Showing papers by "Xiaodong Lin published in 2019"

Efficient and Privacy-Preserving Carpooling Using Blockchain-Assisted Vehicular Fog Computing

Abstract: Carpooling enables passengers to share a vehicle to reduce traveling time, vehicle carbon emissions, and traffic congestion. However, the majority of passengers lean to find local drivers, but querying a remote cloud server leads to an unnecessary communication overhead and an increased response delay. Recently, fog computing is introduced to provide local data processing with low latency, but it also raises new security and privacy concerns because users’ private information (e.g., identity and location) could be disclosed when these information are shared during carpooling. While they can be encrypted before transmission, it makes user matching a challenging task and malicious users can upload false locations. Moreover, carpooling records should be kept in a distributed manner to guarantee reliable data auditability. To address these problems, we propose an efficient and privacy-preserving carpooling scheme using blockchain-assisted vehicular fog computing to support conditional privacy, one-to-many matching, destination matching, and data auditability. Specifically, we authenticate users in a conditionally anonymous way. Also, we adopt private proximity test to achieve one-to-many proximity matching and extend it to efficiently establish a secret communication key between a passenger and a driver. We store all location grids into a tree and achieve get-off location matching using a range query technique. A private blockchain is built to store carpooling records. Finally, we analyze the security and privacy properties of the proposed scheme, and evaluate its performance in terms of computational costs and communication overhead.

Anonymous Reputation System for IIoT-Enabled Retail Marketing Atop PoS Blockchain

Abstract: Industrial Internet of Things (IIoT) is revolutionizing the retail industry for manufacturers, suppliers, and retailers to improve operational efficiency and consumer experience. In IIoT-enabled retail marketing, reputation systems play a critical role to boost mutual trust among industrial entities and build consumer confidence. In this paper, we focus on reputation management in the consumer–retailer channel, where retailers can accumulate reputations from consumer feedbacks. To encourage consumers to post feedbacks without worrying about being tracked or retaliated, we propose an anonymous reputation system that preserves consumer identities and individual review confidentialities. To increase system transparency and reliability, we further exploit the tamper-proof nature and the distributed consensus mechanism of the blockchain technology. With system designs based on various cryptographic primitives and a Proof-of-Stake consensus protocol, our blockchain-based reputation system is more efficient to offer high levels of privacy guarantees compared with existing ones. Finally, we explore the implementation challenges of the blockchain-based architecture and present a proof-of-concept prototype system by Parity Ethereum. We measure the on/off -chain performance with the scalability discussion to demonstrate the feasibility of the proposed system.

Enabling Efficient and Geometric Range Query With Access Control Over Encrypted Spatial Data

Abstract: As a basic query function, range query has been exploited in many scenarios such as SQL retrieves, location-based services, and computational geometry Meanwhile, with explosive growth of data volume, users are increasingly inclining to store data on the cloud for saving local storage and computational cost However, a long-standing problem is that the user’s data may be completely revealed to the cloud server because it has full data access right To cope with this problem, a frequently-used method is to encrypt raw data before outsourcing them, but the availability and operability of data will be reduced significantly In this paper, we propose an efficient and geometric range query scheme (EGRQ) supporting searching and data access control over encrypted spatial data We employ secure KNN computation, polynomial fitting technique, and order-preserving encryption to achieve secure, efficient, and accurate geometric range query over cloud data Then, we propose a novel spatial data access control strategy to refine user’s rights in our EGRQ To improve the efficiency, R-tree is adopted to reduce the searching space and matching times in whole search process Finally, we theoretically prove the security of our proposed scheme in terms of confidentiality of spatial data, privacy protection of index and trapdoor, and the unlinkability of trapdoors In addition, extensive experiments demonstrate the high efficiency of our proposed model compared with existing schemes

Toward Edge-Assisted Internet of Things: From Security and Efficiency Perspectives

Abstract: As we are moving toward the Internet of Things (IoT) era, the number of connected physical devices is increasing at a rapid pace. Mobile edge computing is emerging to handle the sheer volume of produced data and reach the latency demand of computation-intensive IoT applications. Although the advance of mobile edge computing on service latency has been well studied, security and efficiency on data usage in mobile edge computing have not been clearly identified. In this article, we examine the architecture of mobile edge computing and explore the potential of utilizing mobile edge computing to enhance data analysis for IoT applications while achieving data security and computational efficiency. Specifically, we first introduce the overall architecture and several promising edge-assisted IoT applications. We then study the security, privacy, and efficiency challenges in data processing for mobile edge computing, and discuss the opportunities to enhance data security and improve computational efficiency with the assistance of edge computing, including secure data aggregation, secure data deduplication, and secure computational offloading. Finally, several interesting directions on edge-empowered data analysis are presented for future research.

