Baokang Zhao

ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things

The Internet of Things (IoT) provides anywhere, anything, anytime connections, for which user privacy is vulnerable and authentication methods that favor policy over attributes are essential. Thus, a signature scheme that considers user privacy and implements an attributes policy is required. Emerging attribute-based signature (ABS) schemes allow a requester of a resource to generate a signature with attributes satisfying the policy without leaking more information. However, few existing approaches simultaneously achieve an expressive policy and security under the standard Diffie-Hellman assumption. Here we describe ePASS, a novel ABS scheme that uses an attribute tree and expresses any policy consisting of AND, OR threshold gates under the computational Diffie-Hellman problem. Users cannot forge signatures with attributes they do not possess, and the signature provides assurance that only a user with appropriate attributes satisfying the policy can endorse the message, resulting in unforgeability. However, legitimate signers remain anonymous and are indistinguishable among all users whose attributes satisfy the policy, which provides attribute privacy for the signer. Compared to existing schemes, our approach delivers enhanced performance by reducing the computational cost and signature size.

A novel steganography approach for voice over IP

In homeland defense and security, secure data transfer is still critical challenging due to the open nature of Internet. One of the solutions which came to the rescue is the VoIP (Voice over IP) steganography. VoIP is unquestionably the most popular real-time service in IP networks today. To date, existing VoIP steganography research commonly focus on information hiding in the LSB bits of network audio streams. However, this approach may raise serious security threat, where the hidden information may be easily removed, detected and attacked. Towards this issue, we propose AVIS, a novel Adaptive VoIP steganography approach to hide information within network audio streams. AVIS consists of three parts, named VAMI, VADDI and VODO. VAMI works by dynamically selecting multiple bits based on the VoIP vector value, VADDI dynamically changes embedding intervals to avoid detection and attacking, and VODO try to change the neighbor bits to offset the sound distortion. Also, we evaluate the effectiveness of this approach with G.711 as the codec of the cover speech in Linphone, a famous open-source VoIP software. The experimental results demonstrate that our approach provides better performance than the traditional one.

OpenSAN: a software-defined satellite network architecture

In recent years, with the rapid development of satellite technology including On Board Processing (OBP) and Inter Satellite Link (ISL), satellite network devices such as space IP routers have been experimentally carried in space. However, there are many difficulties to build a future satellite network with current terrestrial Internet technologies due to the distinguished space features, such as the severely limited resources, remote hardware/software upgrade in space. In this paper, we propose OpenSAN, a novel architecture of software-defined satellite network. By decoupling the data plane and control plane, OpenSAN provides satellite network with high efficiency, fine-grained control, as well as flexibility to support future advanced network technology. Moreover, we also discuss some practical challenges in the deployment of OpenSAN.

Mix-zones optimal deployment for protecting location privacy in VANET

A promising approach to protect driver’s location privacy in vehicular ad hoc network (VANET) suggests vehicle changing pseudonyms in regions called mix-zones, where the adversary cannot eavesdrop the vehicular communication. How to deploy mix-zones in a large city is a challenge problem and has not been well addressed in previously reported works. In this paper, we propose a statistics-based metric for evaluating the effectiveness of a mix-zone and selecting mix-zone candidates in term of privacy requirement. Furthermore, a cost-efficient mix-zones deployment scheme is presented to guarantee that vehicles at any place could pass through an effective mix-zone in certain driving time, and the extra overhead time of adjusting routes to across the mix-zone is small. Extensive simulations demonstrate that the proposed evaluation metric is viable under various traffic scenarios while the deployment plans generated by our scheme in a real-world map make drivers have more chances to pass through mix-zones on road.

ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences

Abstract Malware obfuscation obscures malware into different versions, making traditional syntactic nature based detection ineffective. Furthermore, with the huge and exponentially growing number of malware samples, existing malware detection systems are either evaded by malware obfuscation, or overwhelmed by numerous malware samples. This paper proposes an anti-obfuscation, scalable and collaborative malware detection system—ENDMal. ENDMal identifies the program that behaves suspiciously in end-hosts and similarly between a group of suspicious programs in a wide area as malicious. We present the Iterative Sequence Alignment (ISA) method to defeat malware obfuscation. Instead of using complex behavior graph, we propose the Handle dependences and Probabilistic Ordering Dependence (HPOD) technology to represent the program behaviors. In addition, we design a novel information sharing infrastructure, RENShare, to collaboratively congregate the group characteristics of programs spreading over different network areas. Our experimental results show that ENDMal can detect unknown malwares much faster than the centralized detection system and is more effective than the existing distributed detection system.

