HVSTO: Efficient Privacy Preserving Hybrid Storage in Cloud Data Center

In cloud data center, shared storage with good management is a main structure used for the storage of virtual machines (VM). In this paper, we proposed Hybrid VM storage (HVSTO), a privacy preserving shared storage system designed for the virtual machine storage in large-scale cloud data center. Unlike traditional shared storage, HVSTO adopts a distributed structure to preserve privacy of virtual machines, which are a threat in traditional centralized structure. To improve the performance of I/O latency in this distributed structure, we use a hybrid system to combine solid state disk and distributed storage. From the evaluation of our demonstration system, HVSTO provides a scalable and sufficient throughput for the platform as a service infrastructure.Comment: 7 pages, 8 figures, in proceeding of The Second International Workshop on Security and Privacy in Big Data (BigSecurity 2014

Security in Delay Tolerant Networks

Delay- and Disruption-tolerant wireless networks (DTN), or opportunistic networks, represent a class of networks where continuous end-to-end connectivity may not be possible. DTN is a well recognized area in networking research and has attracted extensive attentions from both network designers and application developers. Applications of this emergent communication paradigm are wide ranging and include sensor networks using scheduled intermittent connectivity, vehicular DTNs for dissemination of location-dependent information (e.g., local ads, traffic reports, parking information, etc.), pocket-switched networks to allow humans to communicate without network infrastructure, and underwater acoustic networks with moderate delays and frequent interruptions due to environmental factors, etc. Security is one of the main barriers to wide-scale deployment of DTNs, but has gained little attention so far. On the one hand, similar to traditional mobile ad hoc networks, the open channel and multi-hop transmission have made DTNs vulnerable to various security threats, such as message modification/injection attack or unauthorized access and utilization of DTN resources. On the other hand, the unique security characteristics of DTNs including: long round-trip delay, frequent disconnectivity, fragmentation, opportunistic routing as well as limited computational and storage capability, make the existing security protocols designed for the conventional ad hoc networks unsuitable for DTNs. Therefore, a series of new security protocols are highly desired to meet stringent security and efficiency requirements for securing DTNs. In this research, we focus on three fundamental security issues in DTNs: efficient DTN message (or bundle) authentication, which is a critical security service for DTN security; incentive issue, which targets at stimulating selfish nodes to forward data for others; and certificate revocation issue, which is an important part of public key management and serves the foundation of any DTN security protocols. We have made the following contributions: First of all, the unique ``store-carry-and-forward'' transmission characteristic of DTNs implies that bundles from distinct/common senders may opportunistically be buffered at some common intermediate nodes. Such a ``buffering'' characteristic distinguishes DTN from any other traditional wireless networks, for which intermediate cache is not supported. To exploit such buffering opportunities, we propose an Opportunistic Batch Bundle Authentication Scheme (OBBA) to dramatically reduce the bundle authentication cost by seamlessly integrating identity-based batch signatures and Merkle tree techniques. Secondly, we propose a secure multi-layer credit based incentive scheme to stimulate bundle forwarding cooperation among DTNs nodes. The proposed scheme can be implemented in a fully distributed manner to thwart various attacks without relying on any tamper-proof hardware. In addition, we introduce several efficiency-optimization techniques to improve the overall efficiency by exploiting the unique characteristics of DTNs. Lastly, we propose a storage-efficient public key certificate validation method. Our proposed scheme exploits the opportunistic propagation to transmit Certificate Revocation List (CRL) list while taking advantage of bloom filter technique to reduce the required buffer size. We also discuss how to take advantage of cooperative checking to minimize false positive rate and storage consumption. For each research issue, detailed simulation results in terms of computational time, transmission overhead and power consumption, are given to validate the efficiency and effectiveness of the proposed security solutions

