Showing papers by "Xiaodong Lin published in 2012"

EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications

Abstract: The concept of smart grid has emerged as a convergence of traditional power system engineering and information and communication technology. It is vital to the success of next generation of power grid, which is expected to be featuring reliable, efficient, flexible, clean, friendly, and secure characteristics. In this paper, we propose an efficient and privacy-preserving aggregation scheme, named EPPA, for smart grid communications. EPPA uses a superincreasing sequence to structure multidimensional data and encrypt the structured data by the homomorphic Paillier cryptosystem technique. For data communications from user to smart grid operation center, data aggregation is performed directly on ciphertext at local gateways without decryption, and the aggregation result of the original data can be obtained at the operation center. EPPA also adopts the batch verification technique to reduce authentication cost. Through extensive analysis, we demonstrate that EPPA resists various security threats and preserve user privacy, and has significantly less computation and communication overhead than existing competing approaches.

Securing smart grid: cyber attacks, countermeasures, and challenges

Abstract: Smart grid has emerged as the next-generation power grid via the convergence of power system engineering and information and communication technology. In this article, we describe smart grid goals and tactics, and present a threelayer smart grid network architecture. Following a brief discussion about major challenges in smart grid development, we elaborate on smart grid cyber security issues. We define a taxonomy of basic cyber attacks, upon which sophisticated attack behaviors may be built. We then introduce fundamental security techniques, whose integration is essential for achieving full protection against existing and future sophisticated security attacks. By discussing some interesting open problems, we finally expect to trigger more research efforts in this emerging area.

A Dynamic Privacy-Preserving Key Management Scheme for Location-Based Services in VANETs

Abstract: In this paper, to achieve a vehicle user's privacy preservation while improving the key update efficiency of location-based services (LBSs) in vehicular ad hoc networks (VANETs), we propose a dynamic privacy-preserving key management scheme called DIKE. Specifically, in the proposed DIKE scheme, we first introduce a privacy-preserving authentication technique that not only provides the vehicle user's anonymous authentication but enables double-registration detection as well. We then present efficient LBS session key update procedures: 1) We divide the session of an LBS into several time slots so that each time slot holds a different session key; when no vehicle user departs from the service session, each joined user can use a one-way hash function to autonomously update the new session key for achieving forward secrecy. 2) We also integrate a novel dynamic threshold technique in traditional vehicle-to-vehicle (V-2-V) and vehicle-to-infrastructure (V-2-I) communications to achieve the session key's backward secrecy, i.e., when a vehicle user departs from the service session, more than a threshold number of joined users can cooperatively update the new session key. Performance evaluations via extensive simulations demonstrate the efficiency and effectiveness of the proposed DIKE scheme in terms of low key update delay and fast key update ratio.

BECAN: A Bandwidth-Efficient Cooperative Authentication Scheme for Filtering Injected False Data in Wireless Sensor Networks

Abstract: Injecting false data attack is a well known serious threat to wireless sensor network, for which an adversary reports bogus information to sink causing error decision at upper level and energy waste in en-route nodes. In this paper, we propose a novel bandwidth-efficient cooperative authentication (BECAN) scheme for filtering injected false data. Based on the random graph characteristics of sensor node deployment and the cooperative bit-compressed authentication technique, the proposed BECAN scheme can save energy by early detecting and filtering the majority of injected false data with minor extra overheads at the en-route nodes. In addition, only a very small fraction of injected false data needs to be checked by the sink, which thus largely reduces the burden of the sink. Both theoretical and simulation results are given to demonstrate the effectiveness of the proposed scheme in terms of high filtering probability and energy saving.

Exploiting prediction to enable Secure and Reliable routing in Wireless Body Area Networks

Abstract: In this paper, we propose a distributed Prediction-based Secure and Reliable routing framework (PSR) for emerging Wireless Body Area Networks (WBANs). It can be integrated with a specific routing protocol to improve the latter's reliability and prevent data injection attacks during data communication. In PSR, using past link quality measurements, each node predicts the quality of every incidental link, and thus any change in the neighbor set as well, for the immediate future. When there are multiple possible next hops for packet forwarding (according to the routing protocol used), PSR selects the one with the highest predicted link quality among them. Specially-tailored lightweight source and data authentication methods are employed by nodes to secure data communication. Further, each node adaptively enables or disables source authentication according to predicted neighbor set change and prediction accuracy so as to quickly filter false source authentication requests. We demonstrate that PSR significantly increases routing reliability and effectively resists data injection attacks through in-depth security analysis and extensive simulation study.

