Bo Yin

Secure key establishment for Device-to-Device communications

With the rapid growth of smartphone and tablet users, Device-to-Device (D2D) communications have become an attractive solution for enhancing the performance of traditional cellular networks. However, relevant security issues involved in D2D communications have not been addressed yet. In this paper, we investigate the security requirements and challenges for D2D communications, and present a secure and efficient key agreement protocol, which enables two mobile devices to establish a shared secret key for D2D communications without prior knowledge. Our approach is based on the Diffie-Hellman key agreement protocol and commitment schemes. Compared to previous work, our proposed protocol introduces less communication and computation overhead. We present the design details and security analysis of the proposed protocol. We also integrate our proposed protocol into the existing Wi-Fi Direct protocol, and implement it using Android smartphones.

Development of Mobile Ad-hoc Networks over Wi-Fi Direct with off-the-shelf Android phones

The proliferation of smart phones enables ubiquitous Mobile Ad-hoc Networks (MANETs) where mobile devices communicate with peers over a wireless channel in an ad hoc mode. In this paper, we introduce a novel method to achieve multi-hop communication among open-source, non-rooted Android devices using Wi-Fi Direct Technology, also known as Wi-Fi Peer-to-Peer (P2P). Then we implement a proactive routing protocol in an MANET using multiple off-the-shelf smart phones to enable efficient message delivery over a multi-hop MANET.

Secure device-to-device communications over WiFi direct

D2D communications facilitate proximal devices to directly communicate with each other, bypassing cellular base stations or access points, and bring many benefits such as improvement in both spectral efficiency and energy efficiency. Among existing D2D enabling techniques, the recently released WiFi Direct is one promising protocol that offers high data rate D2D communications in local areas. However, WiFi Direct is susceptible to security threats due to the open access of wireless channels and lack of security infrastructures. In this article, we identify several attacks that challenge WiFi-Direct-based D2D communications. Since pairwise key establishment lies in the area of securing D2D communications, we introduce a short authentication-string-based key agreement protocol and analyze its security performance. We also integrate the SAS-based key agreement protocol into the existing WiFi Direct protocol, and implement it using Android smartphones.

A Distributed Secure Outsourcing Scheme for Solving Linear Algebraic Equations in Ad Hoc Clouds

The emerging ad hoc clouds form a new cloud computing paradigm by leveraging untapped local computation and storage resources. An important application of ad hoc clouds is to outsource computational intensive problems to nearby cloud agents. Specifically, for the problem of solving a linear algebraic equation (LAE), an outsourcing client assigns each cloud agent a subproblem, and then all involved agents apply a consensus-based algorithm to obtain the correct solution of the LAE in an iterative and distributed manner. However, such a distributed collaboration paradigm suffers from cyber security threats that undermine the confidentiality of the outsourced problem and the integrity of the returned results. In this paper, we identify a number of such security threats in this process, and propose a secure outsourcing scheme which not only preserves the privacy of the LAE parameters and the final solution from the participating agents, but also guarantees the correctness of the final solution. We prove that the proposed scheme has low computation complexity at each agent, and is robust against the identified security attacks. Numerical and simulation results are presented to demonstrate the effectiveness of the proposed method.

A Mobile Cloud Computing Middleware for Low Latency Offloading of Big Data

Recent years have witnessed an explosive growth of mobile applications. Thanks to improved network connectivity, it becomes a promising enabling solution to offload computation-intensive applications to the resource abundant public cloud to further augment the capacity of resource-constrained devices. As mobile applications usually have QoS requirements, it is critical to provide low latency services to the mobile users while maintain low leasing cost of cloud resources. However, the resources offered by cloud vendors are usually charged based on a time quanta while the offloading demand for heavy-lifting computation may occur infrequently on mobile devices. This mismatch would demotivate users to resort to public cloud for computation offloading. In this paper, we design a computation offloading middleware which bridges the aforementioned gap between cloud vendors and mobile clients, providing offloading service to multiple users with low cost and delay. The proposed middleware has two key components: Task Scheduler and Instance Manager. The Task Scheduler dispatches the received offloading tasks to execute in the instances reserved by the Instance Manager. Based on the arrival pattern of offloading tasks, the Instance Manager dynamically changes the number of instances to ensure certain service grade of mobile users. Our proposed mechanisms are validated through numerical results. It is shown that a lower average delay can be achieved through proposed scheduling heuristic, and the number of reserved instances well adapts to the offloading demands.