Multicloud-Based Evacuation Services for Emergency Management

A smart evacuation needs a scalable and flexible system to provide service in both emergency and normal situations. A single cloud service is usually limited to support scaling up requirements in an emergency, especially one with a large geographic scope. In this article, the authors propose MCES, a multicloud architecture that deploys smart evacuation services in multiple cloud providers and that can tolerant more pressure than single cloud-based services. This system maintains basic service to support monitoring, but during an emergency, visits to the service will scale up enormously, which means MDSE must support a rapid scaling up of service capacity in a short time. The authors use a three-layer cloud instance management to support rapid capacity scaling in MCES. By conducting extensive simulations, the authors demonstrate that their proposed MCES significantly outperforms single cloud solutions under various emergency settings

Location Privacy in Usage-Based Automotive Insurance: Attacks and Countermeasures

Usage-based insurance (UBI) is regarded as a promising way to provide accurate automotive insurance rates by analyzing the driving behaviors (e.g., speed, mileage, and harsh braking/accelerating) of drivers. The best practice that has been adopted by many insurance programs to protect users\u27 location privacy is the use of driving speed rather than GPS data. However, in this paper, we challenge this approach by presenting a novel speed-based location trajectory inference framework. The basic strategy of the proposed inference framework is motivated by the following observations. In practice, many environmental factors, such as real-time traffic and traffic regulations, can influence the driving speed. These factors provide side-channel information about the driving route, which can be exploited to infer the vehicle\u27s trace. We implement our discovered attack on a public data set in New Jersey. The experimental results show that the attacker has a nearly 60% probability of obtaining the real route if he chooses the top 10 candidate routes. To thwart the proposed attack, we design a privacy preserving scoring and data audition framework that enhances drivers\u27 control on location privacy without affecting the utility of UBI. Our defense framework can also detect users\u27 dishonest behavior (e.g., modification of speed data) via a probabilistic audition scheme. Extensive experimental results validate the effectiveness of the defense framework

EdgeSense: Edge-Mediated Spatial-Temporal Crowdsensing

Edge computing recently is increasingly popular due to the growth of data size and the need of sensing with the reduced center. Based on Edge computing architecture, we propose a novel crowdsensing framework called Edge-Mediated Spatial-Temporal Crowdsensing. This algorithm targets on receiving the environment information such as air pollution, temperature, and traffic flow in some parts of the goal area, and does not aggregate sensor data with its location information. Specifically, EdgeSense works on top of a secured peer-To-peer network consisted of participants and propose a novel Decentralized Spatial-Temporal Crowdsensing framework based on Parallelized Stochastic Gradient Descent. To approximate the sensing data in each part of the target area in each sensing cycle, EdgeSense uses the local sensor data in participants\u27 mobile devices to learn the low-rank characteristic and then recovers the sensing data from it. We evaluate the EdgeSense on the real-world data sets (temperature [1] and PM2.5 [2] data sets), where our algorithm can achieve low error in approximation and also can compete with the baseline algorithm which is designed using centralized and aggregated mechanism

Early Detection of Disease using Electronic Health Records and Fisher\u27s Wishart Discriminant Analysis

Linear Discriminant Analysis (LDA) is a simple and effective technique for pattern classification, while it is also widely-used for early detection of diseases using Electronic Health Records (EHR) data. However, the performance of LDA for EHR data classification is frequently affected by two main factors: ill-posed estimation of LDA parameters (e.g., covariance matrix), and linear inseparability of the EHR data for classification. To handle these two issues, in this paper, we propose a novel classifier FWDA -- Fisher\u27s Wishart Discriminant Analysis, which is developed as a faster and robust nonlinear classifier. Specifically, FWDA first surrogates the distribution of potential inverse covariance matrix estimates using a Wishart distribution estimated from the training data. Then, FWDA samples a group of inverse covariance matrices from the Wishart distribution, predicts using LDA classifiers based on the sampled inverse covariance matrices, and weighted-averages the prediction results via Bayesian Voting scheme. The weights for voting are optimally updated to adapt each new input data, so as to enable the nonlinear classification