, Korea, July 2008.
  37. N.W. Lo, Shie Huei-Sz and Kuo-Hui Yeh, "A Design of RFID Mutual Authentication Protocol Using Lightweight Bitwise Operations," in Proc. of the 3rd Joint Workshop on Information Security (JWIS 2008), Seoul, Korea, July 2008.
  38. 羅乃維、楊自立、葉國暉,低成本無線射頻技術之安全雙向認證機制,第十九屆國際資訊管理研討會,南投,臺灣,民97。
  39. Kuo-Hui Yeh, N.W. Lo and Enrico Winata, "An Efficient Tree-based Tag Identification Protocol for RFID Systems," in Proc. of the 4th International Workshop on Heterogeneous Wireless Networks (in conjunction with AINA 2008), Okinawa, Japan, Mar. 2008.
  40. N.W. Lo and Kuo-Hui Yeh, "An Efficient Mutual Authentication Scheme for EPCglobal Class-1 Generation-2 RFID System," in Proc. of the 2nd International Workshop on TRUST (in conjunction with EUC'07), Taipei, Taiwan, Dec. 2007.
  41. N.W. Lo and Kuo-Hui Yeh, "Hash-based Mutual Authentication Protocol for Mobile RFID Systems with Robust Reader-side Privacy Protection," in Proc. of the 1st ACM SenseID Workshop (in conjunction with ACM SenSys'07), Sydney, Australia, Nov. 2007.
  42. N.W. Lo and Kuo-Hui Yeh, "Novel RFID Authentication Schemes for Security Enhancement and System Efficiency," in Proc. of the 4th VLDB Workshop on Secure Data Management (in conjunction with VLDB 2007), Vienna, Austria, Sep. 2007.
  43. 葉國暉、羅乃維、賴源正、蔡效謙、林志宗,行車間隨意網路的資訊安全與身份隱私整合應用架構之研究(A Security-oriented and Privacy-aware Architecture on Vehicular Ad Hoc Networks),第十七全國資訊安全會議,嘉義,臺灣,民96。

研究主題:行動安全機制之研究(Mobile Security and Privacy)

Topic 1: Android行動設備的App隱私風險評估與防護
對行動App的使用者而言,許多敏感性資料(例如個人或企業識別ID、信用卡號碼等)將可能儲存於其所擁有的智慧型行動手持裝置內,且在行動 App的相互溝通與服務訊息傳輸模式下,該敏感性資料亦可能在未具備安全傳輸機制的網路中進行明文傳遞,如此一來,將導致個人(或企業)隱私 的外洩,造成有形(例如信用卡盜刷)或無形(例如個人喜好的外洩)的損失。鑑於此,本計畫主持人與其所帶領團隊主要針對Android系統上 的隱私管理進行探討與研究,並於近期研究中提出了一套適用於Android系統上的應用程式隱私分析框架,用以對Android應用程式進行 資訊損失評估、隱私洩漏檢測和隱私風險評估。

Topic 2: 適用於Android行動設備的匿名性身分鑑別
考量到雲端架構下的應用操作便利性與智慧型行動設備的普及,本計畫主持人與其所帶領團隊開發了一套適用於行動裝備的低成本且高效率之安全身分 鑑別協定,用以協助雲端系統與使用者間的鑑別溝通,並達成使用者端的隱私防護,求得極佳化之傳輸個體與資訊傳遞安全性。主要建置技術包含 Homomophic加密法、Zero-Knowledge證明與盲簽章等,並針對各加密模組進行效能分析,藉此來估算鑑別機制之成本。

研究主題:物聯網與巨量資料之研究(Internet of Things and Big Data)

