Yu-Fang Chung

Tunghai University, 臺中市, Taiwan, Taiwan

Are you Yu-Fang Chung?

Claim your profile

Publications (51)53.52 Total impact

  • Yu-Fang Chung
    [Show abstract] [Hide abstract]
    ABSTRACT: In regard to the communication security of open networks, authenticated key management agreements are able to provide confidentiality, integrity, and verification so as to establish a more secure and fair digital rights management mechanism. For this reason, this paper, aiming at authentication key management agreements, tends to provide a security study on the application of authentication key management agreements, covering the establishment, analysis, design, security study, and performance optimization in various environments. Based on present public key schemes, such as public key cryptography, identity-recognized cryptography, and undocumented cryptography, it aims to establish an authenticated key management agreement suitable for various application environments. Using the one-way transmission in identity-recognized cryptography or undocumented cryptography for formulating practical and effective security models, it tends to establish the one-way authentication key agreement for both parties. Based on the design of single authentication key, an authentication key agreement for the undocumented public key cryptography is proposed to design a security model for the secure and high-efficiency undocumented two-party authentication key agreement. Under random oracle model and standard model, the security of the undocumented two-party authentication key agreement is authenticated. Furthermore, aiming at the computational efficiency, communication efficiency, and key exchange frequency of group key management agreements, this paper aims to propose a method for dynamic membership. Besides, regarding the secure communication environment in different application backgrounds, such as the network applications of Grid, P2P, and ad-hoc, it would propose practical group key agreements for networks and multi-node communications to promote the security of group key management and to facilitate the computation of agreements and the optimization of communications. Copyright
    No preview · Article · Nov 2014 · Security and Communication Networks
  • Yu-Fang Chung · Tzer-Shyong Chen · Tzer-Long Chen
    [Show abstract] [Hide abstract]
    ABSTRACT: The study presents a threshold signature scheme. While developing threshold cryptography, the concept of threshold signature can accomplish a tradeoff between efficiency in use and dependability of security. The presented threshold signature scheme can resist conspiracy attack by controlling the right of issuing group signature, and the performance of constructing group signature is also enhanced by simplifying keys.
    No preview · Article · Nov 2014 · Applied Mathematics & Information Sciences
  • Yu-Fang Chung · Tsung-Chih Hsiao · Shu-Chen Chen
    [Show abstract] [Hide abstract]
    ABSTRACT: A lot of manufacturers tend to enhance the management efficacy and reduce the management costs by investing large resources in the research and development of radio frequency identification (RFID). For petrochemical industry, an effective, reliable, and secure patrol management system is primary. Nevertheless, traditional patrol management focuses on labor patrol that the field staff master in the corrosion, leakage, and pipe aging of production equipment. Although equipment inspection and patrol items are scheduled every day, some problems still need to be overcome. After completing traditional patrol tasks, extra time and manpower are required for organizing the patrol records and filling them into electronic document. In the process, it is likely to key in wrong data because of the numerous patrol items. Apparently, without systematic management, supervisors and shift leaders can hardly find out data errors and analyze the abundant data for complete risk evaluation and process security improvement. An RFID-based patrol management system suitable for petrochemical industry is proposed in this study. The system corresponds to the field environment requirements and regulations for petrochemical plants, integrates operation procedure and information procedure, and evaluates and includes various dimensions and variables through interviews and technological analyses to enhance the process security. Active processing equipment monitoring could enhance the preventive maintenance efficiency and promote the production capacity and industrial competitiveness.
    No preview · Article · Nov 2014 · Wireless Personal Communications
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes an English auction protocol to preserve a secure, fair, and effective online auction environment, where the operations are integrated with mobile agent technology for bidders participating in online auctions. The protocol consists of four participants, namely, registration manager, agent house, auction house, and bidder.
