Showing papers by "Zheng Yan published in 2016"

A security and trust framework for virtualized networks and software-defined networking

Abstract: With the great success of the second-generation wireless telephone technology and the third-generation mobile telecommunications technology, and the fast development of the fourth-generation mobile telecommunications technology, the phase of fifth-generation mobile networks or fifth-generation wireless systems 5G is coming. In this article, we indicate the open research issues of 5G security and trust in the context of virtualized networking and software-defined networking. We further propose a framework of security and trust focusing on solving 5G network security issues. The proposed framework applies adaptive trust evaluation and management technologies and sustainable trusted computing technologies to ensure computing platform trust and achieve software-defined network security. It adopts cloud computing to securely deploy various trustworthy security services over the virtualized networks. We analyze that the framework can support and satisfy all security requirements specified in standardization. We also suggest future research work according to the proposed framework and discuss the advantages of our framework in terms of practical deployment. Copyright © 2015 John Wiley & Sons, Ltd.

Deduplication on Encrypted Big Data in Cloud

Abstract: Cloud computing offers a new way of service provision by re-arranging various resources over the Internet. The most important and popular cloud service is data storage. In order to preserve the privacy of data holders, data are often stored in cloud in an encrypted form. However, encrypted data introduce new challenges for cloud data deduplication, which becomes crucial for big data storage and processing in cloud. Traditional deduplication schemes cannot work on encrypted data. Existing solutions of encrypted data deduplication suffer from security weakness. They cannot flexibly support data access control and revocation. Therefore, few of them can be readily deployed in practice. In this paper, we propose a scheme to deduplicate encrypted data stored in cloud based on ownership challenge and proxy re-encryption. It integrates cloud data deduplication with access control. We evaluate its performance based on extensive analysis and computer simulations. The results show the superior efficiency and effectiveness of the scheme for potential practical deployment, especially for big data deduplication in cloud storage.

SecIoT: a security framework for the Internet of Things

Abstract: The 5th generation wireless system 5G will support Internet of Things IoT by increasing the interconnectivity of electronic devices to support a variety of new and promising networked applications such as the home of the future, environmental monitoring networks, and infrastructure management systems. The potential benefits of the IoT are as profound as they are diverse. However, the benefits of the IoT come with some significant challenges. Not the least of these is that the increased interconnectivity integral to an IoT network increases its vulnerability to malevolent attacks. There is still no proven methodology for the design of security frameworks with device authentication and access control. This paper attempts to address this problem through the development of a prototype security framework with robust and transparent security protection. This includes an investigation into the security requirements of three different characteristic IoT scenarios concretely, body IoT, home IoT, and hotel IoT, a design of new authentication mechanisms, and an access control subsystem with fine-grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security as well as providing some feasible solutions. Copyright © 2015 John Wiley & Sons, Ltd.

Two Schemes of Privacy-Preserving Trust Evaluation

Abstract: Trust evaluation computes trust values by collecting and processing trust evidence. It plays an important role in trust management that automatically ensures trust relationships among system entities and enhances system security. But trust evidence collection and process may cause privacy leakage, which makes involved entities reluctant to provide personal evidence that is essential for trust evaluation. Current literature pays little attention to Privacy-Preserving Trust Evaluation (PPTE). Existing work still has many limitations, especially on generality, efficiency and reliability. In this paper, we propose two practical schemes to guard privacy of trust evidence providers based on additive homomorphic encryption in order to support a traditional class of trust evaluation that contains evidence summation. The first scheme achieves better computational efficiency, while the second one provides greater security at the expense of a higher computational cost. Accordingly, two trust evaluation algorithms are further proposed to flexibly support different application cases. Specifically, these algorithms can overcome attacks raised by internal malicious evidence providers to some extent even though the trust evaluation is partially performed in an encrypted form. Extensive analysis and performance evaluation show the security and effectivity of our schemes for potential application prospect and their efficiency to support big data process. Two security schemes for Privacy-Preserving Trust Evaluation (PPTE).Trust evaluation algorithms cooperating with the PPTE schemes to resist internal attacks.Security and performance proof of two PPTE schemes through analysis and implementation.Feasibility to support various scenarios with either small or big evidence data.

