116 research outputs found
Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks
Existing distributed denial-of-service attack detection in software defined
networks (SDNs) typically perform detection in a single domain. In reality,
abnormal traffic usually affects multiple network domains. Thus, a cross-domain
attack detection has been proposed to improve detection performance. However,
when participating in detection, the domain of each SDN needs to provide a
large amount of real traffic data, from which private information may be
leaked. Existing multiparty privacy protection schemes often achieve privacy
guarantees by sacrificing accuracy or increasing the time cost. Achieving both
high accuracy and reasonable time consumption is a challenging task. In this
paper, we propose Predis, which is a privacypreserving cross-domain attack
detection scheme for SDNs. Predis combines perturbation encryption and data
encryption to protect privacy and employs a computationally simple and
efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We
also improve kNN to achieve better efficiency. Via theoretical analysis and
extensive simulations, we demonstrate that Predis is capable of achieving
efficient and accurate attack detection while securing sensitive information of
each domain
Content-Based Multi-Source Encrypted Image Retrieval in Clouds with Privacy Preservation
Content-based image retrieval (CBIR) is one of the fundamental image
retrieval primitives. Its applications can be found in various areas, such as
art collections and medical diagnoses. With an increasing prevalence of cloud
computing paradigm, image owners desire to outsource their images to cloud
servers. In order to deal with the risk of privacy leakage of images, images
are typically encrypted before they are outsourced to the cloud, which makes
CBIR an extremely challenging task. Existing studies focus on the scenario with
only a single image owner, leaving the problem of CBIR with multiple image
sources (i.e., owners) unaddressed. In this paper, we propose a secure CBIR
scheme that supports Multiple Image owners with Privacy Protection (MIPP). We
encrypt image features with a secure multi-party computation technique, which
allows image owners to encrypt image features with their own keys. This enables
efficient image retrieval over images gathered from multiple sources, while
guaranteeing that image privacy of an individual image owner will not be leaked
to other image owners. We also propose a new method for similarity measurement
of images that can avoid revealing image similarity information to the cloud.
Theoretical analysis and experimental results demonstrate that MIPP achieves
retrieval accuracy and efficiency simultaneously, while preserving image
privacy
Cloud-Based Approximate Constrained Shortest Distance Queries Over Encrypted Graphs With Privacy Protection
Constrained shortest distance (CSD) querying is one of the fundamental graph
query primitives, which finds the shortest distance from an origin to a
destination in a graph with a constraint that the total cost does not exceed a
given threshold. CSD querying has a wide range of applications, such as routing
in telecommunications and transportation. With an increasing prevalence of
cloud computing paradigm, graph owners desire to outsource their graphs to
cloud servers. In order to protect sensitive information, these graphs are
usually encrypted before being outsourced to the cloud. This, however, imposes
a great challenge to CSD querying over encrypted graphs. Since performing
constraint filtering is an intractable task, existing work mainly focuses on
unconstrained shortest distance queries. CSD querying over encrypted graphs
remains an open research problem. In this paper, we propose Connor, a novel
graph encryption scheme that enables approximate CSD querying. Connor is built
based on an efficient, tree-based ciphertext comparison protocol, and makes use
of symmetric-key primitives and the somewhat homomorphic encryption, making it
computationally efficient. Using Connor, a graph owner can first encrypt
privacy-sensitive graphs and then outsource them to the cloud server, achieving
the necessary privacy without losing the ability of querying. Extensive
experiments with real-world datasets demonstrate the effectiveness and
efficiency of the proposed graph encryption scheme
Secure Phrase Search for Intelligent Processing of Encrypted Data in Cloud-Based IoT
Phrase search allows retrieval of documents containing an exact phrase, which
plays an important role in many machine learning applications for cloud-based
IoT, such as intelligent medical data analytics. In order to protect sensitive
information from being leaked by service providers, documents (e.g., clinic
records) are usually encrypted by data owners before being outsourced to the
cloud. This, however, makes the search operation an extremely challenging task.
Existing searchable encryption schemes for multi-keyword search operations fail
to perform phrase search, as they are unable to determine the location
relationship of multiple keywords in a queried phrase over encrypted data on
the cloud server side. In this paper, we propose P3, an efficient
privacy-preserving phrase search scheme for intelligent encrypted data
processing in cloud-based IoT. Our scheme exploits the homomorphic encryption
and bilinear map to determine the location relationship of multiple queried
keywords over encrypted data. It also utilizes a probabilistic trapdoor
generation algorithm to protect users search patterns. Thorough security
analysis demonstrates the security guarantees achieved by P3. We implement a
prototype and conduct extensive experiments on real-world datasets. The
evaluation results show that compared with existing multikeyword search
schemes, P3 can greatly improve the search accuracy with moderate overheads
IriTrack: Liveness Detection Using Irises Tracking for Preventing Face Spoofing Attacks
Face liveness detection has become a widely used technique with a growing
importance in various authentication scenarios to withstand spoofing attacks.
Existing methods that perform liveness detection generally focus on designing
intelligent classifiers or customized hardware to differentiate between the
image or video samples of a real legitimate user and the imitated ones.