Adaptive VoIP Steganography for Information Hiding within Network Audio Streams

With the rapid development of the Internet, steganography on Voice over IP (VoIP) has been attracted a lot of research efforts. To date, existing VoIP steganography research commonly focus on information hiding in the LSB bits of Network Audio Streams, yet, we found this approach may raise serious security threat, where the hidden information may be easily removed, detected and attacked. Towards this issue, in this paper, we propose AVIS, a novel Adaptive VoIP steganography approach to hide information within Network Audio Streams. AVIS consists of two parts, named VAMI and VADDI. VAMI works by dynamically select multiple bits based on the VoIP vector value, while VADDI dynamically changes embedding intervals to avoid detection and attacking. We also implemented AVIS and conducted extensive experiments in real systems. Experimental results demonstrate the effectiveness of our proposed AVIS scheme.

Thwarting audio steganography attacks in cloud storage systems

Nowadays, enterprises and individuals are increasing tending to store their data in the cloud storage systems, yet, these sensitive data will face serious security threats. Currently, cloud storage service providers mainly adopt encryption and authentication to protect sensitive data, and a lot of approaches have been proposed to ensure data security in cloud storage systems. Recently, audio steganography has been regarded as serious attacking measures to threaten cloud storage systems. Nevertheless, little research has been focused on thwarting the Audio steganography Attacks in Cloud Storage Systems. In this paper, we analyze the Audiosteganography Attacks in Cloud Storage Systems, and then, we propose and develop StegAD, a novel scheme for defending Audiosteganography Attacks. StegAD includes two algorithms, i.e., the enhanced-RS algorithm and the SADI algorithm. The enhanced-RS algorithm is adopted to detect the audio steganographied files, and after that, SADI is applied to infer and compensate the possible hiding positions. To evaluate the performance of StegAD, we perform extensive evaluations on a real platform in terms of detecting, audio quality and interfering intensity. Experimental results show that, our proposed StegAD scheme is very efficient in thwarting the Audio steganography Attacks in Cloud Storage Systems.

Ferry Route Design with Delay Bounds in Delay-Tolerant Networks

Delay-Tolerant/Disruption-Tolerant Networks (DTNs) have been proposed to cope with the challenges of communication in some extreme or special environments. Due to the uncertainty of node mobility, application traffic demand and other factors, it is difficult to provide performance guarantee for a DTN where all nodes may move arbitrarily. With controlled mobility, message ferries can be utilized to guarantee the network performance. Central to the problem is the design of ferry routes under some constraints. In this paper, we consider the delay requirements in DTNs and study the multiple ferry route design problem with delay constraints. We formulate the problem as a global optimization problem and give the conditions when a solution is valid and when there is no valid solution to the problem. Then a heuristic algorithm is proposed to find the minimal number of ferries and the ferry routes subject to the delay bounds. The algorithm performance is evaluated and compared to the SIRA algorithm. The experiment results have shown that the performance of a DTN can be guaranteed using a reasonable number of message ferries moving along the ferry routes found by the proposed algorithm.

Topology-Aware Energy Efficient Task Assignment for Collaborative In-Network Processing in Distributed Sensor Systems

In the emerging networked sensor systems, collaborative in-network processing provides a viable solution to overcome the limited energy and resource constraints of one single node. In this novel computing paradigm, it is very critical to perform task assignment. In this paper, we formally model TETA, an energy efficient topology-aware real time task assignment problem in wireless sensor networks, and prove its NP-completeness.We also propose an ant-based meta-heuristic algorithm to solve the TETA problem.We implement our algorithm and conduct experiments based on a simulation environment. The experimental results show that our approach can archive significant energy saving and improve the system lifetime effectively as well.

Software defined satellite networks: Benefits and challenges

To date, traditional satellite systems are contained-designed and inflexible for configuration update, space systems interconnections and providing fine-grained services. In this paper, we propose a novel satellite network architecture: software defined satellite networks (SDSN) to solve these problems. The new architecture is based on the central control patten of software defined networks (SDN), and takes full use of the inter-satellite links (ISLs) forwarding and GEO broadcasting for rapid network deployment. With global network view and central control ability, SDSN can (1) balance the flexibility and controllability of space dynamic routing algorithms, (2) rapidly deploy flexible and fine-grained network management strategies, (3) reduce the system cost, and (4) improve the collaboration between satellites and the compatibility of heterogeneous space systems. Meanwhile, the challenges are also introduced in designing and deploying the new architecture. Finally, the performance of the new SDSN architecture is validated in this paper.