Jinguo Li

Bio: Jinguo Li is an academic researcher from Shanghai University of Electric Power. The author has contributed to research in topics: Computer science & Encryption. The author has an hindex of 5, co-authored 22 publications receiving 136 citations. Previous affiliations of Jinguo Li include Shanghai University & Hunan University.

Group-Based Authentication and Key Agreement With Dynamic Policy Updating for MTC in LTE-A Networks

Abstract: Machine type communication (MTC) is an important mobile communication approach in the long-term evaluation-advanced (LTE-A) networks. To meet the MTC security requirements, the access authentication processing of MTC devices needs to follow the evolved packet system-authentication and key agreement (EPS-AKA), a protocol defined in the third generation partnership project (3GPP) standard. However, in the emergence of group-based communication scenarios, an independent authentication processing for each MTC device will cause signal congestion in the networks. In addition, the access-policy updating has always been an issue when constructing authentication schemes. In this paper, we propose a group-based AKA (GR-AKA) protocol with dynamic policy updating. Specifically, we choose an asynchronous secret share scheme combining with Diffie–Hellman key exchange scheme to implement distributed authentication and session key establishment in the LTE-A networks, and to achieve dynamic MTC-device access authority updating. Compared with other authentication protocols in the LTE-A networks, our method could not only authenticate several MTC devices simultaneously but also dynamically update the access-policy to control the access authority of MTC devices. Extensive analysis and experiment results have shown the efficiency and efficacy of proposed protocol.

HYBRID-CNN: An Efficient Scheme for Abnormal Flow Detection in the SDN-Based Smart Grid

Abstract: Software-Defined Network (SDN) can improve the performance of the power communication network and better meet the control demand of the Smart Grid for its centralized management. Unfortunately, the SDN controller is vulnerable to many potential network attacks. The accurate detection of abnormal flow is especially important for the security and reliability of the Smart Grid. Prior works were designed based on traditional machine learning methods, such as Support Vector Machine and Naive Bayes. They are simple and shallow feature learning, with low accuracy for large and high-dimensional network flow. Recently, there have been several related works designed based on Long Short-Term Memory (LSTM), and they show excellent ability on network flow analysis. However, these methods cannot get the deep features from network flow, resulting in low accuracy. To address the above problems, we propose a Hybrid Convolutional Neural Network (HYBRID-CNN) method. Specifically, the HYBRID-CNN utilizes a Deep Neural Network (DNN) to effectively memorize global features by one-dimensional (1D) data and utilizes a CNN to generalize local features by two-dimensional (2D) data. Finally, the proposed method is evaluated by experiments on the datasets of UNSW_NB15 and KDDCup 99. The experimental results show that the HYBRID-CNN significantly outperforms existing methods in terms of accuracy and False Positive Rate (FPR), which successfully demonstrates that it can effectively detect abnormal flow in the SDN-based Smart Grid.

Unknown Vulnerability Risk Assessment Based on Directed Graph Models: A Survey

Abstract: Nowadays, vulnerability attacks occur frequently. Due to the information asymmetry between attackers and defenders, vulnerabilities can be divided into known and unknown. Existing researches mainly focus on the risk assessment of known vulnerabilities. However, unknown vulnerabilities are more threatening and harder to detect. Therefore, unknown vulnerability risk assessment deserves the widespread attention. To model the exploit process, directed graph models are applied to vulnerability risk assessment. And security metrics are used to quantify the exploitability of vulnerabilities. In this paper, according to the data source of nodes, related works of unknown vulnerability risk assessment based on directed graph models are divided into two types. One is based on network-level data, the other is based on system-level data. The former is to visualize the network status, while the latter is to reflect the running process of the system. The concept and purpose of these directed graph models are given at first. Then, these models are analyzed from three aspects, including advantages, flaws and solutions. After that, challenges and solutions of unknown vulnerability risk assessment based on directed graph models are given. Meantime, security metrics for unknown vulnerability risk assessment based on directed graph models are summarized and classified. Finally, future work directions of unknown vulnerability risk assessment are discussed from the perspective of techniques and application trends. Consequently, this paper can fill in the lack of current survey on unknown vulnerability risk assessment based on directed graph models.

A Conditional Privacy-Preserving Certificateless Aggregate Signature Scheme in the Standard Model for VANETs

Abstract: Vehicular ad hoc networks (VANETs) are the communication foundation for future intelligent transportation systems and guarantee safe driving of intelligent networked vehicles. Moreover, VANETs face a series of security challenges related to the protection of vehicle privacy, authenticity of transmitted information, and bandwidth limitations. To resolve these contradictions, many certificateless aggregate signature (CLAS) schemes have been proposed. However, the majority of them can neither resist malicious-but-passive key generation center attacks, replay attacks, and link attacks, nor track the actual identities of malicious vehicles. Meanwhile, the security of previous CLAS schemes in VANETs is only formally provided in the random oracle model (ROM), which might be insecure in actual implementation. In addition, most CLAS schemes still have problems of large verification delays and high communication overhead. To address the above-mentioned problems, a new conditional privacy-preserving CLAS scheme in VANETs is proposed, which adopts full aggregation technology to reduce computation and bandwidth resources. According to the formal security proofs under the computational Diffie-Hellman problem (CDHP) given in the standard model (SM), the security level of this scheme is higher than that of other CLAS schemes under ROM in practical applications. Additionally, the use of pseudonym mechanism realizes conditional privacy protection in VANETs. The performance analysis shows that this scheme has a higher efficiency in terms of computation and communication overhead compared with several previous CLAS schemes.