    Preview · Article · May 2014 · Journal of Applied Mathematics
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Flexibility testing is one of the most important fitness assessments. It is generally evaluated by measuring the range of motion (RoM) of body segments around a joint center. This study presents a novel assessment of flexibility in the microcirculatory aspect. Eighteen college students were recruited for the flexibility assessment. The flexibility of the leg was defined according to the angle of active ankle dorsiflexion measured by goniometry. Six legs were excluded, and the remaining thirty legs were categorized into two groups, group H (n = 15 with higher flexibility) and group L (n = 15 with lower flexibility), according to their RoM. The microcirculatory signals of the gastrocnemius muscle on the belly were monitored by using Laser-Doppler Flowmetry (LDF) with a noninvasive skin probe. Three indices of nonpulsatile component (DC), pulsatile component (AC) and perfusion pulsatility (PP) were defined from the LDF signals after signal processing. The results revealed that both the DC and AC values of the group H that demonstrated higher stability underwent muscle stretching. In contrast, these indices of group L had interferences and became unstable during muscle stretching. The PP value of group H was a little higher than that of group L. These primary findings help us to understand the microcirculatory physiology of flexibility, and warrant further investigations for use of non-invasive LDF techniques in the assessment of flexibility.
    Preview · Article · Dec 2013 · Sensors
  • Source
    Yu-Fang Chung · Chia-Hui Liu
    [Show abstract] [Hide abstract]
    ABSTRACT: The problem of an ageing population has become serious in the past few years as the degeneration of various physiological functions has resulted in distinct chronic diseases in the elderly. Most elderly are not willing to leave home for healthcare centers, but caring for patients at home eats up caregiver resources, and can overwhelm patients' families. Besides, a lot of chronic disease symptoms cause the elderly to visit hospitals frequently. Repeated examinations not only exhaust medical resources, but also waste patients' time and effort. To make matters worse, this healthcare system does not actually appear to be effective as expected. In response to these problems, a wireless remote home care system is designed in this study, where ZigBee is used to set up a wireless network for the users to take measurements anytime and anywhere. Using suitable measuring devices, users' physiological signals are measured, and their daily conditions are monitored by various sensors. Being transferred through ZigBee network, vital signs are analyzed in computers which deliver distinct alerts to remind the users and the family of possible emergencies. The system could be further combined with electric appliances to remotely control the users' environmental conditions. The environmental monitoring function can be activated to transmit in real time dynamic images of the cared to medical personnel through the video function when emergencies occur. Meanwhile, in consideration of privacy, the video camera would be turned on only when it is necessary. The caregiver could adjust the angle of camera to a proper position and observe the current situation of the cared when a sensor on the cared or the environmental monitoring system detects exceptions. All physiological data are stored in the database for family enquiries or accurate diagnoses by medical personnel.
    Preview · Article · Dec 2013 · Sensors
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the rapid development of the Internet, many users start to take action putting personal or company information on it, and share with everyone. The Internet is public as it were, if we do not control its limit of authority to assure security, it's possible that those attackers do illegal access of important information and destroy them. Not only personal privacy is invaded, but the mass property damage. Therefore, effective access control system has been more and more emphasized these days. To fight against these network attacks, it is necessary to establish an effective and safe access control system; here we proposed a scheme, a key management which called Lagrange interpolation mainly takes access control model as framework, and use Elliptic Curve Cryptography system to enhance security. The fact we choose Lagrange interpolation is the key we use is randomized, no relationship between each key, so is relatively hard. As Elliptic Curve Cryptography system, we want attackers to encounter Elliptic Curve Discrete Logarithm Problem. Once the prime number is big enough, attackers will have trouble deciphering the key. Access control is so comprehensive, such as electronic documents, online television system sand wireless networks and so on, from previous literature; mobile agent technology applied in access control and key management would waste space and do exist some flaws in security, also we still have a lot of works to do on medical application. Hence, we propose these schemes in mobile agent in order to reach improvement, and then analyze of security and try to simulate what attackers will do. We conclude four common attacks: External Collective Attack, Internal Attack, Collusion Attacks and Equation Breaking Attack. As results, attackers are hard to decipher the key because of no relationship between each key and will face Elliptic Curve Discrete Logarithm Problem. We confirm that the proposed schemes can be more efficiently and safety to protect mobile ag- nt.
