Dijiang Huang

MobiCloud: Building Secure Cloud Framework for Mobile Computing and Communication

Cloud services can greatly enhance the computing capability of mobile devices. Mobile users can rely on the cloud to perform computationally intensive operations such as searching, data mining, and multimedia processing. In this paper, we propose a new mobile cloud framework called MobiCloud. In addition to providing traditional computation services, MobiCloud also enhances the operation of the ad hoc network itself by treating mobile devices as service nodes. The MobiCloud framework will enhance communication by addressing trust management, secure routing, and risk management issues in the network. A new class of applications can be developed using the enhanced processing power and connectivity provided by MobiCloud. Open research issues for MobiCloud are also discussed to outline future research directions.

NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems

Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.

PACP: An Efficient Pseudonymous Authentication-Based Conditional Privacy Protocol for VANETs

In this paper, we propose a new privacy preservation scheme, named pseudonymous authentication-based conditional privacy (PACP), which allows vehicles in a vehicular ad hoc network (VANET) to use pseudonyms instead of their true identity to obtain provably good privacy. In our scheme, vehicles interact with roadside units to help them generate pseudonyms for anonymous communication. In our setup, the pseudonyms are only known to the vehicles but have no other entities in the network. In addition, our scheme provides an efficient revocation mechanism that allows vehicles to be identified and revoked from the network if needed. Thus, we provide conditional privacy to the vehicles in the system, that is, the vehicles will be anonymous in the network until they are revoked, at which point, they cease to be anonymous.

An SMDP-Based Service Model for Interdomain Resource Allocation in Mobile Cloud Networks

Mobile cloud computing is a promising technique that shifts the data and computing service modules from individual devices to a geographically distributed cloud service architecture. A general mobile cloud computing system is comprised of multiple cloud domains, and each domain manages a portion of the cloud system resources, such as the Central Processing Unit, memory and storage, etc. How to efficiently manage the cloud resources across multiple cloud domains is critical for providing continuous mobile cloud services. In this paper, we propose a service decision making system for interdomain service transfer to balance the computation loads among multiple cloud domains. Our system focuses on maximizing the rewards for both the cloud system and the users by minimizing the number of service rejections that degrade the user satisfaction level significantly. To this end, we formulate the service request decision making process as a semi-Markov decision process. The optimal service transfer decisions are obtained by jointly considering the system incomes and expenses. Extensive simulation results show that the proposed decision making system can significantly improve the system rewards and decrease service disruptions compared with the greedy approach.

IDoctor: Personalized and professionalized medical recommendations based on hybrid matrix factorization

Abstract Nowadays, crowd-sourced review websites provide decision support for various aspects of daily life, including shopping, local services, healthcare, etc. However, one of the most important challenges for existing healthcare review websites is the lack of personalized and professionalized guidelines for users to choose medical services. In this paper, we develop a novel healthcare recommendation system called iDoctor , which is based on hybrid matrix factorization methods. iDoctor differs from previous work in the following aspects: (1) emotional offset of user reviews can be unveiled by sentiment analysis and be utilized to revise original user ratings; (2) user preference and doctor feature are extracted by Latent Dirichlet Allocation and incorporated into conventional matrix factorization. We compare iDoctor with previous healthcare recommendation methods using real datasets. The experimental results show that iDoctor provides a higher predication rating and increases the accuracy of healthcare recommendation significantly.

ASPE: attribute-based secure policy enforcement in vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) are usually operated among vehicles moving at high speeds, and thus their communication relations can be changed frequently. In such a highly dynamic environment, establishing trust among vehicles is difficult. To solve this problem, we propose a flexible, secure and decentralized attribute based secure key management framework for VANETs. Our solution is based on attribute based encryption (ABE) to construct an attribute based security policy enforcement (ASPE) framework. ASPE considers various road situations as attributes. These attributes are used as encryption keys to secure the transmitted data. ASPE is flexible in that it can dynamically change encryption keys depending on the VANET situations. At the same time, ASPE naturally incorporates data access control policies on the transmitted data. ASPE provides an integrated solution to involve data access control, key management, security policy enforcement, and secure group formation in highly dynamic vehicular communication environments. Our performance evaluations show that ASPE is efficient and it can handle large amount of data encryption/decryption flows in VANETs.

Mobile cloud computing service models: a user-centric approach

Mobile devices are rapidly becoming the major service participants nowadays. However, traditional client-server based mobile service models are not able to meet the increasing demands from mobile users in terms of services diversity, user experience, security and privacy, and so on. Cloud computing enables mobile devices to offload complex operations of mobile applications, which are infeasible on mobile devices alone. In this article, we provide a comprehensive study to lay out existing mobile cloud computing service models and key achievements, and present a new user-centric mobile cloud computing service model to advance existing mobile cloud computing research.

Cloud-Based Virtual Laboratory for Network Security Education

Hands-on experiments are essential for computer network security education. Existing laboratory solutions usually require significant effort to build, configure, and maintain and often do not support reconfigurability, flexibility, and scalability. This paper presents a cloud-based virtual laboratory education platform called V-Lab that provides a contained experimental environment for hands-on experiments using virtualization technologies (such as Xen or KVM Cloud Platform) and OpenFlow switches. The system can be securely accessed through OpenVPN, and students can remotely control the virtual machines (VMs) and perform the experimental tasks. The V-Lab platform also offers an interactive Web GUI for resource management and a social site for knowledge sharing and contribution. By using a flexible and configurable design, V-Lab integrates pedagogical models into curriculum design and provides a progressive learning path with a series of experiments for network security education. Since summer 2011, V-Lab has served more than 1000 students from six courses across over 20 experiments. The evaluation demonstrates that the platform and curriculum have produced excellent results and helped students understand and build up computer security knowledge to solve real-world problems.

Secure pairwise key establishment in large-scale sensor networks: An area partitioning and multigroup key predistribution approach

Existing pairwise key establishment schemes for large-scale sensor networks are vulnerable to various passive or active attacks. We classify attacks as selective node capture attacks, node fabrication attacks, and insider attacks. In order to improve the security robustness of random key predistribution and pairwise key establishment schemes against these attacks, we propose a five-phase pairwise key predistribution and pairwise key establishment approach by using area partitioning and multigroup key predistribution. Our security performance studies show that our proposed approach is resilient to selective node capture and node fabrication attacks, and restricts the consequence of any insider attack to a minimal level.

On Economic Mobile Cloud Computing Model

Cloud has become a promising service model for mobile devices. Using cloud services, mobile devices can outsource its computationally intensive operations to the cloud, such as searching, data mining, and multimedia processing. In this service computing model, how to build an economic service provisioning scheme is critical for mobile cloud service providers. Particularly when the mobile cloud resource is restricted. In this paper, we present an economic mobile cloud computing model using Semi-Markov Decision Process for mobile cloud resource allocation. Our model takes the considerations the cloud computing capacity, the overall cloud system gain, and expenses of mobile users using cloud services. Based on the best of our knowledge, our presented model is the first to address the economic service provisioning for mobile cloud services. In the performance evaluation, we showed that the presented economic mobile cloud computing model can produce the optimal system gain with a given cloud service inter-domain transfer probability.