An Accurate Ensemble Forecasting Approach for Highly Dynamic Cloud Workload With VMD and R-Transformer

Abstract: To efficiently manage the cloud resources, improve the quality of service, and avoid the violations of Service-Level Agreement (SLA) agreements, it is very important to make accurate forecast for cloud workload Prior works concerning cloud workload forecasting are mainly designed based on Recurrent Neural Networks (RNN) However, when it comes to a highly-dynamic cloud workload scenario where resource utilization changes faster and more frequently, these RNN-based methods are not effective in obtaining the linear and non-linear relationships and cannot give accurate forecast, because classic RNN has the problem of vanishing gradient To address this issue, we propose an Ensemble Forecasting Approach (EFA) for highly-dynamic cloud workload by applying Variational Mode Decomposition (VMD) and R-Transformer Specifically, to decrease the non-stationarity and high randomness of highly-dynamic cloud workload sequences, we decompose the workload into multiple Intrinsic Mode Functions (IMFs) by VMD The IMFs are then imported into our ensemble forecasting module based on R-Transformer and Autoregressive model, in order to capture long-term dependencies and local non-linear relationship of workload sequences The effectiveness and adaptability of proposed EFA is verified on real-world workload from Google and Alibaba cluster traces Moreover, the performance evaluation results show that the EFA performs higher forecasting accuracy than prior related works over various forecasting time lengths for highly-dynamic cloud workload

Security and Privacy in Device-to-Device (D2D) Communication: A Review

Abstract: Device-to-device (D2D) communication presents a new paradigm in mobile networking to facilitate data exchange between physically proximate devices. The development of D2D is driven by mobile operators to harvest short range communications for improving network performance and supporting proximity-based services. In this paper, we investigate two fundamental and interrelated aspects of D2D communication, security and privacy, which are essential for the adoption and deployment of D2D. We present an extensive review of the state-of-the-art solutions for enhancing security and privacy in D2D communication. By summarizing the challenges, requirements, and features of different proposals, we identify lessons to be learned from existing studies and derive a set of “best practices.” The primary goal of our work is to equip researchers and developers with a better understanding of the underlying problems and the potential solutions for D2D security and privacy. To inspire follow-up research, we identify open problems and highlight future directions with regard to system and communication design. To the best of our knowledge, this is the first comprehensive review to address the fundamental security and privacy issues in D2D communication.

Efficient and Secure Service-Oriented Authentication Supporting Network Slicing for 5G-Enabled IoT

Abstract: 5G network is considered as a key enabler in meeting continuously increasing demands for the future Internet of Things (IoT) services, including high data rate, numerous devices connection, and low service latency. To satisfy these demands, network slicing and fog computing have been envisioned as the promising solutions in service-oriented 5G architecture. However, security paradigms enabling authentication and confidentiality of 5G communications for IoT services remain elusive, but indispensable. In this paper, we propose an efficient and secure service-oriented authentication framework supporting network slicing and fog computing for 5G-enabled IoT services. Specifically, users can efficiently establish connections with 5G core network and anonymously access IoT services under their delegation through proper network slices of 5G infrastructure selected by fog nodes based on the slice/service types of accessing services. The privacy-preserving slice selection mechanism is introduced to preserve both configured slice types and accessing service types of users. In addition, session keys are negotiated among users, local fogs and IoT servers to guarantee secure access of service data in fog cache and remote servers with low latency. We evaluate the performance of the proposed framework through simulations to demonstrate its efficiency and feasibility under 5G infrastructure.

A Survey on Security Aspects for 3GPP 5G Networks

Abstract: With the continuous development of mobile communication technologies, Third Generation Partnership Project (3GPP) has proposed related standards with the fifth generation mobile communication technology (5G), which marks the official start of the evolution from the current Long Term Evolution (LTE) system to the next generation mobile communication system (5GS). This paper makes a large number of contributions to the security aspects of 3GPP 5G networks. Firstly, we present an overview of the network architecture and security functionality of the 3GPP 5G networks. Subsequently, we focus on the new features and techniques including the support of massive Internet of Things (IoT) devices, Device to Device (D2D) communication, Vehicle to Everything (V2X) communication, and network slice, which incur the huge challenges for the security aspects in 3GPP 5G networks. Finally, we discuss in detail the security features, security requirements or security vulnerabilities, existing security solutions and some open research issues about the new features and techniques in 3GPP 5G network.