    No preview · Conference Paper · Oct 2013
  • Sung-Chiang Lin · Charlotte Wang · Zhen-Yu Wu · Yu-Fang Chung
    [Show abstract] [Hide abstract]
    ABSTRACT: Class imbalanced classifications are important issues in machine learning since class imbalanced problems usually happen in real applications such as intrusion detection, medical diagnostic/monitoring, oil-spill detection, and credit card fraud detection. It is hard to identify rare events correctly if a learning algorithm is just established based on optimal accuracy, as all samples will be classified into the major group. Many algorithms were proposed to deal with class imbalance problems. In this paper, we focus on MICE algorithm proposed by [15] and improve the algorithm by choosing the optimal threshold based on the posterior probabilities. In addition, we illustrate the reason why the logistic transformation works in MICE. The empirical results show that choosing the optimal threshold vis posterior probabilities can improve the performance of the MICE algorithm.
    No preview · Conference Paper · Jul 2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the development of information technology and medical technology, developed countries have been establish organization to set standard for electronic medical records in response to new generation and information on the application, they gradually develop emerging medical information exchange mode, Personal Health Records (PHR). PHR can integrate different kind of personal health records. With the Internet or portable device, PHR offers the integrity and accuracy personal health and medical records. Through electronic medical records, we can evaluate the quality of medical care, provide continued care to patients, promote the medical efficiency and increase the accuracy of medical diagnosis. To implement PHR system in Cloud computing environment, we can decrease the cost of managing the infrastructure, and speed up dynamic resource adjustment based on the situation of the changes in client's demand and other advantages. However, it also brings new challenges. It is important to users to assure information security in Cloud environment, so this paper provides efficient and safe access management mechanism to solve PHR implement on Cloud environment's security problem. The information security being threatened in the Cloud may lead to the collapse of medical care, loss of personal data or other serious consequence. Finally, this paper provides new PHR access control mechanism built in Cloud environment with Bilinear Pairing. It provides users with a safe and efficient dynamically access PHR information mechanism. As a result from reserach, through access control scheme, it can withstand equation attack, external attack reverse attack perfectly in Cloud computing environment.
    No preview · Conference Paper · Jan 2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: A lot of manufacturers tend to enhance the management efficacy and reduce the management costs by investing large resources in the research and development of RFID. For petrochemical industry, an effective, reliable, and secure patrol management system is primary. Nevertheless, traditional patrol management focuses on labor patrol that the field staff master in the corrosion, leakage, and pipe aging of production equipment. Although equipment inspection and patrol items are scheduled every day, some problems still need to be overcome. After completing traditional patrol tasks, extra time and manpower are required for organizing the patrol records and filling them into electronic document. In the process, it is likely to key in wrong data because of the numerous patrol items. Apparently, without systematic management, supervisors and shift leaders can hardly find out data errors and analyze the abundant data for complete risk evaluation and process security improvement. An RFID-based patrol management system suitable for petrochemical industry is proposed in this study. The system corresponds to the field environment requirements and regulations for petrochemical plants, integrates operation procedure and information procedure, and evaluates and includes various dimensions and variables through interviews and technological analyses to enhance the process security. Active processing equipment monitoring could enhance the preventive maintenance efficiency and promote the production capacity and industrial competitiveness.