Encrypted Data Management with Deduplication in Cloud Computing

Abstract: Cloud computing plays an important role in supporting data storage, processing, and management in the Internet of Things (IoT). To preserve cloud data confidentiality and user privacy, cloud data are often stored in an encrypted form. However, duplicated data that are encrypted under different encryption schemes could be stored in the cloud, which greatly decreases the utilization rate of storage resources, especially for big data. Several data deduplication schemes have recently been proposed. However, most of them suffer from security weakness and lack of flexibility to support secure data access control. Therefore, few can be deployed in practice. This article proposes a scheme based on attribute-based encryption (ABE) to deduplicate encrypted data stored in the cloud while also supporting secure data access control. The authors evaluate the scheme's performance based on analysis and implementation. Results show the efficiency, effectiveness, and scalability of the scheme for potential practical deployment.

Tube-Based Robust Model Predictive Control of Nonlinear Systems via Collective Neurodynamic Optimization

Abstract: This paper presents a collective neurodynamic approach to robust model predictive control (MPC) of discrete-time nonlinear systems affected by bounded uncertainties. The proposed control law is a combination of an MPC within an invariant tube for a nominal system and an ancillary state feedback control. The nominal system is first transformed to a linear parameter-varying (LPV) system, and then its MPC signal is computed by solving a convex optimization problem sequentially in real time using a two-layer recurrent neural network (RNN). The ancillary state feedback control is obtained by means of gain scheduling via robust pole assignment using two RNNs. While the nominal MPC generates an optimal state trajectory in the absence of uncertainties, the ancillary state feedback control confines the actual states within an invariant tube in the presence of uncertainties. Simulation results on stabilization control of three mechatronic systems are provided to substantiate the effectiveness and characteristics of the neurodynamics-based robust MPC approach.

A Survey on Future Internet Security Architectures

Abstract: Current host-centric Internet Protocol (IP) networks are facing unprecedented challenges, such as network attacks and the exhaustion of IP addresses. Motivated by emerging demands for security, mobility, and distributed networking, many research projects have been initiated to design the future Internet from a clean slate. In order to obtain a thorough knowledge of security in future Internet architecture, we review a number of well-known projects, including named data networking, Content Aware Searching Retrieval and sTreaming, MobilityFirst Future Internet Architecture Project (MobilityFirst), eXpressive Internet Architecture, and scalability, control, and isolation on next-generation network. These projects aim to move away from the traditional host-centric networks and replace them with content-centric, mobility-centric, or service-centric networks. However, different principles and designs also raise various issues on network security. For each project, we describe its architecture design and how it deals with security issues. Furthermore, we compare these projects and discuss their pros and cons. Open security issues are pointed out for directing future research.

A Usable Authentication System Based on Personal Voice Challenge

Abstract: User authentication is a major approach to guarantee the security of online or cloud services when using user devices such as tablets or mobile phones to access remote servers. Usability is an important issue that greatly influences the acceptance of a user authentication mechanism. Nowadays, a very common way for user authentication is based on the match of the user's password with the registered one or using fingerprint. However, both of them have several weak points regarding usability, e.g., not usable for users to remember many credentials for different service access and need occupy user hands. In this paper, we explore a secure voice authentication system for usable identification and authentication without the need of any manual inputs. The users are free from remembering any passwords. It aims to improve the usability of user authentication based on personal voice challenge and overcome the weakness of existing authentication methods. Implementation further shows its effectiveness.

A Survey on Software-Defined Networking Security

Abstract: Software-Defined Networking (SDN) has gained special attention in both academia and industry. It is a new network architecture framework for networking, which decouples the network control plane from the data plane at physical topology. SDN promotes centralization of network control and introduces the ability to program the network. However, the development of the SDN is constrained by various security concerns, e.g., the central management of SDN is ideal for security attack. In this paper, we investigate potential security threats and specify security requirements accordingly. Existing security solutions in SDN are seriously reviewed and evaluated based on the specified security requirements in order to figure out open issues and motivate future research efforts.

Power load forecasting based on support vector machine and particle swarm optimization

Abstract: Accurate electric load forecasting is significant for the operation of the power systems and electricity markets. This paper proposes a particle swarm optimization with support vector machine (PSOSVM) to forecast annual power load. Based on radial basis function, support vector machine (SVM) is utilized to determine the structure and initial values of the parameters. Then, particle swarm optimization (PSO) is employed to optimize the parameters of the SVM model. In order to utilize the proposed method, practical data are divided into two parts, one is for training, the other is for testing. The combined method, PSOSVM, can effectively predict annual power load.