Toward Blockchain-Based Fair and Anonymous Ad Dissemination in Vehicular Networks

Abstract: Commercial advertisement (ad) dissemination has been proliferating on connected vehicles, allowing users to promote their products via vehicle-to-vehicle/-infrastructure communications. Despite the prospect of ad dissemination in vehicular networks, it faces challenges upon deployment especially on security and privacy. Particularly, vehicles may collude to defraud the advertiser to obtain rewards without disseminating ads, which may cause unfair “free-riding” issue in these activities. Furthermore, concerns on possible privacy leakage may discourage vehicles to participate in the process of ad dissemination. In addition, external DDoS attacks and internal single point of failure may also affect service availability. To address these issues, we explore the potential of blockchain technology to construct a fair and anonymous scheme for advertising in vehicular networks. We first present the overview of the blockchain-based ad dissemination framework. Then, under the framework, we design a concrete, fair and anonymous scheme. To ensure fairness, we utilize the Merkle hash tree together with smart contracts to achieve the “proof-of-ad-receiving” property (i.e., check whether a vehicle indeed receives an ad without deception or introducing significant storage cost) to mitigate the “free-riding” attack. On the other hand, any ad receiver who acquires a dissemination reward per ad more than once can be effectively detected and will be punished which is achieved by using smart contracts. Additionally, the proposed scheme can protect vehicles’ privacy in terms of anonymity and conditional linkability based on zero-knowledge proof techniques. Lastly, extensive security analysis and implementations demonstrate the feasibility and efficiency of the scheme.

Toward Privacy-Preserving Valet Parking in Autonomous Driving Era

Abstract: Automated valet parking, deemed as a key milestone on the way to autonomous driving, has great potential to improve the “last-mile” driving experience for users. On the other hand, it triggers serious risks on vehicle theft and location privacy leakage. To address these issues, we propose a secure and privacy-preserving automated valet parking protocol for self-driving vehicles. The proposed protocol is characterized by extending anonymous authentication to support two-factor authentication with mutual traceability for reducing the risks of vehicle theft and preventing the privacy leakage of users in automated valet parking. Specifically, based on one-time password and secure mobile devices, two-factor authentication is achieved between vehicles and smartphones to ensure vehicle security in remote pickup. By exploiting the BBS+ signature and the Cuckoo filter, user location privacy is protected against the curious parking lots and service providers. In addition, the traceable tags are designed to enable a trusted authority to identify the vehicles and users for localizing a stolen or missing vehicle and preventing the slandering of greedy users. Finally, formal security analysis on the proposed protocol is given to show that the authentication, anonymity, and traceability can be reduced to standard hard assumptions, and performance evaluation demonstrates the proposed protocol is efficient and practical to be implemented in autonomous driving era.

DeQoS Attack: Degrading Quality of Service in VANETs and Its Mitigation

Abstract: In this paper, we introduce a degradation-of-QoS (DeQoS) attack against vehicular ad hoc networks (VANETs). Through DeQoS, the attacker can relay the authentication exchanges between roadside units (RSUs) and faraway vehicles to establish connections but will not relay the service afterwards, which wastes the limited connection resources of RSUs. With enough number of dummy connections, RSUs’ resources could run out such that they can no longer provide services for legitimate vehicles. Since the mobility of vehicles is highly related to the success probability of the attacker, we model the arrival and departure of vehicles into an $M/M/N$ -queue system and show how the attacker can adaptively choose different attack strategies to perform the attack in distinct traffic environments. A series of simulations are conducted to verify the practicality of the attack using MATLAB. The experimental results demonstrate that the attacker can easily find exploitable vehicles and launch the DeQoS attack with an overwhelming probability (e.g., more than 0.98). As DeQoS exploits the weakness of lacking physical proximity authentication, only employing existing application-layer defense protocols in VANETs such as cryptography-based protocols cannot prevent this attack. Therefore, we design a new cross-layer relay-resistant authentication protocol by leveraging the distance-bounding technique. Security analysis is given to show that the defense mechanism can effectively mitigate DeQoS.