    No preview · Conference Paper · Jan 2013
  • Yu-Fang Chung · Zhen-Yu Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Under the presupposition of security, privacy and transparency, electronic voting is regarded as the next prospective development in of electoral evolution, yet it fails to command people's trust for the unsolved problems of bribery and coercion. Coercers and bribers can utilize various verification behaviors to determine their voter manipulation by confirming whether or not a voter complied with their instructions, which is making all voting systems vulnerable. Existing published methods have been inadequate because either those emphasizing practicality have not been able to achieve effective protection due to their overtly simple protection method, or others that emphasize on theories have been difficult to put into practice due to the complicated protection method devised. In this study, we propose an efficient and secure e-voting scheme that employs the password property to form a trapdoor for protecting ballot secrecy and hence withstand verification behaviors. The designed scheme could enhance the overall volition of participating in voting, as it corresponds to the three elements of information security and integrates with the required security for electronic voting, such as verifying the identity of voters and the anonymity of voting to prevent voters from being coerced and bribed, the volition of not being controlled by external factors and the scheme being able to be operated on different computers, portable devices or different platforms.
    No preview · Article · Oct 2012 · The Computer Journal
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This work presents a hierarchical security model for controlling access re-quests in an information-protected system based on the Newton's interpolation polyno-mial. Users are partially sorted by priority, to form a hierarchical user-organization. The model is used not only to control the access requests but also to simplify and im-prove security efficiently. The application of polynomials to the key generation algorithm simplifies problems into linear joint equations, and so enhances performance. As such, several immediate predecessors are allowed to restore the unique polynomial for deter-mining a shared immediate successor's key using individual key, respectively. That is, immediate predecessors can have common authority over the same immediate successors at minimum parameter storage cost.
    Preview · Article · Sep 2012 · International journal of innovative computing, information & control: IJICIC
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Rapid development of data processing systems has made digital signatures an essential application. A digital signature basically associates a signer with the mes-sage. Its important characteristics are easy verification, unforgeability and undeniability. However, conventional digital signature schemes generally consider only single signer situations; this is impractical, because the authorized signatory in the business world is generally composed of signatures of several people. Therefore, to enable co-signatories on a document, several group signature schemes are hereby proposed in this paper, including threshold group signature, anonymous ring signature, and group signature that incor-porates ring signature technology. Since the aforementioned signature schemes are all based on Elliptic Curve Cryptosystem (ECC), they have short key size, low computation load, and little bandwidth requirement. Therefore, all the above schemes are consider-ably efficient. Finally, analyses are carried out to prove that the proposed schemes can withstand signature forgery attack and are signer undeniable, and thus meet the security requirements.
    Preview · Article · Apr 2012 · International journal of innovative computing, information & control: IJICIC
  • [Show abstract] [Hide abstract]
    ABSTRACT: Protocols of user authentication are able to ensure the security of data transmission and users' communication over insecure networks. Among various authenticated mechanisms run currently, the password-based user authentication, because of its efficiency, is the most widely employed in different areas, such as computer networks, wireless networks, remote login, operation systems, and database management systems. Even as password is endowed with the property of simple and human memorable, for which causes such an attack of brute force, for example, the previous works often suffer off-line password guessing attack. Therefore, an ameliorative password-based authentication scheme is proposed in this paper, achieving to resist off-line password guessing attacks, replay attacks, on-line password guessing attacks, and ID-theft attacks. In light of security, the proposed scheme is provided with good practicability, even over insecure network.
    No preview · Conference Paper · Mar 2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Due to the maturity of e-commerce and the ability of mobile agents to mi-grate freely in heterogeneous networks, mobile agents have become very popular for e-commerce applications in the distributed networks. However, once a user applies a mo-bile agent to execute his task on the Internet, the mobile agent exposes itself to danger. This is an obstacle when using mobile agents. It is, therefore, urgent to build up a secure structure for mobile agents. In this paper, a new structure is suitable for mobile agents on the basis of improving the tree-based scheme. In the novel structure, the concept of access control and a key assignment scheme are used to ensure the privacy of the data being transmitted. To convenient the computation in the key generation phase, we use the ID-based characteristics in bilinear pairings over elliptic curves to construct a hier-archical key management scheme. Moreover, the concept of time sensitive is integrated into our scheme, which ensures our scheme more secure and more efficient. Finally, from our security analysis, the new scheme should be able to resist malicious attacks, promote the key management efficiency and protect mobile agents.