Privacy Protection in Mobile Recommender Systems: A Survey

Abstract: A Mobile Recommender System (MRS) is a system that provides personalized recommendations for mobile users. It solves the problem of information overload in a mobile environment with the support of a smart mobile device. MRS has three fundamental characteristics relevant to the mobile Internet: mobility, portability and wireless connectivity. MRS aims to generate accurate recommendations by utilizing detailed personal data and extracting user preferences. However, collecting and processing personal data may intrude user privacy. The privacy issues in MRS are more complex than traditional recommender system due to its specific characteristics and various personal data collection. Privacy protection in MRS is a crucial research topic, which is widely studied in the literature, but it still lacks a comprehensive survey to summarize its current status and indicate open research issues for further investigation. This paper reviews existing work in MRS in terms of privacy protection. Challenges and future research directions are discussed based on the literature survey.

Secure Pervasive Social Communications Based on Trust in a Distributed Way

Abstract: Social network has extended its popularity from the Internet to mobile domain. Pervasive social networking (PSN) supports instant social activities based on self-organized mobile ad hoc networks. PSN is useful in reality when fixed networks are unavailable or inconvenient to access or when people are in vicinity. For supporting crucial PSN activities and enhancing user privacy, securing pervasive social communications becomes important. However, a solution based on a centralized server could be inapplicable in some specific situations (e.g., disasters and military activities) and suffers from DoS/DDoS attacks and internal attacks. How to automatically control data access in a trustworthy and efficient way in PSN is a challenge. In this paper, we propose two schemes to secure communication data in PSN purely based on local trust evaluated by PSN nodes in a distributed manner. Each node can control its data based on its trust in other nodes by applying attribute-based encryption. The advantages, security, and performance of the proposed scheme are evaluated and justified through serious analysis and implementation. The results show the efficiency and effectiveness of the schemes. In addition, we developed a mobile app based on Android platform to demonstrate the applicability and social acceptance of our schemes.

Security and Privacy in Big Data Lifetime: A Review

Abstract: Due to the fast growth of emerging information technologies such as Internet of Things (IoT), cloud computing, Internet services, and social networking, an increasing interest in big data security and privacy is aroused. An entire lifetime of big data contains four phases: big data collection; transmission; processing and analytics; storage and management. However, the five salient features of big data: volume, variety, velocity, value, and veracity bring great challenges on protecting big data security and privacy during its whole lifetime. In this paper, we survey schemes and techniques that are applied to ensure big data security and privacy. Based on the literature review, we discuss open challenges and issues in this research area towards comprehensive protection on big data security and privacy in its lifetime.

A Tensor-Based Framework for Software-Defined Cloud Data Center

Abstract: Multimedia has been exponentially increasing as the biggest big data, which consist of video clips, images, and audio files. Processing and analyzing them on a cloud data center have become a preferred solution that can utilize the large pool of cloud resources to address the problems caused by the tremendous amount of unstructured multimedia data. However, there exist many challenges in processing multimedia big data on a cloud data center, such as multimedia data representation approach, an efficient networking model, and an estimation method for traffic patterns. The primary purpose of this article is to develop a novel tensor-based software-defined networking model on a cloud data center for multimedia big-data computation and communication. First, an overview of the proposed framework is provided, in which the functions of the representative modules are briefly illustrated. Then, three models,—forwarding tensor, control tensor, and transition tensor—are proposed for management of networking devices and prediction of network traffic patterns. Finally, two algorithms about single-mode and multimode tensor eigen-decomposition are developed, and the incremental method is employed for efficiently updating the generated eigen-vector and eigen-tensor. Experimental results reveal that the proposed framework is feasible and efficient to handle multimedia big data on a cloud data center.

