Lingbo Wei

A secure and privacy-preserving payment system for Electric vehicles

The Electric vehicle (EV) will become futuristic and promising for its advantages such as pro-environment, high energy efficiency and so forth. However, Due to the boundedness of batteries, EVs must be recharged very frequently. In this paper, we propose a secure and privacy-preserving payment system for EVs to charge their batteries with reservation service. A user can only reserve a limited number of charging stations simultaneously using our system so that he can not misuse it before charging their EVs. More importantly, our system can not only protect the privacy of users in order that the charging stations cannot know the identities of users, but also provide a lost-protection service to users so that users can find their stolen vehicles with the help of a trusted authorities. The price of charging and reservation is dynamic according to the charging time, the location of the charging station and some attributes of the users.

A Secure and Privacy-Preserving Billing Scheme for Online Electric Vehicles

The Online Electric Vehicle (OLEV) concept is introduced by Korea Advanced Institute of Science and Technology (KAIST) in South Korea. In OLEV system, an electric vehicle (EV) picks up electric energy remotely from power transmitters (PTs) which are buried under a certain route using its pick-up device while the EV is running. The OLEV uses wireless power transfer (WPT) technology which has been widely adopted to charge the batteries of EVs. However, there is not any billing systems for OLEV up to now. In this paper, we propose a secure and privacy-preserving billing scheme for OLEV. Users can buy electric energy from power supply company and charge their EVs anonymously and unlinkably. We assume that each PT transmits a fixed amount of energy to the EV and the energy supply company bills the EV a same amount of money for the electric energy from every PT. EVs can buy the energy according to the levels of their batteries.

Piggybacking Lightweight Control Messages on Physical Layer for Multicarrier Wireless LANs

Piggyback is an effective scheme to transmit control messages in wireless local area networks (WLANs). In traditional approaches, the piggyback scheme is achieved by redefining or adding control fields in the MAC frame header, i.e., MAC layer piggyback scheme. However, this method has shortcomings. In this paper, we design and present PhyPig (Physical Piggyback), a cross-layer design for lightweight control channel. In the newly proposed communication strategy, the control messages are piggybacked on OFDM-based physical layer so that PhyPig does not consume extra channel resources, and does not harm the normal data throughput. Specifically, PhyPig modulates control messages (or sequences of binary bits) into null or non-null (i.e., normal) data symbols, the minimum 2-D time-frequency resource unit in OFDM. The thus-transmitted messages can be interpreted by checking the patterns of data symbols on OFDM subcarriers. Our extensive results validate the feasibility of PhyPig and show that PhyPig delivers control messages with close to 100 % accuracy on a channel with practical SNR regions. Further, based on our simulation results, we demonstrate that PhyPig outperforms traditional piggyback scheme with significant performance improvements in different scenarios.

Using Path Label Routing in Wide Area Software-Defined Networks with OpenFlow

Separating the control and data planes has brought many advantages such as greater control plane programmability, more vendor independence, and lower operational expenses in Software-Defined Networking (SDN). SDN deployments are possible in a variety of contexts including Wide Area Networks (WANs). However, the large propagation delays between the controller and switches raise several concerns for WANs such as performance limitations, longer routing time for flows and sensitivity of the controller placement. To address this issue, we propose a path label routing approach in SDN-based WANs using OpenFlow. Through hybridizing traditional hop-by-hop routing with path label routing, we reduce flow routing time and controller state distributions. In addition, we present an implement method without modifications to OpenFlow. Finally a prototype is implemented as a proof of the method in OPNET simulator. Experimental results demonstrate that the approach can bring significant performance gains such as the reduction of state distribution and the sensitivity of controller placement in SDN-based WANs.

A Privacy-Preserving Networked Hospitality Service with the Bitcoin Blockchain

In recent years, we have witnessed a rise in the popularity of networked hospitality services (NHSs), an online marketplace for short-term peer-to-peer accommodations. Such systems, however, raise significant privacy concerns, because service providers such as Airbnb and 9flats can easily collect the precise and personal information of millions of participating hosts and guests through their centralized online platforms. In this paper, we propose PrivateNH, a privacy-enhancing and practical solution that offers anonymity and accountability for NHS users without relying on any trusted third party. PrivateNH leverages the recent progress of Bitcoin techniques such as Colored Coins and CoinShuffle to generate and maintain anonymous credentials for NHS participants. The credential holders (NHS hosts or guests) can then lease or rent short-term lodging and interact with the service provider in an anonymous and accountable manner. An anonymous and secure reputation system is also introduced to establish the trust between unfamiliar hosts and guests in a peer-to-peer fashion. The proposed scheme is compatible with the current Bitcoin blockchain system, and its effectiveness and feasibility in NHS scenario are also demonstrated by security analysis and performance evaluation.

TrInc-Based Secure and Privacy-Preserving Protocols for Vehicular Ad Hoc Networks

In vehicular ad hoc networks (VANETs), vehicles communicate with each other and with roadside units (RSUs) in order to enhance road safety, improve traffic management and provide infotainment services. Along with the growth of VANETs, some challenges are emerging. Although there are many research work on VANETs, cheating attacks are still not well resolved such as selective message relaying attack, faked information reporting attack and resource-consuming attack launched by selfish or malicious participants. To deal with this kind of attacks, we present two novel lightweight security mechanisms by equipped each vehicles On-Board Unit (OBU) with a small elegant module called TrInc, which is a trusted hardware and composed of only a non-decreasing counter and a key. We observe that TrInc-based method not only can effectively resist against cheating attacks in safety- oriented, convenience-oriented, and commercial-oriented VANET applications, but also significantly defend various aspects of security and privacy in VANETs. Compared with previous works, our proposal features low communication and computation overhead, less memory requirements, and good network scalability.

Attribute-based encryption scheme based on SIFF

Attribute-Based Encryption (ABE) is a public key encryption scheme that allows users to encrypt and decrypt messages based on user attributes. In this paper, we consider the problem of constructing a ciphertext-policy attribute-based encryption (CP-ABE) scheme in a setting where the attributes distributor is also the owner of messages that are to be encrypted and shared. The CP-ABE scheme we propose bases on the Sibling Intractable Function Family (SIFF) scheme. Compared to the existing ABE schemes, the decryption of our scheme in this setting is quite fast and the ciphertext size is rather small. Our ABE system also provides a high degree of compatibility with the messages that are already encrypted when our system is set up, namely, encrypted messages can be used directly in our scheme without being re-encrypted. We compare the efficiency of our scheme with Bethencourts work in this paper.

A Firewall of Two Clouds: Preserving Outsourced Firewall Policy Confidentiality with Heterogeneity

It is increasingly common for enterprises and other organizations to outsource firewalls to public clouds in order to reduce the cost and complexity in deploying and maintaining dedicated hardware middleboxes. However, this poses a serious threat to the enterprise network security because sensitive network policies, such as firewall rules, are revealed to cloud providers, which may be leaked and exploited by attackers. In this paper, we design and implement a SE- FWaaS, a secured system that enables cloud providers to support middlebox (e.g., firewall) outsourcing while preserving the network policy confidentiality. The key ingredients in our SE-FWaaS are the distribution of the firewall primitives, namely policy checking and verdict enforcing, to two independent public clouds, and the enabling techniques of efficient firewall rule obfuscation and oblivious rule-matching. Our SE-FWaaS provides the maximum achievable level of protection of network policies by enforcing the principle of the least privilege and removing the threat of offline probing attacks. We evaluate the proposed system over real-world firewall rules and demonstrate its effectiveness and feasibility.