Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks

Existing distributed denial-of-service attack detection in software defined networks (SDNs) typically perform detection in a single domain. In reality, abnormal traffic usually affects multiple network domains. Thus, a cross-domain attack detection has been proposed to improve detection performance. However, when participating in detection, the domain of each SDN needs to provide a large amount of real traffic data, from which private information may be leaked. Existing multiparty privacy protection schemes often achieve privacy guarantees by sacrificing accuracy or increasing the time cost. Achieving both high accuracy and reasonable time consumption is a challenging task. In this paper, we propose Predis, which is a privacypreserving cross-domain attack detection scheme for SDNs. Predis combines perturbation encryption and data encryption to protect privacy and employs a computationally simple and efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We also improve kNN to achieve better efficiency. Via theoretical analysis and extensive simulations, we demonstrate that Predis is capable of achieving efficient and accurate attack detection while securing sensitive information of each domain

Content-Based Multi-Source Encrypted Image Retrieval in Clouds with Privacy Preservation

Content-based image retrieval (CBIR) is one of the fundamental image retrieval primitives. Its applications can be found in various areas, such as art collections and medical diagnoses. With an increasing prevalence of cloud computing paradigm, image owners desire to outsource their images to cloud servers. In order to deal with the risk of privacy leakage of images, images are typically encrypted before they are outsourced to the cloud, which makes CBIR an extremely challenging task. Existing studies focus on the scenario with only a single image owner, leaving the problem of CBIR with multiple image sources (i.e., owners) unaddressed. In this paper, we propose a secure CBIR scheme that supports Multiple Image owners with Privacy Protection (MIPP). We encrypt image features with a secure multi-party computation technique, which allows image owners to encrypt image features with their own keys. This enables efficient image retrieval over images gathered from multiple sources, while guaranteeing that image privacy of an individual image owner will not be leaked to other image owners. We also propose a new method for similarity measurement of images that can avoid revealing image similarity information to the cloud. Theoretical analysis and experimental results demonstrate that MIPP achieves retrieval accuracy and efficiency simultaneously, while preserving image privacy

Cloud-Based Approximate Constrained Shortest Distance Queries Over Encrypted Graphs With Privacy Protection

Constrained shortest distance (CSD) querying is one of the fundamental graph query primitives, which finds the shortest distance from an origin to a destination in a graph with a constraint that the total cost does not exceed a given threshold. CSD querying has a wide range of applications, such as routing in telecommunications and transportation. With an increasing prevalence of cloud computing paradigm, graph owners desire to outsource their graphs to cloud servers. In order to protect sensitive information, these graphs are usually encrypted before being outsourced to the cloud. This, however, imposes a great challenge to CSD querying over encrypted graphs. Since performing constraint filtering is an intractable task, existing work mainly focuses on unconstrained shortest distance queries. CSD querying over encrypted graphs remains an open research problem. In this paper, we propose Connor, a novel graph encryption scheme that enables approximate CSD querying. Connor is built based on an efficient, tree-based ciphertext comparison protocol, and makes use of symmetric-key primitives and the somewhat homomorphic encryption, making it computationally efficient. Using Connor, a graph owner can first encrypt privacy-sensitive graphs and then outsource them to the cloud server, achieving the necessary privacy without losing the ability of querying. Extensive experiments with real-world datasets demonstrate the effectiveness and efficiency of the proposed graph encryption scheme

Secure Phrase Search for Intelligent Processing of Encrypted Data in Cloud-Based IoT

Phrase search allows retrieval of documents containing an exact phrase, which plays an important role in many machine learning applications for cloud-based IoT, such as intelligent medical data analytics. In order to protect sensitive information from being leaked by service providers, documents (e.g., clinic records) are usually encrypted by data owners before being outsourced to the cloud. This, however, makes the search operation an extremely challenging task. Existing searchable encryption schemes for multi-keyword search operations fail to perform phrase search, as they are unable to determine the location relationship of multiple keywords in a queried phrase over encrypted data on the cloud server side. In this paper, we propose P3, an efficient privacy-preserving phrase search scheme for intelligent encrypted data processing in cloud-based IoT. Our scheme exploits the homomorphic encryption and bilinear map to determine the location relationship of multiple queried keywords over encrypted data. It also utilizes a probabilistic trapdoor generation algorithm to protect users search patterns. Thorough security analysis demonstrates the security guarantees achieved by P3. We implement a prototype and conduct extensive experiments on real-world datasets. The evaluation results show that compared with existing multikeyword search schemes, P3 can greatly improve the search accuracy with moderate overheads

IriTrack: Liveness Detection Using Irises Tracking for Preventing Face Spoofing Attacks

Face liveness detection has become a widely used technique with a growing importance in various authentication scenarios to withstand spoofing attacks. Existing methods that perform liveness detection generally focus on designing intelligent classifiers or customized hardware to differentiate between the image or video samples of a real legitimate user and the imitated ones. Although effective, they can be resource-consuming and detection results may be sensitive to environmental changes. In this paper, we take iris movement as a significant liveness sign and propose a simple and efficient liveness detection system named IriTrack. Users are required to move their eyes along with a randomly generated poly-line, and trajectories of irises are then used as evidences for liveness detection. IriTrack allows checking liveness by using data collected during user-device interactions. We implemented a prototype and conducted extensive experiments to evaluate the performance of the proposed system. The results show that IriTrack can fend against spoofing attacks with a moderate and adjustable time overhead