Morality-Driven Data Forwarding With Privacy Preservation in Mobile Social Networks

Abstract: Effective data forwarding is critical for most mobile social network (MSN) applications such as content distribution and information searching. However, it could severely be interrupted or even disabled when the privacy preservation of users is applied, because users become unrecognizable to each other, and the social ties and interactions are no longer traceable to facilitate cooperative data forwarding. Therefore, how we can enable efficient user cooperation in MSNs without intruding on user privacy is a challenging issue. In this paper, we address this issue by introducing social morality, which is a fundamental social feature of human society, to MSNs and accordingly design a three-step protocol suite to achieve both privacy preservation and cooperative data forwarding. First, the developed protocol adopts a novel privacy-preserving route-based authentication scheme that notifies a user's anonymized mobility information to the public. Second, it measures the proximity of the user's mobility information to a specific packet's destination and evaluates the user's forwarding capacity for the packet. Third, using a game-theoretical approach, it determines the optimal data-forwarding strategy according to users' morality level and payoff. Using analysis and examples, we show that the developed protocol suite can effectively protect user personal information such as identity and visited locations. Last, we conduct extensive trace-based simulations and show that the proposed protocol suite is effective for efficiently exploring the user cooperation and attain near-optimal performance in data forwarding.

PReFilter: An efficient privacy-preserving Relay Filtering scheme for delay tolerant networks

Abstract: Without direct path, information delivery in sparse delay tolerant networks (DTNs) typically relies on intermittent relays, making the transmission not only unreliable but also time consuming To make the matter even worse, the source nodes may transmit some encrypted “junk” information, similar as the spam emails in current mail systems, to the destinations; without effective control, the delivery of encrypted junk information would significantly consume the precious resource of DTN and accordingly throttle the network efficiency To address this challenging issue, we propose PReFilter, an efficient privacy-preserving relay filter scheme to prevent the relay of encrypted junk information early in DTNs In PReFilter, each node maintains a specific filtering policy based on its interests, and distributes this policy to a group of “friends” in the network in advance By applying the filtering policy, the friends can filter the junk packets which are heading to the node during the relay Note that the keywords in the filtering policy may disclose the node's interest/preference to some extent, harming the privacy of nodes, a privacy-preserving filtering policy distribution technique is introduced, which will keep the sensitive keywords secret in the filtering policy Through detailed security analysis, we demonstrate that PReFilter can prevent strong privacy-curious adversaries from learning the filtering keywords, and discourage a weak privacy-curious friend to guess the filtering keywords from the filtering policy In addition, with extensive simulations, we show that PReFilter is not only effective in the filtering of junk packets but also significantly improve the network performance with the dramatically reduced delivery cost due to the junk packets

LPDA: A lightweight privacy-preserving data aggregation scheme for smart grid

Abstract: Security and privacy are challenging issues in smart grid. Failure to address them will hinder the flourish of smart grid. In this paper, aiming at resolving the electricity consumption data security and residential user privacy, we proposed an efficient lightweight privacy-preserving aggregation scheme, called LPDA, for smart grid. The proposed LPDA is characterized by employing one-time masking technique to protect user's privacy while achieving lightweight data aggregation. Detailed security analysis has shown that the proposed LPDA scheme is robust against many security and privacy threats in smart grid. Furthermore, performance evaluation via extensive simulations demonstrates its efficiency in terms of low average aggregation delay.

EDR: An efficient demand response scheme for achieving forward secrecy in smart grid

Abstract: Compared with traditional power grid, smart grid has several distinguished features, i.e., distributed energy, large-capacity, robust to load fluctuations, and close consumer-grid interactions. Demand response is vital for smart grid, which is expected to save energy, maintain supply-demand balance, and reduce consumers' electricity bills. Meanwhile, it is paramount important to preserve consumers privacy and cyber security in smart grid. To tackle these challenging issues, in this paper, we propose an efficient demand response (EDR) scheme which utilizes the homomorphic encryption to achieve privacy-preserving demand aggregation and efficient response. Unlike existing schemes, the proposed EDR scheme can also achieve forward secrecy in addition to security features including confidentiality, authenticity and integrity. Extensive analysis demonstrates its security, and efficiency in terms of the computation and communication overhead.

SEER: A Secure and Efficient Service Review System for Service-Oriented Mobile Social Networks

Abstract: In this paper, we consider service-oriented mobile social networks (S-MSNs) and propose a Secure and Efficient service Review (SEER) system to enable user feedback. Each service provider independently maintains a SEER system for itself, which collects and stores user reviews about its services without requiring any central trusted authority. The service reviews can then be made available to interested users in making wise service selection decisions. We identify three unique service review attacks and then develop sophisticated security mechanisms for SEER to deal with these attacks. Specifically, SEER enables users to distributedly and cooperatively submit their reviews in an integrated chain form by using hierarchical and aggregate signature techniques. It discourages service providers to reject, modify or delete their reviews. The integrity of reviews is therefore improved. Through security analysis and performance evaluation, we show that SEER effectively resists the service review attacks and achieves significantly better performance in terms of submission rate and delay than a service review system that does not adopt user cooperation or the chain review structure.