Topic 1: 物聯網智慧感測裝置之使用者客製化服務平台
此研究領域為本計畫主持人與產業界合作的研究領域(產學合作案-正崴精密產學合作計畫,物聯網智慧感測裝置之使用者客製化服務平台專案),基 於正崴精密所製造的各種個人穿戴式智慧感測裝置與各類部署在家庭環境中的智慧感測裝置,來建立一個有部署彈性且可快速、容易地增加服務功能 (包含使用者的個人化、客製化服務)的物聯網智慧感測裝置服務平台,以便蒐集、保存、分析、統計(或彙整)所有目標人物或環境的感測資料並能 呈現運算結果給使用者或平台管理者(或平台擁有者)。本計畫目標將建構穿戴式智慧裝置使用者個人化健康管理服務平台(含多種穿戴式感測器)來 呈現此服務平台的設計架構,並接合家居環境(含多種室內感測器),以提供更進階的個人化健康管理服務。

Topic 2: 網路社群災害資訊傳遞與輿情分析研究
本計畫主持人與其所帶領的團隊主要研究網路社群災害資訊傳遞與輿情分析,擬建構出一網路社群導向的災害資訊彙整與輿情趨勢分析系統,有效並正 確彙整網路社群防災資訊。主要目標是發展出一套貼近國內民眾社群行為模式且能達到最大效益之災防通報與資訊彙整系統。系統將結合各種可能的社 群網路資訊來源管道及可行的技術來收集災防資訊,並分析及過濾該資訊之正確性,爾後便能在最短的時間內將災防資訊通報至系統,讓政府與國人能 夠快速、立即且正確地掌握最新的災防動態。本研究係利用雲端叢集架構與巨量資料分析與處理,並搭配語意分析、自然語言處理、混和式分群技術、 群眾外包與資訊推播等技術概念進行社群網路防災資訊彙整與輿情趨勢分析。

Topic 3: 我國電子發票創新研究
此領域為本計畫主持人與產業界合作的研究領域(產學合作案-資誠企業管理顧問公司兩年期計畫:二代電子發票精進研究計畫),主要為協助政府財 稅資訊中心進行未來電子發票應用環境與網路架構之規劃。於此研究中,後學提出了一套適用於夜市攤商的收稅系統,該系統中利用了智慧型手持裝置 作為傳輸基準,並搭配一套新設計的商業傳輸架構,以有效地針對攤商進行稅收的繳納與查核。於我國政府電子發票的推動與發展上,本研究相信此一 概念將成為我國政府創新應用發展的前驅。

Topic 4: 雲端運算環境下的身分鑑別與安全傳輸機制之研究
考量到雲端架構下的應用操作便利性與智慧型手機、筆記型電腦、平板電腦等手持行動設備的普及,本計畫主持人與其所帶領的團隊開發了一套適用於 行動裝置的身分鑑別協定,用以協助雲端系統與使用者間的鑑別溝通,協定中將高度提升使用者端的隱私防護,求得極佳化之傳輸個體與資訊傳遞安全 性。於此一目標,本子項將開發出一套植基於使用者密碼的匿名性身分鑑別系統模組,供目前(或未來)雲端服務提供者或是使用者自由運用。針對雲 端內之資訊傳遞與各應用相關資料互換,本子項預計以單一登入(Single Sign On)技術為主要概念,藉此開發一套客製於雲端環境的訊息安全傳輸機制,以降低機敏訊息於雲端間傳遞時的洩漏風險,並完美解決各雲端平台上的資訊存取與授權議題。

研究主題:NFC/RFID感測元件之安全與傳輸效能研究 (NFC/RFID Security)