A Survey on Trust Evaluation in E-commerce

Abstract: E-commerce is becoming a popular and growing industry in which buyers and sellers are trading with each other on the Internet. A large number of E-commerce companies have created very profitable businesses since E-commerce Web sites (such as JD.com, eBay.com) or pioneering E-commerce traders (such as Taobao.com, Amazon.com) showed up more than 10 years ago. One of the most important factors that impact the success of Ecommerce is ensuring security and trust. Undoubtedly, in lack of trust as a key element of online business communications, Ecommerce will face a lot of challenges. Trust evaluation plays an important role in E-commerce for evaluating trust relationship between enterprises and customers, which assists on providing qualified services and enhancing user privacy and security. However, current literature still lacks a comprehensive study on trust evaluation in E-commerce. In this paper, we propose review criteria of trust evaluation in E-commerce and survey the current literature by analyzing its advantages and shortcomings according to the proposed criteria. At last, we discuss unsolved issues and current challenges and propose future research trends in the area of trust evaluation in E-commerce.

Security Protocols in Body Sensor Networks Using Visible Light Communications

Abstract: The fifth generation (5G) wireless system aims to support body sensor networks (BSNs) by increasing the interconnectivity of electronic devices. BSNs in the 5G era will enable many interesting applications, for example, medical services. In these applications, sensor networks collect sensitive information of individual human beings. Thus, security becomes significantly important in BSNs. However, many key distribution protocols are based on pre-deployed secrets. There are some problems: It is difficult to update pre-deployed secrets after they are compromised, or users want to re-deploy a device node. In this paper, we propose several security protocols including two key establishment protocols for BSNs by using visible light communications (VLCs). These protocols have a number of advantages. First, they can be widely applied in current BSNs without extra conditions because VLCs can be supported in most BSNs. Second, these protocols do not need pre-shared secrets; thus, it is not necessary for users to change pre-shared secrets if they are compromised. Experiments and analysis further show that (1) VLCs based on on–off keying are preferred; (2) computation and communication burden of these protocols are acceptable; and (3) these protocols bring little burden on users.

Trustworthy Authentication on Scalable Surveillance Video with Background Model Support

Abstract: H.264/SVC (Scalable Video Coding) codestreams, which consist of a single base layer and multiple enhancement layers, are designed for quality, spatial, and temporal scalabilities. They can be transmitted over networks of different bandwidths and seamlessly accessed by various terminal devices. With a huge amount of video surveillance and various devices becoming an integral part of the security infrastructure, the industry is currently starting to use the SVC standard to process digital video for surveillance applications such that clients with different network bandwidth connections and display capabilities can seamlessly access various SVC surveillance (sub)codestreams. In order to guarantee the trustworthiness and integrity of received SVC codestreams, engineers and researchers have proposed several authentication schemes to protect video data. However, existing algorithms cannot simultaneously satisfy both efficiency and robustness for SVC surveillance codestreams. Hence, in this article, a highly efficient and robust authentication scheme, named TrustSSV (Trust Scalable Surveillance Video), is proposed. Based on quality/spatial scalable characteristics of SVC codestreams, TrustSSV combines cryptographic and content-based authentication techniques to authenticate the base layer and enhancement layers, respectively. Based on temporal scalable characteristics of surveillance codestreams, TrustSSV extracts, updates, and authenticates foreground features for each access unit dynamically with background model support. Using SVC test sequences, our experimental results indicate that the scheme is able to distinguish between content-preserving and content-changing manipulations and to pinpoint tampered locations. Compared with existing schemes, the proposed scheme incurs very small computation and communication costs.

A Survey on Trust Evaluation in Mobile Ad Hoc Networks

Abstract: Mobile Ad Hoc Network (MANET) is a multi-hop temporary and autonomic network comprised of a set of mobile nodes. MANETs have the features of non-center, dynamically changing topology, multi-hop routing, mobile nodes, limited resources and so on, which make it face more threats. Trust evaluation is used to support nodes to cooperate in a secure and trustworthy way through evaluating the trust of participating nodes in MANETs. However, many trust evaluation models proposed for MANETs still have many problems and shortcomings. In this paper, we review the existing researches, then analyze and compare the proposed trust evaluation models by presenting and applying uniform criteria in order to point out a number of open issues and challenges and suggest future research trends.