Capillary machine-to-machine communications: the road ahead

Abstract: Machine-to-Machine (M2M) communications are expected to include billions of smart devices in the next three to five years. However, existing communication standards are incapable of providing satisfactory performance for M2M traffic. In this paper, we outline some advances that will enable existing wireless personal area networks, in conjunction with existing cellular communication standards, to be adapted to the needs of M2M traffic.

Enabling pervasive healthcare with privacy preservation in smart community

Abstract: Smart community is an emerging Internet of Things application. It supports a variety of high-value automated services such as pervasive healthcare through a multi-hop community network of smart homes in a local residential region. In this paper, we study privacy preserving data communication between patients and an online healthcare provider (referred to as vendor) for efficient remote healthcare monitoring (RHM) in a smart community environment. We adopt patients' attribute structures instead of their identities for authentication and preserve identity privacy during patient-to-vendor communication, and we build a receiver chain among smart homes to enable vendor-to-patient communication and achieve location privacy. The privacy preserving properties of the proposed data communication scheme are analyzed, and its effectiveness and efficiency are demonstrated through extensive simulations.

PDP: A Privacy-Preserving Data Provenance Scheme

Abstract: Data provenance, which records the history of the ownership of a document, as well as the actions performed on it, has received great attention in recent years. However, the privacy issue in data provenance has not been well investigated. In this paper, to simultaneously protect the security of data provenance and achieve user privacy preservation, we propose a new privacy-preserving data provenance (PDP) scheme. With the proposed PDP scheme, users can anonymously access the remoter servers and execute the secure provenance operations. Detailed security analysis demonstrates the security of the proposed PDP scheme, In addition, extensive efficiency analyses have also been conducted to examine its superior efficiency in terms of secure provenance storage and verification costs.

Towards hierarchical security framework for smartphones

Abstract: With powerful computing capability, plentiful functionality and advanced operating systems with flexible APIs, smartphones have become indispensable part of our daily lives. However, growing functionality, complexity and popularity of smartphones have also increased concerns about information security, and these concerns have been further exacerbated by rich third-party applications. In order to protect information security, significant research and standardizations efforts have been made in recent years. However, most of these activities focus on specific issues, which cannot mitigate negative effects as a whole. In this paper, we first introduce a common architecture of smartphones including main smartphone assets. Then we identify smartphone threats which are clustered into vulnerabilities and attacks. Based on the layered structure of smartphones, we propose a hierarchical security framework for smartphones including hardware security, operating system security, application security, user data security and communication security. Finally, we present the preliminary security solutions with regard to the security framework, and give future research direction.

A privacy-preserving proximity friend notification scheme with opportunistic networking

Abstract: Recently, smartphones have revolutionized mobile and pervasive computing around the world, and many smartphone-based applications have been developed to enrich our daily lives, such as location-based application which offers various useful services to its users based on users' current locations like Google Latitude. However, the attractive features of smartphone-based applications inevitably incur higher risks for abuse if such applications and services do not take security and privacy consideration into account prior to it being widely deployment. In this paper, to simultaneously find the proximity friends and protect smartphone users' identity privacy, we utilize the opportunistic networking to propose an efficient privacy-preserving proximity friend notification (PFN) scheme. Specifically, by combining the Bluetooth and 3G techniques of smartphones, a smartphone user can first send his privacy-preserving friend notification packet in a physical proximity area, then once a friend nearby receives and identifies the packet with opportunistic networking, the friend can directly phone back to the user. Detailed security analysis with provable security technique demonstrates the security of the proposed PFN scheme. In addition, extensive simulations have also been conducted to examine its effectiveness in terms of friend notification delay.

Towards a game theoretical modeling of rational collaborative spectrum sensing in Cognitive Radio networks

Abstract: Collaborative spectrum sensing has been proposed recently to improve the sensing performance in Cognitive Radio networks. However, cooperative sensing will also introduce extra cost to the collaborator, such as the cooperative time and energy consumption. In reality, whether the rational secondary users have incentive to join the collaboration depends upon whether the benefit of the collaboration could outweigh the cost. In this paper, we model it as the Cooperative Spectrum Sensing Game (CSSG). In this game, every secondary user could choose to collaborate or not in each time slot, and the payoff is measured in terms of data throughput. Since the effectiveness of collaboration is proportional to the number of the collaborators, secondary users' decisions are based on how many users will choose to collaborate. Thus, CSSG could be modeled as the classic game: the Stag Hunt Game. In addition, to avoid the cooperation failure, we propose Cooperative Communication Incentive Scheme (CCIS) to enhance the collaborative sensing. At last, the numerical analysis about CSSG as well as the proposed scheme CCIS is given.