Balancing Security and Efficiency for Smart Metering Against Misbehaving Collectors

Abstract: Smart grid enables two-way communications between smart meters and operation centers to collect real-time power consumption of customers to improve flexibility, reliability, and efficiency of the power system. It brings serious privacy issues to customers, since the meter readings possibly expose customers’ activities in the house. Data encryption can protect the readings, but lengthens the data size. Secure data aggregation improves communication efficiency and preserves customers’ privacy, while fails to support dynamic billing, or offer integrity protection against public collectors, which may be hacked in reality. In this paper, we define a new security model to formalize the misbehavior of collectors, in which the misbehaving collectors may launch pollution attacks to corrupt power consumption data. Under this model, we propose a novel privacy-preserving smart metering scheme to prevent pollution attacks for the balance of security and efficiency in smart grid. It achieves end-to-end security, data aggregation, and integrity protection against the misbehaving collectors, which act as local gateways to collect and aggregate usage data and forward to operation centers. As a result, the misbehaving collectors cannot access or corrupt power usage data of customers. In addition, we design a dynamic billing mechanism based on individual power consumption maintained on collectors with the verification of customers. Our analysis shows that the proposed scheme achieves secure smart metering and verifiable dynamic billing against misbehaving collectors with low computational and communication overhead.

On Countermeasures of Pilot Spoofing Attack in Massive MIMO Systems: A Double Channel Training Based Approach

Abstract: In this paper, we investigate secure communication in a massive multiple-input multiple-output (MIMO) system with multiple users and multiple eavesdroppers (Eve) under both pilot spoofing attack (PSA) and uplink jamming. Specifically, Eve impairs the normal channel estimation by sending identical pilot sequences with the legitimate users. Based on the impaired channel estimation, the base station adopts linear processing schemes for uplink data reception, which is jammed by Eve, and downlink confidential information transmission. We first evaluate the impact of the PSA on the achievable rate with linear processing, and then propose a double channel training based scheme to combat PSA. By using the channel estimation difference in two training phases, the presence of the PSA can be detected and accurate legitimate channel estimation can be obtained by removing the effect of Eve's channel. Furthermore, we analyze the channel estimation errors and derive a closed-form expression of the minimum mean square error precoding scheme to maximize the minimum achievable secrecy rate, which outperforms the conventional linear precoding counterparts.

Privacy-Preserving Traffic Monitoring with False Report Filtering via Fog-assisted Vehicular Crowdsensing

Abstract: Traffic monitoring system empowers cloud server and drivers to collect real-time driving information and acquire traffic conditions. However, drivers are more interested in local traffic, and sending driving reports to a remote cloud server consumes a heavy bandwidth and incurs an increased response delay. Recently, fog computing is introduced to provide location-sensitive and latency-aware local data management in vehicular crowdsensing, but it also raises new privacy concerns because drivers' information could be disclosed. Although these messages are encrypted before transmission, malicious drivers can upload false reports to sabotage the systems, and filtering out false encrypted reports remains a challenging issue. To address the problems, we define a new security model and propose a privacy preserving traffic monitoring scheme. Specifically, we utilize short group signature to authenticate drivers in a conditionally anonymous way, adopt a range query technique to acquire driving information in a privacy-preserving way, and integrate it to the construction of a weighted proximity graph at each fog node through a WiFi challenge handshake to filter out false reports. Moreover, we use variant Bloom filters to achieve fast traffic conditions storage and retrieval. Finally, we prove the security and privacy, evaluate the performance with real-world cloud servers.