Topic 1: NFC/RFID醫療應用系統開發
近年來,許多醫療機構採用RFID技術運用於藥物資訊、身份辨識,醫護人員只需加裝標籤、感應器,讓系統自動核對身分及內容,減輕醫護人員的 工作負擔,並能提升應有的工作效率,尤其醫療疏失在社會上屢見不鮮,利用RFID技術能減少人工作業,降低此類醫療糾紛問題。然而此類 RFID實作於醫療院所的系統時有所聞,不論是利用LBS(Location Based System)來藥房分配藥物的核對方式,或是透過儲存於感應器當中的資訊,讓醫護人員能帶著感應器去核對病患身份、藥物資訊、病患病歷等,再將資訊透過憑證存於後端當 中,當作後續醫療糾紛的發生時的證明。雖然利用此項技術能使得減少人為疏失與提升醫療效率,但過多的資料傳輸於無線網路當中,病患的個人資料 是否會遭受到有心人士的盜用及竊取,該議題逐漸被人們所重視。為了保障病患的隱私問題,本計畫主持人結合使用Smart Card與RFID技術,開發一套具隱私防護的醫療系統。此系統落實於台灣環境中的門、急診醫療流程,除了身份辨識、藥物核對外,更增強了病患資料在傳遞過程中的安全性, 避免截取、竊聽等資訊安全問題,更可加速病患於門診當中的看診效率。且在藥物管理上,系統將可運用RFID技術核對藥品的項目是否正確,減少 人為疏失所帶來的醫療傷害。

Topic 2: NFC/RFID攻擊模組正式化分析
近年來由於政府、社會與企業組織對於個人隱私議題的重視之提升,故在眾多有使用身分鑑別技術的應用中,凡嵌有標籤之物件,都需要能夠支援其前 /後向安全性之協定,以抵擋攻擊者任意追蹤及攻擊,基於以上緣由,考量採用低成本且具安全性之RFID極輕量級身分鑑別協定一直是值得探討的 研究議題。為抵擋惡意攻擊活動所造成的隱私問題,RFID極輕量級身分鑑別協定大多在標籤端與讀取器/伺服器端採用動態更新秘鑰機制,以確保 其通訊前/後向安全性。然而,在現實環境中,攻擊者依舊可以輕易地干擾或阻斷每個身分鑑別期間所傳遞的訊息,使得在標籤端與讀取器/伺服器端 所存有的秘鑰不一致,導致兩端呈現秘鑰不同步狀態,此類的攻擊即稱為「不同步攻擊(De-synchronization Attack)」。為了進一步抵抗不同步攻擊,最近發展之協定開始採用秘鑰冗餘的設計概念,以允許當標籤與資料庫兩端呈現不同步狀態時,兩端仍舊可透過秘鑰冗餘設計於下一 個身分鑑別期間正常且成功地相互溝通。然而,目前現存的許多機制仍舊不安全,鑑於此,本計畫主持人分析並證明了許多現存同時使用秘鑰冗餘機制 於標籤端與伺服器端的RFID極輕量級身分鑑別協定,無法有效地抵擋攻擊者所發動的不同步攻擊。

