Browsing by Author "Ding, Wenxiu"

Filter results by typing the first few letters
Now showing 1 - 14 of 14
  • Computing Maximum and Minimum with Privacy Preservation and Flexible Access Control
    (2019) Ding, Wenxiu; Yan, Zheng; Qian, X.R.; Deng, R.H.
     A4 Artikkeli konferenssijulkaisussa
    With the fast development of Internet of Things, huge volume of data is being collected from various sensors and devices, aggregated at gateways, and processed in the cloud. Due to privacy concern, data are usually encrypted before being outsourced to the cloud. However, encryption seriously impedes both computation over the data and sharing of the computation results. Computing maximum and minimum among a data set are two of the most basic operations in machine learning and data mining algorithms. In this paper, we study how to compute maximum and minimum over encrypted data and control the access to the computation result in a privacy-preserving manner. We present four schemes to realize privacy-preserving maximum and minimum computations with flexible access control that can adapt to various application scenarios. We further analyze their security and show their efficiency through extensive evaluations and comparisons with existing work. © 2019 IEEE.
  • Context-aware Verifiable Cloud Computing
    (2017) Yan, Zheng; Yu, Xixun; Ding, Wenxiu
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Internet of Things (IoTs) has emerged to motivate various intelligent applications based on the data collected by various 'things.' Cloud computing plays an important role for big data processing by providing data computing and processing services. However, cloud service providers may invade data privacy and provide inaccurate data processing results to users, and thus cannot be fully trusted. On the other hand, limited by computation resources and capabilities, cloud users mostly cannot independently process big data and perform verification on the correctness of data processing. This raises a special challenge on cloud computing verification, especially when user data are stored at the cloud in an encrypted form and processed for satisfying the requests raised in different contexts. But the current literature still lacks serious studies on this research issue. In this paper, we propose a context-aware verifiable computing scheme based on full homomorphic encryption by deploying an auditing protocol to verify the correctness of the encrypted data processing result. We design four optional auditing protocols to satisfy different security requirements. Their performance is evaluated and compared through performance analysis, algorithm implementation, and system simulation. The results show the effectiveness and efficiency of our designs. The pros and cons of all protocols are also analyzed and discussed based on rigorous comparison.
  • EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion
    (2022-06) Wei, Wentao; Wang, Jie; Yan, Zheng; Ding, Wenxiu
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Android has stood at a predominant position in mobile operating systems for many years. However, its popularity and openness make it a desirable target of malicious attackers. There is an increasing need for mobile malware detection. Existing analysis methods fall into two categories, i.e., static analysis and dynamic analysis. The dynamic analysis is more effective and timely than the static one, but it incurs a high computational overhead, thus cannot be deployed in resource-constrained mobile devices. Existing studies solve this issue by outsourcing malware detection to the cloud. However, the privacy of mobile app runtime data uploaded to the cloud is not well preserved during both detection model training and malware detection. Numerous efforts have been made to preserve privacy with cryptography, which suffers from high computational overhead and low flexibility. To address these issues, in this paper, we propose an Intel SGX-empowered mobile malware detection scheme called EPMDroid. We also design a probabilistic data structure based on cuckoo filters, named CuckooTable, to effectively fuse features for detection and achieve high space efficiency. We conduct both theoretical analysis and real-world data based tests on EPMDroid performance. Experimental results show that EPMDroid can speed up malware detection by up to 43.8 times and save memory space by up to 3.7 times with the same accuracy, as compared to a baseline method.
  • An Extended Framework of Privacy-Preserving Computation with Flexible Access Control
    (2020-06) Ding, Wenxiu; Hu, Rui; Yan, Zheng; Qian, Xinren; Deng, Robert H.; Yang, Laurence T.; Dong, M.
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Cloud computing offers various services based on outsourced data by utilizing its huge volume of resources and great computation capability. However, it also makes users lose full control over their data. To avoid the leakage of user data privacy, encrypted data are preferred to be uploaded and stored in the cloud, which unfortunately complicates data analysis and access control. In particular, few existing works consider the fine-grained access control over the computational results from ciphertexts. Though our previous work proposed a framework to support several basic computations (such as addition, multiplication and comparison Ding2017) with flexible access control, privacy-preserving division calculations over encrypted data, as a crucial operation in many statistical processes and machine learning algorithms, is neglected. In this paper, we propose four privacy-preserving division computation schemes with flexible access control to fill this gap, which can adapt to various application scenarios. Furthermore, we extend a division scheme over encrypted integers to support privacy-preserving division over multiple data types including fixed-point numbers and fractional numbers. Finally, we give their security proof and show their efficiency and superiority through comprehensive simulations and comparisons with existing work.
  • Flexible Access Control over Privacy-Preserving Cloud Data Processing
    (2020) Ding, Wenxiu; Qian, Xinren; Hu, Rui; Yan, Zheng; Deng, Robert H.