Towards Edge-assisted Internet of Things: From Security and Efficiency Perspectives

Abstract: As we are moving towards the Internet of Things (IoT) era, the number of connected physical devices is increasing at a rapid pace. Mobile edge computing is emerging to handle the sheer volume of produced data and reach the latency demand of computation-intensive IoT applications. Although the advance of mobile edge computing on service latency is studied solidly, security and efficiency on data usage in mobile edge computing have not been clearly identified. In this article, we examine the architecture of mobile edge computing and explore the potentials of utilizing mobile edge computing to enhance data analysis for IoT applications, while achieving data security and computational efficiency. Specifically, we first introduce the overall architecture and several promising edge-assisted IoT applications. We then study the security, privacy and efficiency challenges in data processing for mobile edge computing, and discuss the opportunities to enhance data security and improve computational efficiency with the assistance of edge computing, including secure data aggregation, secure data deduplication and secure computational offloading. Finally, several interesting directions on edge-empowered data analysis are presented for future research.

CoRide: A Privacy-Preserving Collaborative-Ride Hailing Service Using Blockchain-Assisted Vehicular Fog Computing

Abstract: Ride-hailing services have experienced remarkable development throughout the world, serving millions of users per day. However, service providers, such as Uber and Didi, operate independently. If they are willing to share user data and establish collaborative-rides (c-rides), more ride services and commercial interests will be produced. Meanwhile, these collaborations raise significant security and privacy concerns for both users and service providers, because users’ sensitive information and service providers’ business secrets could be leaked during c-rides. Moreover, data auditability and fairness must be guaranteed. In this paper, we propose CoRide: a privacy-preserving Collaborative-Ride hailing service using blockchain-assisted vehicular fog computing. First, we anonymously authenticate users and disclose a targeted user only if all collaborative service providers are present while requiring no trusted authority. Then, we construct a consortium blockchain to record c-rides and create smart contracts to pair riders with drivers. Private proximity test and query processing are utilized to support location authentication, driver screening and destination matching. Last, we modify Zerocash to achieve anonymous payment and defend double spending attacks. Finally, we analyze the security of CoRide and demonstrate its efficiency through extensive experiments based on an Ethereum network.

Towards Secure and Fair IIoT-Enabled Supply Chain Management via Blockchain-Based Smart Contracts

Abstract: Integrating the Industrial Internet of Things (IIoT) into supply chain management enables flexible and efficient on-demand exchange of goods between merchants and suppliers. However, realizing a fair and transparent supply chain system remains a very challenging issue due to the lack of mutual trust among the suppliers and merchants. Furthermore, the current system often lacks the ability to transmit trade information to all participants in a timely manner, which is the most important element in supply chain management for the effective supply of goods between suppliers and the merchants. This paper presents a blockchain-based supply chain management system in the IIoT. The proposed system takes advantage of blockchain technology in terms of its transparency and tamper-proof nature to support fair goods exchange between merchants and suppliers. Additionally, the decentralization and pseudonymity property will play a significant role in preserving the privacy of participants in the blockchain. In particular, fairness in the IIoT is first defined. Then, a design for a smart contract for fair goods exchange is presented to prevent malicious behavior through imposing penalties. The proposed system was prototyped on Ethereum and experiments were conducted to demonstrate its feasibility.

Efficient and Privacy-Preserving Outsourced SVM Classification in Public Cloud

Abstract: Data classification has become an important and prevailing technique for big data analytics. Typically, a data classifier is designed and outsourced to a public cloud. A service provider then can easily provide various services and handle frequent and massive classification requests from users. With privacy concerns as well as Intellectual Property(IP) protection issues, the valuable classifier and the sensitive user data cannot be directly exposed to the public cloud. In this paper, we focus on the Support Vector Machine (SVM), one of the most popular classifiers, and propose an efficient and privacy-preserving outsourcing scheme for SVM classification in public clouds. Specifically, the service provider is allowed to transform the traditional SVM classifier to fixed hyper-rectangles and the order-preserving encryption is utilized to encrypt these hyper-rectangles as the encrypted classifier. Afterwards, the encrypted classifier is outsourced to the public cloud, and a user can submit an encrypted range query to the cloud and obtain the classification results back. Security analysis and extensive experimental evaluation demonstrate that our scheme can protect the confidentiality of classifier and users' data and achieves efficient SVM classification in terms of computational cost.