Topic 3: NFC/RFID身分鑑別協定設計
針對無線射頻辨識系統的後端通訊(讀取器擁有者與後端伺服器間),本計畫主持人共提出了六套不同性質之安全存取與身分鑑別機制,以達成無線射 頻辨識系統的技術開發完整性。吾人首先採取橢圓曲線加密法(Elliptic Curve Cryptosystems)建構了第一套身份辨識機制,該機制著重於讀取器使用者之隱私洩漏與行為軌跡追蹤等問題解析,其設計核心為利用一合法假名 (Legitimate Pseudonym)取代個體辨識碼(Identity),進而達到匿名通訊。第二套身份鑑別機制則採用了「低強度但易記憶」密碼作為加密金鑰基準,並利用一套交互鑑別 (Mutual Authentication)機制產生所需的會議金鑰(Session Key),該金鑰安全強度植基於Diffie-Hellman離散對數問題。近年來,由於智慧卡(Smart Card)的高度安全性、應用普及性與技術實用性,智慧卡鑑別系統已被廣泛應用於網路安全傳輸與日常生活中。為強化無線射頻辨識系統上的後端通訊,本計畫主持人提出了兩套 以智慧卡為基底的鑑別系統。首先,為追求較佳之系統效能,計畫主持人利用雜湊函數與簡易位元模組來設計出一套輕量級的身份鑑別機制,該方案成 功地達到適當且穩固的系統安全。再者,另一方案則採用一套動態識別機制(Dynamic ID)來達成遠端使用者的隱私防護,根據提出的安全與效能分析,該方法十分適用於無線射頻辨識應用與服務的後端通訊防護。最後,吾人更針對了現今網路應用中的多伺服器傳輸 架構與行動商務等兩大系統模型進行存取控制機制設計的可行性瞭解,並根據此二架構分別設計出一套安全身份鑑別機制。
於無線射頻辨識系統的前端通訊(讀取器與標籤間)上,本計畫主持人設計了四套性質相異之安全存取與身分鑑別機制。礙於無線射頻辨識標籤的低成 本限制,計畫主持人首先針對無線射頻辨識系統的前端通訊設計了兩套以低成本雜湊函數建構而成的身份鑑別協定,該雜湊函數的安全性與運算效率已 被證實於研究,該二方法分別採用了金鑰自動更新(Key Auto Update)、金鑰冗餘設計(Key Redundancy Design)與流程導向設計(Process-oriented Design)來確保前向安全(Forward Security)與阻絕攻擊防護(Resistance to De-synchronization)之存在,文中提出的安全與效能分析更證實了提出方法的實用性。近來,無線射頻辨識安全社群逐漸將研究重心轉移到「輕量且安全」的身 份鑑別機制設計,該概念主要採用極具運算效率的安全防護模組來設計一套介於讀取器與標籤間的安全通訊。有鑑於此,計畫主持人開發了一套符合 EPCGlobal組織標準的資訊存取控制機制,冀求提供目前實務界良好的規範參考。另一方面,計畫主持人更設計了一套極輕量 (Ultralightweight)身份鑑別機制,該機制中僅採用以位元為基準的運算模組,故其運算成本非常適用於低製造成本的無線射頻標 籤。由於無線射頻技術實務上的特殊應用需求,本計畫主持人提出了兩套標籤共存證明(Coexistance Proof)機制,其產生之證明將可提供於各無線射頻技術應用中的標籤共存之證據,進而降低各應用中的貨物交易與商品往來爭議。

Topic 4: NFC/RFID反碰撞訊號偵測協定設計之研究
此部分研究著重於RFID系統訊號傳輸之流程改進與效能提升,研究中利用資料堆疊概念與訊號特定點傳輸模式,來重新設計RF通道上的資料傳 送,並利用模擬方式證明協定效能之提升。本計畫主持人與其所帶領的團隊主要設計了數套適用於無線射頻系統的訊號碰撞解析機制,其中機制皆以傳 統的樹狀架構解析模式作為設計原則。主要的設計原理如下:先利用碰撞時的訊號探測,以了解目前訊號傳輸的狀況,再藉由自行設計的訊號碰撞管理 機制來做為下一次訊號探測的主要依據,藉此大量降低訊號傳輸成本。

研究主題:密碼學與網路安全 (Cryptography and Network Security)

Topic 1: 數位簽章設計
此領域中,本計畫主持人主要專注於以橢圓曲線運算為基礎的數位簽章運算輕量化設計,機制中去除了運算成本較高的雙線性映對(Bilinear Pairings)運算,並利用橢圓曲線密碼學中點加法運算的安全強度作為設計核心,使得在運算成本大幅下降的狀況下,仍可保留足夠的系統安 全強度,增加機制的實務可行性。最後,研究中並以HTC手機作為展示系統的實現平台,該展示系統證實了該研究所設計的數位簽章機制將可輕易地 在現今的行動設備上實現。

Topic 2: 身分鑑別機制設計與分析
此領域亦為本計畫主持人的主要研究領域之一,主要為針對不同的網路架構進行身分鑑別的客製化設計,以有效地達成系 統效率、運算輕量化與安全性。