Jinyuan Sun

An Identity-Based Security System for User Privacy in Vehicular Ad Hoc Networks

Vehicular ad hoc network (VANET) can offer various services and benefits to users and thus deserves deployment effort. Attacking and misusing such network could cause destructive consequences. It is therefore necessary to integrate security requirements into the design of VANETs and defend VANET systems against misbehavior, in order to ensure correct and smooth operations of the network. In this paper, we propose a security system for VANETs to achieve privacy desired by vehicles and traceability required by law enforcement authorities, in addition to satisfying fundamental security requirements including authentication, nonrepudiation, message integrity, and confidentiality. Moreover, we propose a privacy-preserving defense technique for network authorities to handle misbehavior in VANET access, considering the challenge that privacy provides avenue for misbehavior. The proposed system employs an identity-based cryptosystem where certificates are not needed for authentication. We show the fulfillment and feasibility of our system with respect to the security goals and efficiency.

Privacy and security for online social networks: challenges and opportunities

Online social networks such as Facebook, Myspace, and Twitter have experienced exponential growth in recent years. These OSNs offer attractive means of online social interactions and communications, but also raise privacy and security concerns. In this article we discuss the design issues for the security and privacy of OSNs. We find there are inherent design conflicts between these and the traditional design goals of OSNs such as usability and sociability. We present the unique security and privacy design challenges brought by the core functionalities of OSNs and highlight some opportunities of utilizing social network theory to mitigate these design conflicts.

Fast identification of the missing tags in a large RFID system

RFID (radio-frequency identification) is an emerging technology with extensive applications such as transportation and logistics, object tracking, and inventory management. How to quickly identify the missing RFID tags and thus their associated objects is a practically important problem in many large-scale RFID systems. This paper presents three novel methods to quickly identify the missing tags in a large-scale RFID system of thousands of tags. Our protocols can reduce the time for identifying all the missing tags by up to 75% in comparison to the state of art.

An ID-based Framework Achieving Privacy and Non-Repudiation in Vehicular Ad Hoc Networks

Security requirements should be integrated into the design of vehicular ad hoc networks (VANETs), which bear unique features like road-safety and life-critical message dissemination. In this paper, we propose a security framework for VANETs to achieve privacy desired by vehicles and non-repudiation required by authorities, in addition to satisfying fundamental security requirements including authentication, message integrity and confidentiality. The proposed framework employs an ID-based cryptosystem where certificates are not needed for authentication. It increases the communication efficiency for VANET applications where the real-time constraint on message delivery should be guaranteed. We also briefly review the requirements for VANET security and verify the fulfillment of our proposed framework against these requirements.

A Privacy-Preserving Scheme for Online Social Networks with Efficient Revocation

Online social networks (OSNs) are attractive applications which enable a group of users to share data and stay connected. Facebook, Myspace, and Twitter are among the most popular applications of OSNs where personal information is shared among group contacts. Due to the private nature of the shared information, data privacy is an indispensable security requirement in OSN applications. In this paper, we propose a privacy-preserving scheme for data sharing in OSNs, with efficient revocation for deterring a contacts access right to the private data once the contact is removed from the social group. In addition, the proposed scheme offers advanced features such as efficient search over encrypted data files and dynamic changes to group membership. With slight modification, we extend the application of the proposed scheme to anonymous online social networks of different security and functional requirements. The proposed scheme is demonstrated to be secure, effective, and efficient.

Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability

Motivated by the privacy issues, curbing the adoption of electronic healthcare systems and the wild success of cloud service models, we propose to build privacy into mobile healthcare systems with the help of the private cloud. Our system offers salient features including efficient key management, privacy-preserving data storage, and retrieval, especially for retrieval at emergencies, and auditability for misusing health data. Specifically, we propose to integrate key management from pseudorandom number generator for unlinkability, a secure indexing method for privacy-preserving keyword search which hides both search and access patterns based on redundancy, and integrate the concept of attribute-based encryption with threshold signing for providing role-based access control with auditability to prevent potential misbehavior, in both normal and emergency cases.

Privacy and emergency response in e-healthcare leveraging wireless body sensor networks

Electronic healthcare is becoming a vital part of our living environment and exhibits advantages over paper-based legacy systems. Privacy is the foremost concern of patients and the biggest impediment to e-healthcare deployment. In addressing privacy issues, conflicts from the functional requirements must be taken into account. One such requirement is efficient and effective response to medical emergencies. In this article, we provide detailed discussions on the privacy and security issues in e-healthcare systems and viable techniques for these issues. Furthermore, we demonstrate the design challenge in the fulfillment of conflicting goals through an exemplary scenario, where the wireless body sensor network is leveraged, and a sound solution is proposed to overcome the conflict.

Cross-Domain Data Sharing in Distributed Electronic Health Record Systems

Cross-organization or cross-domain cooperation takes place from time to time in Electronic Health Record (EHR) system for necessary and high-quality patient treatment. Cautious design of delegation mechanism must be in place as a building block of cross-domain cooperation, since the cooperation inevitably involves exchanging and sharing relevant patient data that are considered highly private and confidential. The delegation mechanism grants permission to and restricts access rights of a cooperating partner. Patients are unwilling to accept the EHR system unless their health data are guaranteed proper use and disclosure, which cannot be easily achieved without cross-domain authentication and fine-grained access control. In addition, revocation of the delegated rights should be possible at any time during the cooperation. In this paper, we propose a secure EHR system, based on cryptographic constructions, to enable secure sharing of sensitive patient data during cooperation and preserve patient data privacy. Our EHR system further incorporates advanced mechanisms for fine-grained access control, and on-demand revocation, as enhancements to the basic access control offered by the delegation mechanism, and the basic revocation mechanism, respectively. The proposed EHR system is demonstrated to fulfill objectives specific to the cross-domain delegation scenario of interest.

RescueMe: Location-Based Secure and Dependable VANETs for Disaster Rescue

Natural disasters and terrorism threaten our nations safety and security, rendering post-disaster rescue mission critical. It is of paramount importance to carry out rescue work relying on secure and dependable networking. In this paper, we propose RescueMe, location-based vehicular ad hoc networks (VANETs), to aid in secure and dependable rescue planning for the efficient allocation of rescue resources. RescueMe leverages the location information stored during normal network operations to facilitate post-disaster rescue planning, while guaranteeing that the sensitive user location information is not exploited to trace a users whereabouts when disasters are absent, even if the most powerful collusion attack is allowed. We provide a novel construction for the location update message, and propose several enhancements, to achieve the functional and security goals of RescueMe.

Defense against misbehavior in anonymous vehicular ad hoc networks

Vehicular ad hoc network (VANET) can offer various services and benefits to VANET users and thus deserves deployment effort. Misusing such network could cause destructive consequences. It is therefore necessary to discourage misbehavior and defend VANET systems against it, in order to ensure correct and smooth operations of the network. In this paper, we review the techniques for handling misbehavior in VANETs, particularly where anonymous communications are desired to conserve user privacy since it adds more complexity to the defense against misbehavior. A new scheme is proposed to punish misbehaving users and can be employed in both inter-vehicle and vehicle-to-infrastructure anonymous communications. Our scheme leverages some threshold authentication technique that dynamically revokes a users credential, while providing the flexibility of whether to reveal the users identity and tolerating unintentional misbehavior such as hardware malfunctioning.