Multimedia transactions between vehicles are expected to become a promising application in VANETs but security is a fundamental issue that must be resolved before such transactions can become practical and trusted. Existing certificate-based digital signature schemes are ineffective for ensuring the security of multimedia transactions in VANETs. This ineffectiveness exists because there is no guarantee that (1) vehicles can download the latest certificate revocation lists or that (2) vehicles can complete a multimedia transaction before leaving their communication range. These two problems result, respectively, from a lack of infrastructure and from the inconsistent connectivity inherent in VANETs. In this paper, we propose a digital signature approach that combines a certificateless signature scheme and short-lived public keys to alleviate these problems. We then propose a security protocol that uses the proposed signature approach for multimedia transactions between vehicles. The proposed protocol enables vehicles to trade in multimedia resources without an online trust authority. We provide an analytical approach to optimizing the security of the proposed protocol. The security and performance of our protocol are evaluated via simulation and theoretical analysis. Based on these evaluations, we contend that the proposed protocol is practical for multimedia transactions in VANETs in terms of security and performance.

In the contention access period (CAP) of IEEE 802.15.4 beacon-enabled mode, collision probability increases, and network performance decreases as the number of contending devices increases. In this paper, we propose an enhanced contention access mechanism (ECAM) to reduce the collision probability in low rate -- wireless personal area networks (LR-WPANs). In ECAM, since the duration of each CAP is divided into multiple sub-CAPs, the number of devices contending for frame transmissions in each sub-CAP can be reduced by approximately one over the number of sub-CAPs. Further, this lowers the probability of collision due to two or more simultaneous frame transmissions. In addition, since ECAM shortens the channel access duration of devices, devices with ECAM have lower power consumption. To compare the performance of ECAM with that of the IEEE 802.15.4 standard, we carry out extensive simulations. The results show that ECAM yields better performance than the IEEE 802.15.4 standard, especially for dense networks with a heavy traffic load.

We demonstrate how Hsiang and Shih's authentication scheme can be compromised and then propose an improved scheme based on the Rabin cryptosystem to overcome its weaknesses. Furthermore, we discuss the reason why we should use an asymmetric encryption algorithm to secure a password-based remote user authentication scheme using smart cards. We formally prove the security of our proposed scheme using the BAN logic.

Kim and Chung previously proposed a password-based user authentication scheme to improve Yoon and Yoo's scheme. However, Kim and Chung's scheme is still vulnerable to an offline password guessing attack, an unlimited online password guessing attack, and server impersonation. We illustrate how their scheme can be compromised and then propose an improved scheme to overcome the weaknesses. Our improvement is based on the Rabin cryptosystem. We verify the correctness of our proposed scheme using the BAN logic.

With the rapid merger of healthcare business and information technology, more healthcare institutions and medical practices are sharing information. Since these records often contain patients' sensitive personal information, Healthcare Information Systems (HISs) should be properly designed to manage these records in a secure manner. We propose a novel security design for the HIS complying with the security and privacy rules. The proposed system defines protocols to ensure secure delivery of medical records over insecure public networks and reliable management of medical record in the remote server without incurring excessive costs to implement services for security. We demonstrate the practicality of the proposed system through a security analysis and performance evaluation.