Towards Delay-Tolerant Flexible Data Access Control for Smart Grid with Renewable Energy Resources

In the Smart Grid with Renewable Energy Resources (RERs), the Residential Units (RUs) with Distributed Energy Resources (DERs) are considered to be both power consumers and suppliers. Specifically, RUs with excessive renewable generations can trade with the utility in deficit of power supplies for mutual benefits. It causes two challenging issues. First, the trading data of RUs is quite sensitive, which should be only accessed by authorized users with fine-grained policies. Second, the behaviors of the RUs to generate trading data are spontaneous and unpredictable, then the problem is how to guarantee system efficiency and delay tolerance simultaneously. In this paper, we propose a delay-tolerant flexible data access control scheme based on Key Policy Attribute Based Encryption (KP-ABE) for Smart Grid with Renewable Energy Resources (RERs). We adopt the secret sharing scheme (SSS) to realize a flexible access control with encryption delay tolerance. Furthermore, there is no central trusted server to perform the encryption/decryption. We reduce the computation cost on RUs and operators via a semi-trusted model. The analysis shows that the proposed scheme can meet the data security requirement of the Smart Grid with RERs, and it also has less cost compared with other popular models

EPDA: Enhancing Privacy-Preserving Data Authentication for Mobile Crowd Sensing

As a popular application, mobile crowd sensing systems aim at providing more convenient service via the swarm intelligence. With the popularity of sensor-embedded smart phones and intelligent wearable devices, mobile crowd sensing is becoming an efficient way to obtain various types of sensing data from individuals, which will make people's life more convenient. However, mobile crowd sensing systems today are facing a critical challenge, namely the privacy leakage of the sensitive information and valuable data, which can raise grave concerns among the participants. To address this issue, we propose an enhanced secure certificateless privacy-preserving verifiable data authentication scheme for mobile crowd sensing, named EPDA. The proposed scheme provides unconditional anonymous data authentication service for mobile crowd sensing, by deploying an improved certificateless ring signature as the cryptogram essential, in which the big sensing data should be signed by one of legitimate members in a specific group and could be verified without exposing the actual identity of the participant. The formal security proof demonstrates that EPDA is secure against existential forgery under adaptive chosen message and identity attacks in random oracle model. Finally, extensive simulations are conducted. The results show that the proposed EPDA efficiently decreases computational cost and time consumption in the sensing data authentication process

LPTD: Achieving Lightweight and Privacy-Preserving Truth Discovery in CIoT

In recent years, cognitive Internet of Things (CIoT) has received considerable attention because it can extract valuable information from various Internet of Things (IoT) devices. In CIoT, truth discovery plays an important role in identifying truthful values from large scale data to help CIoT provide deeper insights and value from collected information. However, the privacy concerns of IoT devices pose a major challenge in designing truth discovery approaches. Although existing schemes of truth discovery can be executed with strong privacy guarantees, they are not efficient or cannot be applied in real-life CIoT applications. This article proposes a novel framework for lightweight and privacy-preserving truth discovery called LPTD-I, which is implemented by incorporating fog and cloud platforms, and adopting the homomorphic Paillier encryption and one-way hash chain techniques. This scheme not only protects devices' privacy, but also achieves high efficiency. Moreover, we introduce a fault tolerant (LPTD-II) framework which can effectively overcome malfunctioning CIoT devices. Detailed security analysis indicates the proposed schemes are secure under a comprehensively designed threat model. Experimental simulations are also carried out to demonstrate the efficiency of the proposed schemes

A new hashing based nearest neighbors selection technique for big datasets

KNN has the reputation to be the word simplest but efficient supervised learning algorithm used for either classification or regression. KNN prediction efficiency highly depends on the size of its training data but when this training data grows KNN suffers from slowness in making decisions since it needs to search nearest neighbors within the entire dataset at each decision making. This paper proposes a new technique that enables the selection of nearest neighbors directly in the neighborhood of a given observation. The proposed approach consists of dividing the data space into subcells of a virtual grid built on top of data space. The mapping between the data points and subcells is performed using hashing. When it comes to select the nearest neighbors of a given observation, we firstly identify the cell the observation belongs by using hashing, and then we look for nearest neighbors from that central cell and cells around it layer by layer. From our experiment performance analysis on publicly available datasets, our algorithm outperforms the original KNN in time efficiency with a prediction quality as good as that of KNN it also offers competitive performance with solutions like KDtreeComment: 8 pages,6 figure

ESAS: An Efficient Semantic and Authorized Search Scheme over Encrypted Outsourced Data

Nowadays, a large amount of user privacy-sensitive data is outsourced to the cloud server in ciphertext, which is provided by the data owners and can be accessed by authorized data users. When accessing data, the user should be assigned with the access permission according to his identities or attributes. In addition, the search capabilities in encrypted outsourced data is expected to be enhanced, i.e., the search results can better pre-sent user's intentions. To address the above issues, ESAS, an Efficient Semantic and Authorized Search scheme over encrypt-ed outsourced data, is proposed. In ESAS, by integrating PRSCG (the privacy-preserving ranked search based on con-ceptual graph) and CP-ABE (ciphertext policy attribute-based encryption), semantic search with file-level fine-grained access authorization can be realized. In addition, search authorization can be done in an offline manner, which can improve search efficiency and reduce the response time. The security analysis indicate that the proposed ESAS meets security requirement