Although effective, they can be resource-consuming and detection results may be
sensitive to environmental changes. In this paper, we take iris movement as a
significant liveness sign and propose a simple and efficient liveness detection
system named IriTrack. Users are required to move their eyes along with a
randomly generated poly-line, and trajectories of irises are then used as
evidences for liveness detection. IriTrack allows checking liveness by using
data collected during user-device interactions. We implemented a prototype and
conducted extensive experiments to evaluate the performance of the proposed
system. The results show that IriTrack can fend against spoofing attacks with a
moderate and adjustable time overhead
Towards Delay-Tolerant Flexible Data Access Control for Smart Grid with Renewable Energy Resources
In the Smart Grid with Renewable Energy Resources (RERs), the Residential
Units (RUs) with Distributed Energy Resources (DERs) are considered to be both
power consumers and suppliers. Specifically, RUs with excessive renewable
generations can trade with the utility in deficit of power supplies for mutual
benefits. It causes two challenging issues. First, the trading data of RUs is
quite sensitive, which should be only accessed by authorized users with
fine-grained policies. Second, the behaviors of the RUs to generate trading
data are spontaneous and unpredictable, then the problem is how to guarantee
system efficiency and delay tolerance simultaneously. In this paper, we propose
a delay-tolerant flexible data access control scheme based on Key Policy
Attribute Based Encryption (KP-ABE) for Smart Grid with Renewable Energy
Resources (RERs). We adopt the secret sharing scheme (SSS) to realize a
flexible access control with encryption delay tolerance. Furthermore, there is
no central trusted server to perform the encryption/decryption. We reduce the
computation cost on RUs and operators via a semi-trusted model. The analysis
shows that the proposed scheme can meet the data security requirement of the
Smart Grid with RERs, and it also has less cost compared with other popular
models
EPDA: Enhancing Privacy-Preserving Data Authentication for Mobile Crowd Sensing
As a popular application, mobile crowd sensing systems aim at providing more
convenient service via the swarm intelligence. With the popularity of
sensor-embedded smart phones and intelligent wearable devices, mobile crowd
sensing is becoming an efficient way to obtain various types of sensing data
from individuals, which will make people's life more convenient. However,
mobile crowd sensing systems today are facing a critical challenge, namely the
privacy leakage of the sensitive information and valuable data, which can raise
grave concerns among the participants. To address this issue, we propose an
enhanced secure certificateless privacy-preserving verifiable data
authentication scheme for mobile crowd sensing, named EPDA. The proposed scheme
provides unconditional anonymous data authentication service for mobile crowd
sensing, by deploying an improved certificateless ring signature as the
cryptogram essential, in which the big sensing data should be signed by one of
legitimate members in a specific group and could be verified without exposing
the actual identity of the participant. The formal security proof demonstrates
that EPDA is secure against existential forgery under adaptive chosen message
and identity attacks in random oracle model. Finally, extensive simulations are
conducted. The results show that the proposed EPDA efficiently decreases
computational cost and time consumption in the sensing data authentication
process
LPTD: Achieving Lightweight and Privacy-Preserving Truth Discovery in CIoT
In recent years, cognitive Internet of Things (CIoT) has received
considerable attention because it can extract valuable information from various
Internet of Things (IoT) devices. In CIoT, truth discovery plays an important
role in identifying truthful values from large scale data to help CIoT provide
deeper insights and value from collected information. However, the privacy
concerns of IoT devices pose a major challenge in designing truth discovery
approaches. Although existing schemes of truth discovery can be executed with
strong privacy guarantees, they are not efficient or cannot be applied in
real-life CIoT applications. This article proposes a novel framework for
lightweight and privacy-preserving truth discovery called LPTD-I, which is
implemented by incorporating fog and cloud platforms, and adopting the
homomorphic Paillier encryption and one-way hash chain techniques. This scheme
not only protects devices' privacy, but also achieves high efficiency.
Moreover, we introduce a fault tolerant (LPTD-II) framework which can
effectively overcome malfunctioning CIoT devices. Detailed security analysis
indicates the proposed schemes are secure under a comprehensively designed
threat model. Experimental simulations are also carried out to demonstrate the
efficiency of the proposed schemes
A new hashing based nearest neighbors selection technique for big datasets
KNN has the reputation to be the word simplest but efficient supervised
learning algorithm used for either classification or regression. KNN prediction
efficiency highly depends on the size of its training data but when this
training data grows KNN suffers from slowness in making decisions since it
needs to search nearest neighbors within the entire dataset at each decision
making. This paper proposes a new technique that enables the selection of
nearest neighbors directly in the neighborhood of a given observation. The
proposed approach consists of dividing the data space into subcells of a
virtual grid built on top of data space. The mapping between the data points
and subcells is performed using hashing. When it comes to select the nearest
neighbors of a given observation, we firstly identify the cell the observation
belongs by using hashing, and then we look for nearest neighbors from that
central cell and cells around it layer by layer. From our experiment
performance analysis on publicly available datasets, our algorithm outperforms
the original KNN in time efficiency with a prediction quality as good as that
of KNN it also offers competitive performance with solutions like KDtreeComment: 8 pages,6 figure
ESAS: An Efficient Semantic and Authorized Search Scheme over Encrypted Outsourced Data
Nowadays, a large amount of user privacy-sensitive data is outsourced to the
cloud server in ciphertext, which is provided by the data owners and can be
accessed by authorized data users. When accessing data, the user should be
assigned with the access permission according to his identities or attributes.
In addition, the search capabilities in encrypted outsourced data is expected
to be enhanced, i.e., the search results can better pre-sent user's intentions.
To address the above issues, ESAS, an Efficient Semantic and Authorized Search
scheme over encrypt-ed outsourced data, is proposed. In ESAS, by integrating
PRSCG (the privacy-preserving ranked search based on con-ceptual graph) and
CP-ABE (ciphertext policy attribute-based encryption), semantic search with
file-level fine-grained access authorization can be realized. In addition,
search authorization can be done in an offline manner, which can improve search
efficiency and reduce the response time. The security analysis indicate that
the proposed ESAS meets security requirement
- …