Security in Software-Defined-Networking: A Survey

Abstract: With the development of information and networking technologies, conventional network has been unable to meet the demands of practical applications and network users. A new network paradigm called Software-Defined Networking (SDN) was proposed and got public attention. By decoupling the forwarding and control planes and applying specific protocols, SDN greatly reduces the cost of network management. Moreover, SDN empowers network managers to program their networks with high flexibility. However, there are many network security issues with regard to SDN, which should be solved in order to ensure the final success of SDN. In this paper, we undertake an SDN security survey. We focus on analyzing SDN’s security problems and reviewing existing countermeasures. Meanwhile, we identify the future research directions of SDN security.

Editorial: Trust Management for Multimedia Big Data

Abstract: With the rapid growth of Cyber Physical and Social Computing (CPSC) and cloud computing, huge volumes of multimedia data collected by various devices through different communication channels are being processed, analyzed, and mined in order to support many promising services. However, analysis and mining of multimedia data introduce a number of issues related to its trust management, especially for multimedia big data. On the one hand, multimedia data mining could disclose privacy of data owners or related entities to unauthorized parties, which greatly impedes wide user adoption of multimedia applications. On the other hand, trust in multimedia data perception, transmission, communications, fusion, mining, storage, and usage impacts the quality of multimedia services. In this context, multimedia data trust starts to attract special attention in order to achieve security, privacy, and quality in every step of multimedia data transmission and processing. In particular, big volumes of multimedia data introduce special requirements for efficiency, availability, and dependability of its

Game Theoretical Analysis on System Adoption and Acceptance: A Review

Abstract: Game theory is a methodology using mathematics models to analyze the strategic interactions between participants. It has been widely used to analyze the acceptance of system models under various conditions. In this paper, we review the basic knowledge of game theory. After extensive literature study, we propose a series of model requirements that should be paid attention in game theoretical analysis. Furthermore, we classify the existing work into two categories: games in information systems and games in network systems, which have been analyzed in accordance with the aforementioned requirements. The review shows that game theory is a good tool to analyze the adoption and acceptance of a system model and can be used for improving system design towards practical deployment. Moreover, we present the advantages and limitations of existing studies, and propose future research directions.

Trust Evaluation in Social Networking: A Review

Abstract: Social networking has become very popular in recent years by serving as a medium for disseminating information and connecting like-minded people. It influences today's social culture and changes the way of modern life. The success of social networking relies on the level of trust that social group members have with each other as well as with social networking service providers. Therefore, trust evaluation in the social networking becomes an important topic that has attracted special concerns. Many trust models or schemes have been proposed to improve the security or performance in social networking. However, existing work mostly only focused on certain aspects. There still lacks a comprehensive study on trust evaluation and management in social networking. In this paper, we propose comprehensive criteria with nine aspects for trust evaluation. Related work in this area published in recent five years have been seriously surveyed and evaluated based on the criteria. We compare existing work and analyze the advantages and disadvantages of the current methods in order to figure out open research issues and motivate future research efforts.

Trust and Reputation Evaluation Mechanisms in Grid Computing: A Review

Abstract: Grid computing has been aggressively expanded with the increasing demands for high performance computing, with the steady price decrease of the hardware, and the growth of related software support. Resource and security assurance are the core of the Grid computing systems. If the supporting resource management scheme and the security assurance cannot keep pace with the Grid's evolvement, a bottleneck of Grid computing will be easily formed. Schemes based on trust and reputation evaluation are treated as an efficient way to address these problems. In this paper, we provide a systematic review on existing work of trust and reputation evaluation mechanisms in grid computing, and compare them according to the criteria proposed by us. Through review and comparison, we found a number of open problems in this research field, which directs the future research and investigation.

Privacy preserving authentication and key agreement protocol for apparatus-to-apparatus communication

Abstract: A method is disclosed, comprising obtaining, by a first apparatus, a first identifier associated with the first apparatus, wherein the first identifier is different from a second identifier associated with the first apparatus, providing, by the first apparatus, at least one message to at least one further apparatus of at least one further apparatus, wherein each of the at least one message comprises a key information of the first apparatus and is associated with the first identifier associated with the first apparatus, and determining, by the first apparatus, a session key of a communication session associated with the first apparatus and the at least one further apparatus, based on at least one message received, by the first apparatus, provided by at least one further apparatus of the at least one further apparatus, wherein each of the at least one message comprises a key information of the respective further apparatus and is associated with a first identifier associated with the respective further apparatus.