Fengyuan Xu

IMDGuard: Securing implantable medical devices with the external wearable guardian

Recent studies have revealed security vulnerabilities in implantable medical devices (IMDs). Security design for IMDs is complicated by the requirement that IMDs remain operable in an emergency when appropriate security credentials may be unavailable. In this paper, we introduce IMDGuard, a comprehensive security scheme for heart-related IMDs to fulfill this requirement. IMDGuard incorporates two techniques tailored to provide desirable protections for IMDs. One is an ECG based key establishment without prior shared secrets, and the other is an access control mechanism resilient to adversary spoofing attacks. The security and performance of IMDGuard are evaluated on our prototype implementation.

SybilDefender: Defend against sybil attacks in large social networks

Distributed systems without trusted identities are particularly vulnerable to sybil attacks, where an adversary creates multiple bogus identities to compromise the running of the system. This paper presents SybilDefender, a sybil defense mechanism that leverages the network topologies to defend against sybil attacks in social networks. Based on performing a limited number of random walks within the social graphs, SybilDefender is efficient and scalable to large social networks. Our experiments on two 3,000,000 node real-world social topologies show that SybilDefender outperforms the state of the art by one to two orders of magnitude in both accuracy and running time. SybilDefender can effectively identify the sybil nodes and detect the sybil community around a sybil node, even when the number of sybil nodes introduced by each attack edge is close to the theoretically detectable lower bound. Besides, we propose two approaches to limiting the number of attack edges in online social networks. The survey results of our Facebook application show that the assumption made by previous work that all the relationships in social networks are trusted does not apply to online social networks, and it is feasible to limit the number of attack edges in online social networks by relationship rating.

Designing a Practical Access Point Association Protocol

In a Wireless Local Area Network (WLAN), the Access Point (AP) selection of a client heavily influences the performance of its own and others. Through theoretical analysis, we reveal that previously proposed association protocols are not effective in maximizing the minimal throughput among all clients. Accordingly, we propose an online AP association strategy that not only achieves a minimal throughput (among all clients) that is provably close to the optimum, but also works effectively in practice with a reasonable computational overhead. The association protocol applying this strategy is implemented on the commercial hardware and compatible with legacy APs without any modification. We demonstrate its feasibility and performance through real experiments.

SmartAssoc: Decentralized Access Point Selection Algorithm to Improve Throughput

As the first step of the communication procedure in 802.11, an unwise selection of the access point (AP) hurts one clients throughput. This performance downgrade is usually hard to be offset by other methods, such as efficient rate adaptations. In this paper, we study this AP selection problem in a decentralized manner, with the objective of maximizing the minimum throughput among all clients. We reveal through theoretical analysis that the selfish strategy, which commonly applies in decentralized systems, cannot effectively achieve this objective. Accordingly, we propose an online AP association strategy that not only achieves a minimum throughput (among all clients) that is provably close to the optimum, but also works effectively in practice with reasonable computation and transmission overhead. The association protocol applying this strategy is implemented on the commercial hardware and compatible with legacy APs without any modification. We demonstrate its feasibility and performance through real experiments and intensive simulations.

SybilDefender: A Defense Mechanism for Sybil Attacks in Large Social Networks

Distributed systems without trusted identities are particularly vulnerable to sybil attacks, where an adversary creates multiple bogus identities to compromise the running of the system. This paper presents SybilDefender, a sybil defense mechanism that leverages the network topologies to defend against sybil attacks in social networks. Based on performing a limited number of random walks within the social graphs, SybilDefender is efficient and scalable to large social networks. Our experiments on two 3,000,000 node real-world social topologies show that SybilDefender outperforms the state of the art by more than 10 times in both accuracy and running time. SybilDefender can effectively identify the sybil nodes and detect the sybil community around a sybil node, even when the number of sybil nodes introduced by each attack edge is close to the theoretically detectable lower bound. Besides, we propose two approaches to limiting the number of attack edges in online social networks. The survey results of our Facebook application show that the assumption made by previous work that all the relationships in social networks are trusted does not apply to online social networks, and it is feasible to limit the number of attack edges in online social networks by relationship rating.

Extracting secret key from wireless link dynamics in vehicular environments

A crucial component of vehicular network security is to establish a secure wireless channel between any two vehicles. In this paper, we propose a scheme to allow two cars to extract a secret key from RSSI (Received Signal Strength Indicator) values in such a way that nearby cars cannot obtain the same secret. Our solution can be executed in noisy, outdoor vehicular environments. We also propose an online parameter learning mechanism to adapt to different channel conditions. We conduct extensive realworld experiments to validate our solution.

High Speed Data Routing in Vehicular Sensor Networks

In this paper, we show through a simple secure symmetric key based protocol design and experiments the feasibility of secure data collection in a vehicular sensor networks. This protocol exhibits high speed data routing for sensor data collection through vehicles. The large communictaion and storage capacities of a vehicle and its mobility facilitates this high speed routing scheme compared with routing through hop-by-hop communication among sensors. We demonstrate that the protocol works in a realistic setting by collecting the real trace data through real implementation.

Using Wireless Link Dynamics to Extract a Secret Key in Vehicular Scenarios

Securing a wireless channel between any two vehicles is a crucial component of vehicular networks security. This can be done by using a secret key to encrypt the messages. We propose a scheme to allow two cars to extract a shared secret from RSSI (Received Signal Strength Indicator) values in such a way that nearby cars cannot obtain the same key. The key is information-theoretically secure, i.e., it is secure against an adversary with unlimited computing power. Although there are existing solutions of key extraction in the indoor or low-speed environments, the unique channel conditions make them inapplicable to vehicular environments. Our scheme effectively and efficiently handles the high noise and mismatch features of the measured samples so that it can be executed in the noisy vehicular environment. We also propose an online parameter learning mechanism to adapt to different channel conditions. Extensive real-world experiments are conducted to validate our solution.

Experimental Study on Secure Data Collection in Vehicular Sensor Networks

In this paper, we show through a simple secure symmetric key based protocol design and its implementation the feasibility of secure data collection in a vehicular sensor networks. We demonstrate that the protocol works in a realistic setting by collecting the real trace data through real implementation. Some of the key considerations are efficiency, deployability and security. The protocol does not safeguard against some of the techniques an adversary could deploy, such as jamming and deliberate battery-draining.

Internet Protocol Cameras with No Password Protection: An Empirical Investigation

Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.