    Preview · Article · Dec 2011 · International journal of innovative computing, information & control: IJICIC
  • [Show abstract] [Hide abstract]
    ABSTRACT: The rapid rise and development of the internet has made digitization of our everyday life common. E-medicine, including electronic prescription records, electronic prescriptions, diagnosis information systems, and others are now being regarded as future trends. As development on the structure and format of electronic patient records and prescriptions matures, the implementation of a comprehensive medical information system is imperative, one which is constructed from integrating the various electronic information systems that is being developed. It is important to allow the implementation of such a system applicable to the present medical environment, which facilitates the integration of electronic patient record from all levels of medical centers and clinics, secures the transmission of these integrated patient records between them, enables the combined use of electronic prescriptions with patients' medications, and permits anonymous or confidential transmission of patients' private data. To put the ideas into practice, in this study, we would like to propose an Integrated Medical Information System.
    No preview · Article · Nov 2011 · Journal of Medical Systems
  • Source
    Tzer-Long Chen · Yu-Fang Chung · Frank Y S Lin
    [Show abstract] [Hide abstract]
    ABSTRACT: In the current environment, there are only a limited number of third-parties that general users can trust in terms of authentication and verification. Often, the self-acclaimed independent third-parties are the parties from where information outflow occurs. While current public key encryption systems have numerous algorithms that have been protecting confidential data for several years, these systems are often met with hardware difficulties for information protection on the Internet and commercial applications. In order to meet the various needs of the environment, often several cryptography modules are combined or merged to achieve the effect of covering each others' deficiencies. This is a very common practice. The proposed method in this article is applicable for preventing information outflow with the introduction of third parties during a bi-party communication, in circumstances where bi-party communication is met with network environment difficulties, and also when the third party is not a trusted controller, or there are no controllers at all. While current systems operate on the back of trusted third-party administrators as is a common security mechanism for managing the public key and confidential data, often even with management, there are still probabilities of insecurity that threaten system security on the whole. To prevent this and also adapt to environment needs, the proposed method combines the grey system theory with the ECC method. This 2 method can verify the credibility of senders' identity when the legitimate third party is no longer trusted, thus preventing malicious third-party intrusions. The concept of this method is based on the well-known Digital Signature Algorithm (DSA) concept from which the Diffie-Hellman Key Agreement mechanism is derived to manage a common conference key in a mutual communication agreement. When the user can communicate mutually between themselves without the need for a third-party intermediary, the solution to intervention and theft of confidential data by third-parties becomes plausible. With flexibility in calculation, one can set his/her access protocol for the modules to confuse malicious users and increase the difficulty of acquiring the keys illegally. In addition, by combining the ECC public key system, with ECC's short and low computational properties, the proposed method improves on the encryption and decryption operation efficiency. This method is thus a system set to establish a secure and efficient conference key system by combining the properties of the ECC public key system with the grey system theory.
    Preview · Article · Oct 2011 · International journal of innovative computing, information & control: IJICIC
  • [Show abstract] [Hide abstract]
    ABSTRACT: Rapid development of the Internet and the extensive use of mobile phones have increased demand for mobile devices in Internet auctions. This trend is acting as an incentive to develop an auction model for mobile-based environment. Recently, Kuo-Hsuan Huang proposed a mobile auction agent model (MoAAM), which allows the bidders to participate in online auctions through a mobile agent. He used modular exponentiation operations in his method. As a result, the processing time for key generation, bidding, and verification were long. Thus, we propose to add the concept of Elliptic Curve Cryptosystem (ECC) onto MoAAM, because ECC has low computation amount and small key size, both of which will aid to increase the speed in generating keys, bidding, and verification. In terms of reduction of computation load on mobile devices and auction-manager server, the proposed method will make online auction system more efficient as well as more convenient to use. This paper mainly uses the English auction protocol as the key auction protocol. The protocol consists of four entities: Registration Manager (RM), Agent House (AH), Auction House (AUH), and Bidders (B). The Registration Manager registers and verifies Bidder identity. The Agent House manages the agents and assigns public transaction keys to Bidders. The Auction House provides a place for auction and maintains all necessary operations for a smooth online auction. Bidders are buyers who are interested in purchasing items at the auction. Our proposed method conforms to the requirements of an online auction protocol in terms of anonymity, traceability, no framing, unforgetability, non-repudiation, fairness, public verifiability, unlinkability among various auction rounds, linkability within a single auction round, efficiency of bidding, one-time registration, and easy revocation.