     A3 Kirjan tai muun kokoomateoksen osa
    Cloud computing provides an efficient and convenient platform for cloud users to store, process, and control their data (such as cybersecurity education-related data). Cloud overcomes the bottlenecks of resource-constrained devices and greatly releases storage and computing burdens on users. However, due to the lack of full trust in cloud service providers, cloud users generally prefer to outsource their sensitive data in an encrypted form, which seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in an efficient way and at the same time flexibly control the access to data processing results has been an important challenging issue. In this chapter, we propose a privacy-preserving data processing system to support several basic operations over outsourced encrypted data under the cooperation of a data service provider (DSP) and a computation party (CP). In addition, attribute-based encryption (ABE) is also applied to support flexible access control of processing results of encrypted data. Our schemes provide an efficient measure for secure data analytics to preserve the privacy of sensitive course data, e.g., course feedback, survey inputs, examination statistical data, exercises about security-related data for intrusion/malware detection and integrated personal data processing, etc. All of them can be applied into the education of cybersecurity.
  • Heterogeneous Data Storage Management with Deduplication in Cloud Computing
    (2019) Yan, Zheng; Zhang, Lifang; Ding, Wenxiu; Zheng, Qinghua
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Cloud storage as one of the most important services of cloud computing helps cloud users break the bottleneck of restricted resources and expand their storage without upgrading their devices. In order to guarantee the security and privacy of cloud users, data are always outsourced in an encrypted form. However, encrypted data could incur much waste of cloud storage and complicate data sharing among authorized users. We are still facing challenges on encrypted data storage and management with deduplication. Traditional deduplication schemes always focus on specific application scenarios, in which the deduplication is completely controlled by either data owners or cloud servers. They cannot flexibly satisfy various demands of data owners according to the level of data sensitivity. In this paper, we propose a heterogeneous data storage management scheme, which flexibly offers both deduplication management and access control at the same time across multiple Cloud Service Providers (CSPs). We evaluate its performance with security analysis, comparison and implementation. The results show its security, effectiveness and efficiency towards potential practical usage.
  • Privacy-preserving Computation over Encrypted Vectors
    (2020-12) Hu, Rui; Ding, Wenxiu; Yan, Zheng
     A4 Artikkeli konferenssijulkaisussa
    Cloud computing allows users to outsource massive amounts of data to a cloud server for storage and analysis, which breaks the bottleneck of limited local resources. However, it makes user data exposed and possibly be accessed by unauthorized entities. Owing to privacy concern, users are inclined to upload encrypted data to a cloud server, but encryption limits operations over original data and affects access to a processing result. Though lots of schemes have been proposed to achieve some basic operations over encrypted data, it still lacks the research on the dot product of encrypted vectors. In this paper, we propose two privacy-preserving dot product schemes based on a dual server model, which can flexibly support single-user access and multiuser access to a final data processing result. Furthermore, we extend them to achieve privacy-preserving Support Vector Machine (SVM) prediction algorithm. Finally, we give security analysis of our proposed schemes and demonstrate their availability and practicality through simulation and comparison with existing works.
  • Privacy-Preserving Data Processing with Flexible Access Control
    (2020-03-01) Ding, Wenxiu; Yan, Zheng; Deng, Robert
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Cloud computing provides an efficient and convenient platform for cloud users to store, process and control their data. Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in an efficient way and at the same time flexibly control the access to data processing results has been an important challenging issue. In this paper, we propose a privacy-preserving data processing scheme with flexible access control. With the cooperation of a data service provider (DSP) and a computation party (CP), our scheme, based on Paillier's partial homomorphic encryption (PHE), realizes seven basic operations, i.e., Addition, Subtraction, Multiplication, Sign Acquisition, Absolute, Comparison, and Equality Test, over outsourced encrypted data. In addition, our scheme, based on the homomorphism of attribute-based encryption (ABE), is also designed to support flexible access control over processing results of encrypted data. We further prove the security of our scheme and demonstrate its efficiency and advantages through simulations and comparisons with existing work.
  • Security Vulnerabilities of SGX and Countermeasures: A Survey
    (2021-07-13) Fei, Shufan; Yan, Zheng; Ding, Wenxiu; Xie, Haomeng
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.
  • A Survey on Data Fusion in Internet of Things: Towards Secure and Privacy-Preserving Fusion
    (2018) Ding, Wenxiu; Jing, Xuyang; Yan, Zheng; Yang, Laurence T.
     A2 Katsausartikkeli tieteellisessä aikakauslehdessä
    Internet of Things (IoT) aims to create a world that enables the interconnection and integration of things in physical world and cyber space. With the involvement of a great number of wireless sensor devices, IoT generates a diversity of datasets that are massive, multi-sourcing, heterogeneous, and sparse. By taking advantage of these data to further improve IoT services and offer intelligent services, data fusion is always employed first to reduce the size and dimension of data, optimize the amount of data traffic and extract useful information from raw data. Although there exist some surveys on IoT data fusion, the literature still lacks comprehensive insight and discussion on it with regard to different IoT application domains by paying special attention to security and privacy. In this paper, we investigate the properties of IoT data, propose a number of IoT data fusion requirements including the ones about security and privacy, classify the IoT applications into several domains and then provide a thorough review on the state-of-the-art of data fusion in main IoT application domains. In particular, we employ the requirements of IoT data fusion as a measure to evaluate and compare the performance of existing data fusion methods. Based on the thorough survey, we summarize open research issues, highlight promising future research directions and specify research challenges.