Forward Secure and Fine-grained Data Sharing for Mobile Crowdsensing

Abstract: Secure task-driven data sharing can improve the sensing data usage and protect data confidentiality in mobile crowdsensing (MCS). However, the existing data sharing schemes lack efficient support of forward secrecy, i.e., if the secret key of a data requester is compromised, all the historically shared data will be leaked. In this paper, we propose a forward secure and fine-grained data sharing scheme in mobile crowdsensing to provide a strong security guarantee and flexible access control over the sensing data. Specifically, by incorporating puncturable encryption and attribute based encryption, a shared symmetric key for data sharing can be encrypted by an access structure over the attributes of data requesters and the introduced Bloom filter attributes. Moreover, the shared key establishment between the MCS server and data requesters can be done jointly with the both sides authentication. By utilizing the structure of the Bloom filter, the update of a private key which is used to achieve forward secrecy only needs several deletion operations and no communication with the key distributor is involved. The security proof shows our scheme is provably secure under the security model. Experiment results demonstrate the practicability of the scheme.

An Optimized Positive-Unlabeled Learning Method for Detecting a Large Scale of Malware Variants

Abstract: Malicious softwares (Malware) are able to quickly evolve into many different variants and evade existing detection mechanisms, rendering the ineffectiveness of traditional signature-based malware detection systems. Many researchers have proposed advanced malware detection techniques by using Machine Learning. Although the machine learning based techniques perform well in detecting a wide range of malware variants, there still remain some problems when meeting the real scene in the industry. Since the volume of new malware variants grows fast and labelling data is expensive and takes a lot of labor, companies cannot label every one of those samples. They tend to label a small part of the malware samples and treat the rest of the unlabeled samples as benign samples in which the original malware samples are treated as mislabeled. This causes a bias of decision boundary which severely limits the accuracy. To address such a problem, in this paper, we propose a cost-sensitive boosting method to train an unbiased detection model with the malicious-unlabeled executables to improve the accuracy. Along with that, in order to detect malware variants efficiently, we propose a byte co-occurrence matrix as a representation of byte streams of executables to detect malware variants directly. Experimental results show that the machine learning methods optimized by our approach can achieve 80% to 90% accuracy while the original machine learning methods can only achieve 50% to 85% accuracy when the unlabeled data contain different rates of mislabeled positive data.

Against Pilot Spoofing Attack with Double Channel Training in Massive MIMO NOMA Systems

Abstract: To combat the pilot spoofing attack in non-orthogonal multiple access (NOMA) systems, we propose a double channel training scheme in this paper. Specifically, we consider two users in each cluster and both users send the training sequence in the first uplink training phase, while one of them keeps silent in the second phase. By exploiting channel estimation results in the two phases, more accurate legitimate channel estimation can be obtained by removing the contamination from the eavesdropping channel. Thus, the pilot spoofing attack can be mitigated effectively. We then analyze the achievable downlink secrecy rate with matched filter precoding scheme. Simulation results demonstrate that the achievable secrecy rate can be improved dramatically with the proposed scheme even under very strong pilot attack power.

Towards Private and Efficient Ad Impression Aggregation in Mobile Advertising

Abstract: In the secure mobile advertising, mobile users privately select advertisements of interest for displaying without exposing their preferences to the ad network. However, the strong privacy guarantee has uncovered limitations on gathering aggregated ad impression statistics for the ad network to enforce correct billing on the merchants who run their ad campaigns. Early efforts integrated cryptographic voting mechanism to address this challenge, which introduces additional bandwidth overhead on mobile devices due to the construction of the ballot proof. In this paper, we propose a private and efficient ad impression aggregation scheme in mobile advertising to protect the individual ad impression statistics while preventing the ad-fraud attack. The main idea of the proposed scheme is the design of an efficient cryptographic voting mechanism based on the compact hamming weight proof technique and additive homomorphic encryption. The proposed scheme has better bandwidth efficiency by reducing the ballot proof size from O(logN) to O(1), where N denotes the dimension of the ballot. Security analysis demonstrates the confidentiality of the individual impression statistics and the verifiability of the ballot proof under standard cryptographic assumptions. Experimental results consolidate that the proposed scheme is feasible for real-world implementations on mobile devices.