    No preview · Article · Aug 2011 · Expert Systems with Applications
  • [Show abstract] [Hide abstract]
    ABSTRACT: Different patient-related information in medical organizations is the primary reference for medical personnel diagnosing, treating, and caring patients. With the rapid development of information technology, paper-based medical records have gradually been changed to electronic forms. However, different medical organizations present individual system specifications and data-saving formats so that the medical information of the same patient cannot be exchanged, shared, and securely accessed. In order not to largely change the present medical information systems as well as not to increase abundant costs, Virtual Integrated Medical-information Systems (VIMS) is proposed to assist various hospitals in information exchange. Furthermore, with Mobile Agent, the dispersed medical information can be securely integrated. It presents confidentiality, non-repudiation, source authentication, and integrity in network transmission. Virtual Integrated Medical-information Systems (VIMS) is a virtual electronic integration system combined with Mobile Agent technology. With the features of independence, adaptability, mobility, objectives, and autonomy, Mobile Agent is applied to overcome the problems from heterogeneous systems. With the features, the over-dispersed medical records can be integrated. Moreover, Mobile Agent can ensure the instantaneity and usability of medical records from which doctors can make the most appropriate evaluation and diagnoses. It will avoid the waste of medical resources, such as repetition medication, as well as become the reference of further consultation or health check. Not only can it improve the medical care quality, but it can be provided for medical research.
    No preview · Article · Jun 2011 · Journal of Medical Systems
  • Source
    Tzer-Long Chen · Yu-Fang Chung · Frank Y S Lin
    [Show abstract] [Hide abstract]
    ABSTRACT: Changes in global population and demography, and advances in medicine have led to elderly population growth, creating aging societies from which elderly medical care has evolved. In addition, with the elderly susceptible to chronic diseases, this together with the changing lifestyles of young adults have not only pushed up patient numbers of chronic diseases, but also effected into younger patients. These problems have become the major focus for the health care industry. In response to patient demand and the huge shortage of medical resources, we propose remote healthcare medical information systems that combine patient physiological data acquisition equipment with real-time health care analyses. Since remote health care systems are structured around the Internet, in addition to considering the numerous public systems spread across insecure heterogeneous networks, compatibility among heterogeneous networks will also be another concern. To address the aforementioned issues, mobile agents are adopted. With a mobile agent's characteristics of easy adaptability to heterogeneity and autonomy, the problem of heterogeneous network environments can be tackled. To construct a hierarchical safe access control mechanism for monitoring and control of patient data in order to provide the most appropriate medical treatment, we also propose to use the Chinese Remainder Theorem and discrete logarithm to classify different levels of monitoring staff and hence, to grant permission and access according to their authorized levels. We expect the methods proposed can improve medical care quality and reduce medical resource wastage, while ensuring patient privacy. Finally, security analysis of the system is conducted by simulating a variety of typical attacks, from which it can be concluded that the constructed remote healthcare information system be secure.
    Preview · Article · Apr 2011 · Journal of Medical Systems

Publication Stats

337 Citations
53.52 Total Impact Points

Institutions

  • 2002-2014
    • Tunghai University
      臺中市, Taiwan, Taiwan
  • 2008-2009
    • Chaoyang University of Technology
      臺中市, Taiwan, Taiwan
  • 2004-2006
    • National Taiwan University
      • Department of Electrical Engineering
      T’ai-pei, Taipei, Taiwan
  • 2003
    • Da-Yeh University
      • Department of Computer Science and Information Engineering
      Chang-hua Pei-pu, Taiwan, Taiwan