Cross entropy based component carrier allocation in LTE-Advanced wireless communication system

Abstract: In order to achieve up to 1 Gbit/s peak data rate in the future IMT-Advanced mobile systems, carrier aggregation (CA) technique is introduced by the 3GPP to support higher data rate transmissions over wide frequency bandwidths (up to 100 MHz) in the LTE-Advanced (LTE-A) standards. This technical envisagement puts forward the new challenge in resource allocation. In this paper, we investigates the component carrier (CC) allocation in LTE-A system. We first separate the resource allocation into CC-, resource block (RB)- and power-allocation. Then, an optimization problem that maximizes system sum capacity with proportional fairness(PF) guarantee is formulated. To simplify the optimization problem, we present an approximate RB allocation approach and two alternative objective functions. A greedy algorithm for CC allocation (GACCA) with low computational complexity is presented to solve the simplified optimization problem. To further improve the quality of solution, we introduce cross entropy method into GACCA. Numerical simulations verify the efficiency of the proposed algorithm.

A secure message delivery scheme with path tracking for delay tolerant networks

Abstract: In delay tolerant networks (DTNs), message delivery is operated in an opportunistic way through store-carry and forward relaying, and every DTN node is in anticipation of cooperation for data forwarding from others. Unfortunately, there always exist some selfish nodes that are reluctant to contribute to this cooperative data forwarding procedure so as to save their valuable storage buffer, limited computation power and precious energy. In order to stimulate nodes' willingness to participate in data forwarding, a number of incentive schemes have been proposed recently. However, most existing incentive schemes simply ignore efforts of nodes involved in message delivery if messages delivered fail to reach their destinations. Due to the nature of DTN, such as intermittent connectivity, it is not unusual to have unreliable message delivery, which results in unrewarded or wasted efforts for participating nodes and may discourage them from participating in future data forwarding. Therefore, it is crucial to recognize contribution of every node involved in a data forwarding procedure even the message it helps to forward doesn't successfully reach its destination. However, how to track all delivery paths so as to give every intermediate node some incentive for their cooperative efforts of data forwarding is still an open research problem. To address this problem, we propose a secure message forwarding scheme with path tracking. The proposed method is end-to-end secure with data source and identity authentication. In addition, it can thwart some well known attacks including edge inserting attack, sibling inserting attack and free riding attack.

Towards addressing group selfishness of cluster-based collaborative spectrum sensing in cognitive radio networks

Abstract: Collaborative spectrum sensing has been recognized as a promising way to ameliorate the sensing performance in cognitive radio networks. Unfortunately, it also introduces some system overhead to users, and as a result some selfish secondary users might be unwilling to contribute to collaborative spectrum sensing. In this paper, we propose a new selfishness model in cluster-based collaborative spectrum sensing, which is referred to Overclaim Selfishness (OS). An OS group may gain benefit by sharing nominally equal but actually much less sensing reports than it declares. To deal with this problem, we propose an Overclaim Selfishness Detection Scheme (OSDS) to detect the potential OS groups. We find that a single secondary user tends to have one special type of sensing reports correlated with his physical location, thus the cluster number estimated by OSDS should be no much less than the number of users the group contains. Further, we adopt an incentive scheme to stimulate rational groups to behave honestly. Finally, a real world experiment is adopted to demonstrate the effectiveness of our proposed scheme OSDS.

Organizing Committee General Co-chairs

Abstract: Programming Committee Bin Dai, Huazhong University of Science and Technology, China Wanchun Dou, Nanjing University, China Yong Guan, Iowa State University, USA Sghaier Guizani, Alfaisal University, Saudi Arabia Song Guo, University of Aizu, Japan Honggang Hu, University of Science and Technology of China, China Lucas Hui, The University of Hong Kong, Hong Kong Yuming Jiang, Norwegian University of Science and Technology, Norway Rajgopal Kannan, Louisiana State University, USA Xiaodong Lin, University of Ontario Institute of Technology, Canada Abderrezak Rachedi, University Paris-Est Marne-la-Vallee, France Lei Shu, Osaka University, Japan Fabio Soldo, University of California, Irvine, USA Jilong Wang, Tsinghua University, China Yi Xie, Sun Yat-Sen University, China Xiang Yang, Deakin University, Australia Xun Yi, Victoria University, Australia Guofeng Zhao, Chongqing University of Posts and Telecommunication, China Jun Zhang, Deakin University, Australia Liang Zhou, Nanjing University of Posts and Telecommunications, China Shijie Zhou, University of Electronic Science and Technology of China, China Haojin Zhu, Shanghai Jiaotong University, China