scispace - formally typeset
Search or ask a question
Author

Zhifeng Xiao

Bio: Zhifeng Xiao is an academic researcher from University of Alabama. The author has contributed to research in topics: Cloud computing & Smart grid. The author has an hindex of 12, co-authored 25 publications receiving 913 citations. Previous affiliations of Zhifeng Xiao include Penn State Erie, The Behrend College & Pennsylvania State University.

Papers
More filters
Journal ArticleDOI
TL;DR: The authors obtain a common goal to provide a comprehensive review of the existing security and privacy issues in cloud environments to present the relationships among them, the vulnerabilities that may be exploited by attackers, the threat models, as well as existing defense strategies in a cloud scenario.
Abstract: Recent advances have given rise to the popularity and success of cloud computing. However, when outsourcing the data and business application to a third party causes the security and privacy issues to become a critical concern. Throughout the study at hand, the authors obtain a common goal to provide a comprehensive review of the existing security and privacy issues in cloud environments. We have identified five most representative security and privacy attributes (i.e., confidentiality, integrity, availability, accountability, and privacy-preservability). Beginning with these attributes, we present the relationships among them, the vulnerabilities that may be exploited by attackers, the threat models, as well as existing defense strategies in a cloud scenario. Future research directions are previously determined for each attribute.

513 citations

Journal ArticleDOI
TL;DR: The goal of the scheme is to discover problematic meters that report inaccurate reading values, which enables nonrepudiation on meter readings for smart grid.
Abstract: Lack of non-repudiation is a major barrier of building a trustworthy smart grid. In current power systems, bills are generated based on the amount of service consumed by residential or commercial users. However, meter readings may not be trustworthy due to malicious behavior (e.g., energy theft) or external attacks. The root cause is that power providers have no means to obtain the reading value other than receiving it from the users. To resolve this issue, we present a mutual inspection strategy, which enables nonrepudiation on meter readings for smart grid. The goal of our scheme is to discover problematic meters that report inaccurate reading values.

101 citations

Journal ArticleDOI
TL;DR: This paper proposes a suite of inspection algorithms, which are tailored to fit both static and dynamic situations, and employs an adaptive-tree-based algorithm, which leverages advantages of both the scanning and binary-tree inspections.
Abstract: In smart grids, smart meters may potentially be attacked or compromised to cause certain security risks It is challenging to identify malicious meters when there are a large number of users In this paper, we explore the malicious meter inspection (MMI) problem in neighborhood area smart grids We propose a suite of inspection algorithms in a progressive manner First, we present a basic scanning method, which takes linear time to accomplish inspection The scanning method is efficient when the malicious meter ratio is high Then, we propose a binary-tree-based inspection algorithm, which performs better than scanning when the malicious meter ratio is low Finally, we employ an adaptive-tree-based algorithm, which leverages advantages of both the scanning and binary-tree inspections Our approaches are tailored to fit both static and dynamic situations The theoretical and experimental results have shown the effectiveness of the adaptive tree approach

83 citations

Journal ArticleDOI
TL;DR: This paper proposes Accountable MapReduce, which forces each machine to be held responsible for its behavior, and formalizes the Optimal Worker and Auditor Assignment (OWAA) problem to optimize the utilization resource.

50 citations

Journal ArticleDOI
TL;DR: This paper demonstrates how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc.
Abstract: The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.

49 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: The definition, characteristics, and classification of big data along with some discussions on cloud computing are introduced, and research challenges are investigated, with focus on scalability, availability, data integrity, data transformation, data quality, data heterogeneity, privacy, legal and regulatory issues, and governance.

2,141 citations

Book ChapterDOI
04 Oct 2019
TL;DR: Permission to copy without fee all or part of this material is granted provided that the copies arc not made or distributed for direct commercial advantage.
Abstract: Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

1,962 citations

Posted Content
TL;DR: This paper defines and explores proofs of retrievability (PORs), a POR scheme that enables an archive or back-up service to produce a concise proof that a user can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.
Abstract: In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a target file F, that is, that the archive retains and reliably transmits file data sufficient for the user to recover F in its entirety.A POR may be viewed as a kind of cryptographic proof of knowledge (POK), but one specially designed to handle a large file (or bitstring) F. We explore POR protocols here in which the communication costs, number of memory accesses for the prover, and storage requirements of the user (verifier) are small parameters essentially independent of the length of F. In addition to proposing new, practical POR constructions, we explore implementation considerations and optimizations that bear on previously explored, related schemes.In a POR, unlike a POK, neither the prover nor the verifier need actually have knowledge of F. PORs give rise to a new and unusual security definition whose formulation is another contribution of our work.We view PORs as an important tool for semi-trusted online archives. Existing cryptographic techniques help users ensure the privacy and integrity of files they retrieve. It is also natural, however, for users to want to verify that archives do not delete or modify files prior to retrieval. The goal of a POR is to accomplish these checks without users having to download the files themselves. A POR can also provide quality-of-service guarantees, i.e., show that a file is retrievable within a certain time bound.

1,783 citations

Journal ArticleDOI
TL;DR: The main goal of this study is to holistically analyze the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration.

1,045 citations

Journal ArticleDOI
01 Jan 2014
TL;DR: In this article, the authors explore the concept of sensing as a service and how it fits with the Internet of Things (IoT) and identify the major open challenges and issues.
Abstract: The world population is growing at a rapid pace. Towns and cities are accommodating half of the world's population thereby creating tremendous pressure on every aspect of urban living. Cities are known to have large concentration of resources and facilities. Such environments attract people from rural areas. However, unprecedented attraction has now become an overwhelming issue for city governance and politics. The enormous pressure towards efficient city management has triggered various Smart City initiatives by both government and private sector businesses to invest in information and communication technologies to find sustainable solutions to the growing issues. The Internet of Things IoT has also gained significant attention over the past decade. IoT envisions to connect billions of sensors to the Internet and expects to use them for efficient and effective resource management in Smart Cities. Today, infrastructure, platforms and software applications are offered as services using cloud technologies. In this paper, we explore the concept of sensing as a service and how it fits with the IoT. Our objective is to investigate the concept of sensing as a service model in technological, economical and social perspectives and identify the major open challenges and issues. Copyright © 2013 John Wiley & Sons, Ltd.

756 citations