  • A survey on data fusion in internet of things: Towards secure and privacy-preserving fusion
    (2019-11-01) Ding, Wenxiu; Jing, Xuyang; Yan, Zheng; Yang, Laurence T.
     A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
    Internet of Things (IoT) aims to create a world that enables the interconnection and integration of things in physical world and cyber space. With the involvement of a great number of wireless sensor devices, IoT generates a diversity of datasets that are massive, multi-sourcing, heterogeneous, and sparse. By taking advantage of these data to further improve IoT services and offer intelligent services, data fusion is always employed first to reduce the size and dimension of data, optimize the amount of data traffic and extract useful information from raw data. Although there exist some surveys on IoT data fusion, the literature still lacks comprehensive insight and discussion on it with regard to different IoT application domains by paying special attention to security and privacy. In this paper, we investigate the properties of IoT data, propose a number of IoT data fusion requirements including the ones about security and privacy, classify the IoT applications into several domains and then provide a thorough review on the state-of-the-art of data fusion in main IoT application domains. In particular, we employ the requirements of IoT data fusion as a measure to evaluate and compare the performance of existing data fusion methods. Based on the thorough survey, we summarize open research issues, highlight promising future research directions and specify research challenges.
  • A survey on data provenance in IoT
    (2020-03-01) Hu, Rui; Yan, Zheng; Ding, Wenxiu; Yang, Laurence T.
     A2 Katsausartikkeli tieteellisessä aikakauslehdessä
    Internet of Things (IoT), as a typical representation of cyberization, enables the interconnection of physical things and the Internet, which provides intelligent and advanced services for industrial production and human lives. However, it also brings new challenges to IoT applications due to heterogeneity, complexity and dynamic nature of IoT. Especially, it is difficult to determine the sources of specified data, which is vulnerable to inserted attacks raised by different parties during data transmission and processing. In order to solve these issues, data provenance is introduced, which records data origins and the history of data generation and processing, thus possible to track the sources and reasons of any problems. Though some related researches have been proposed, the literature still lacks a comprehensive survey on data provenance in IoT. In this paper, we first propose a number of design requirements of data provenance in IoT by analyzing the features of IoT data and applications. Then, we provide a deep-insight review on existing schemes of IoT data provenance and employ the requirements to discuss their pros and cons. Finally, we summarize a number of open issues to direct future research.
  • A Survey on Future Internet Security Architectures
    (2016-08-26) Ding, Wenxiu; Yan, Zheng; Deng, Robert H.
     A2 Katsausartikkeli tieteellisessä aikakauslehdessä
    Current host-centric Internet Protocol (IP) networks are facing unprecedented challenges, such as network attacks and the exhaustion of IP addresses. Motivated by emerging demands for security, mobility, and distributed networking, many research projects have been initiated to design the future Internet from a clean slate. In order to obtain a thorough knowledge of security in future Internet architecture, we review a number of well-known projects, including named data networking, Content Aware Searching Retrieval and sTreaming, MobilityFirst Future Internet Architecture Project (MobilityFirst), eXpressive Internet Architecture, and scalability, control, and isolation on next-generation network. These projects aim to move away from the traditional host-centric networks and replace them with content-centric, mobility-centric, or service-centric networks. However, different principles and designs also raise various issues on network security. For each project, we describe its architecture design and how it deals with security issues. Furthermore, we compare these projects and discuss their pros and cons. Open security issues are pointed out for directing future research.
  • A survey on secure data analytics in edge computing
    (2019-06-01) Liu, Dan; Yan, Zheng; Ding, Wenxiu; Atiquzzaman, Mohammed
     A2 Katsausartikkeli tieteellisessä aikakauslehdessä
    Internet of Things (IoT) is gaining increasing popularity. Overwhelming volumes of data are generated by IoT devices. Those data after analytics provide significant information that could greatly benefit IoT applications. Different from traditional applications, IoT applications, such as environmental monitoring, smart navigation, and smart healthcare come with new requirements, such as mobility, real-time response, and location awareness. However, traditional cloud computing paradigm cannot satisfy these demands due to centralized processing and being far away from local devices. Hence, edge computing was introduced to perform data processing and storage in the edge of networks, which is closer to data sources than cloud computing, thus efficient and location-aware. Unfortunately, edge computing brings new security and privacy challenges when applied to data analytics. The literature still lacks a thorough review on the recent advances in secure data analytics in edge computing. In this paper, we first introduce the concept and features of edge computing, and then propose a number of requirements for its secure data analytics by analyzing potential security threats in edge computing. Furthermore, we give a comprehensive review on the pros and cons of the existing works on data analytics in edge computing based on our proposed requirements. Based on our literature survey, we highlight current open issues and propose future research directions.