Privacy-preserving mobile crowd sensing for big data applications

Mobile crowd sensing presents a new sensing paradigm which allows an individual participant with mobile device perform sensing tasks and activities of professional organizations. Privacy is one major concern in the mobile crowd sensing application. In this paper, we first present a fog-assisted mobile crowd sensing architecture, then we propose two privacy-preserving crowd sensing schemes for two categories of crowd sensing applications. The first scheme is based on an additive homomorphic encryption algorithm and allows the service subscriber collect the statistical data without revealing the individual data from each participant. The second scheme is based on a bitwise-XOR homomorphic encryption algorithm and allows the service subscriber collect the accurate data without know which data is from which participant. The proposed schemes can achieve κ-anonymity privacy level for each participant. We also give the performance analysis of the proposed schemes.

Secure In-Band Bootstrapping for Wireless Personal Area Networks

Wireless personal area network (WPAN) is small-ranged network centered at an individual for interconnecting personal devices. For such a network, the bootstrapping mechanism with which the devices establish a secure group key is of critical importance. Most existing bootstrapping mechanisms require out-of-band channels and involve human interactions for authentication. In this paper, we aim to develop a fully automated bootstrapping mechanism with only in-band channels with approvable security. Toward this end, we designed an integrity-guaranteed message (IGM) structure, a self-authenticated key agreement protocol, and a prescheduling mechanism in allusion to the IEEE 802.15.4 standard for WPANs. The IGM structure guarantees that an adversary cannot modify the IGM message without being detected, thus protects the message integrity without the requirement of shared secrets between the sender and the receiver devices. The proposed self-authenticated key agreement protocol utilizes the IGMs integrity guaranteed property, works together with the prescheduling mechanism to achieve message self-authentication, thus protecting the secure bootstrapping process from the node impersonation attack and the man-in-the-middle attack without leveraging any out-of-band channels. We analyze the security performance of the proposed schemes, and show that they can be seamless interoperative with the existing IEEE 802.15.4 standard.

Distributed resource sharing in fog-assisted big data streaming

Fog computing is a promising architectural pattern to reduce the amount of data that is transferred to the cloud for processing and analysis. In this paper, we study fog-assisted data streaming scenario in which fog nodes at the network edge share their spare resources to help pre-process raw data of applications hosted in the cloud. A distributed resource sharing scheme is presented where the software defined network (SDN) controller dynamically adjusts the volume of application data that will be directed to fog nodes for pre-processing. The SDN controller makes decisions by coordinating fog nodes and cloud platform to collaboratively solve a social welfare maximization problem. Based on a hybrid alternating direction method of multipliers (H-ADMM) algorithm, computation burden for solving the optimization problem is fully distributed to fog nodes, cloud platform and SDN controller, where local variables of fog nodes are updated in parallel. With proper design of message exchange pattern, the communication overhead of the coordination to SDN controller grows smoothly with increasing number of participating fog nodes.

A Location Aware Game Theoretic Approach for Charging Plug-In Hybrid Electric Vehicles

This paper studies the charging problem of plug-in hybrid electric vehicles (PHEVs) with a game theoretic approach. The interplay between PHEVs and smart micro-grid charging stations are modeled as a multi-leader-multi-flower Stackelberg game. In the game, each PHEV needs to select a charging station for maximum utility given the charging prices from each station; and each charging station needs to adjust its charging price for improved utility based on the charging requests received. An important issue being considered in this paper is that the actual cost for charging into a target energy level depends on the travel distance and traffic conditions between the requesting PHEV and the finally selected charging station. In this paper, we adopt a location aware approach to explicitly incorporate the location- related cost into the utility function in the game model. Note that the distance information, traffic information along the roads, and communications between PHEVs and charging stations are to be obtained or enabled by vehicular ad hoc networks (VANET). We develop the algorithms for charging station selection and price adjustment. Simulation results are presented to demonstrate that the utility improvement of the location-aware model over the location-blind model.