Tao Yang

Resisting relay attacks on vehicular Passive Keyless Entry and start systems

Passive Keyless Entry and Start (PKES) systems are popularly embed in modern cars, which allow users to open and start their cars while having their car keys in their pockets. They bring convenience to users but are vulnerable to relay attacks. A relay attack to PKES is a widely known attack against the challenge- response technique used in the passive keyless vehicle system, which allows to open and start the car while the true distance between the key and car remained large. The main countermeasure against relay attacks is the use of distance bounding protocols measuring the round-trip time between the car and the key. However, most schemes tend to a more complex design to decrease adversarys success probability. In this paper, we propose a novel distance bounding protocol to resist relay attacks in PKES systems, using only 2n bits of memory, which, to our best knowledge, is equal to Hancke and Kuhns protocol and less than any existing protocols. In addition, by using our protocol, the key is able to detect adversarys malicious queries. We also make a comparison with typical previous distance bounding protocols in both memory and mafia fraud success probability.

Towards privacy-preserving RFID-based location-based services

Nowadays, RFID technology is increasingly become popular and begin to enter many spheres of everyday life. In this paper, we present LocSafe, a “missed-connections” service with privacy grantees based on RFID technology, in order to prove an encounter sharing among users in the past. LocSafe is comprised of three parts: RFID Tags, LE Collectors, and Social Service Provider. We use RFID technology to detect encounters, and use attribute-based encryption and broadcast encryption to establish trust and protect users privacy. We evaluate LocSafe by an study of “missed-connections” problems and analysis of system implementation.

A Distance Bounding Protocol Using Error State and Punishment

This Radio Frequency Identification (RFID) systems suffer from different security and privacy problems, among which relay attack is a hot topic recently. A relay attack is a type of attack related to man-in-the-middle and replay attacks, in which an attacker relays verbatim a message from the sender to a valid receiver of the message. The sender may not be aware of even sending the message to the attacker. The main countermeasure against relay attack is the use of distance bounding protocols measuring the round-trip time between the reader and the tag. In this paper, we consider a modification of these protocols using `error state which stands for the number of response bit errors that have already occurred. We set a maximal error number to prevent adversary from malicious queries, we also apply a punishment mechanism for error responding, which to my best knowledge is proposed at the first time in distance bounding protocols, if the tag sends one error bit, it should respond one more challenge bit to successfully finish the protocol. By using error state and punishment mechanism, the success probability for an adversary to access to the system decreases. Finally, we use the Hancke and Kuhns protocol as a comparison, to show the improvements achieved when different cases are analyzed.

A traceable privacy-preserving authentication protocol for VANETs based on proxy re-signature

In this paper, based on a single hop proxy re-signature in the standard model, we introduce a traceable privacy-preserving communication protocol for VANETs. The proposed protocol has some appealing features: The Trusted Authority (TA) designates the Roadside Units (RSUs) translating signatures computed by the On-Board Units (OBUs) into one that is valid as for TAs public key. As a result, the potential danger that vehicles could be traced by the signatures on messages can be well deleted, and attacks are thwarted by using an endorsement mechanism based on signatures. The security analysis shows that the protocol can achieve good conditional privacy target of VANETs.

An Efficient Privacy-Preserving RFID Ownership Transfer Protocol

RFID technology is increasingly become popular in supply chain management. When passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we first introduce some existing RFID tag ownership transfer protocols, then give the security and privacy requirements for such kind of protocols, finally, we propose a novel RFID tag ownership transfer protocol which supports constant-time authentication, and effectively protects the privacy of the old tag owner and the new tag owner.

Customer Reviews for Individual Product Feature-based Ranking

As the number of products being sold online increases, it is becoming increasingly difficult for customers to make purchasing decisions based on only pictures and short product descriptions. Thus, customer reviews, particularly the text describing the features, comparisons and experiences of using a particular product provide a rich source of information to compare products and make purchasing decisions. Especially, all kinds of reviews from various people have different degree of impact on a buyer, that is, we tend to believe our friends who always make right decisions than others. In this paper, we present an individual feature-based product ranking technique that mines thousands of customer reviews. By grouping users into unfamiliar users and familiar users according to the fact whether the client has almost always right ideas as far as one has concerned we attach different weights to them based on the friend ranking list. Friends on the top of the list are expected to be more reliable than the rest. After founding the clients friend set{F_j, S_k}, we extract crucial information from users reviews. By realizing key words in a sentence, we classify comments into 4 representative sentences-Active Direct sentence(AD), Inactive Direct sentence(ID), Active Indirect sentence(AI), and Inactive Indirect sentence(II). Afterwards, we construct a weighted graph considering the product weight itself and the edge between every 2 relevant products, using ratios AD/ID and ID/II. The last step is that the client ranks search result with the average reliabilities of himself with respect to reviews of specific feature. Through calculation, we have a weighted score list, helping the client make purchase intentions.

Need for Symmetry: Addressing Privacy Risks in Online Social Networks

Private attributes of Online Social Network (OSN) users can be inferred from other information (which is usually from users friends and group information). To address this, social networking sites allow users to hide their friend lists and group lists, so that general public cannot see them. However, if a user doesnt make his friend list public, but his friends have public friend list where we can find him, we can do reverse lookup to extend the friend lists of the user. Furthermore, many social networks allow non-group members to list the members of public groups (e.g., Face book). These are strong violations of OSN users privacy, and can be considered as privacy risks caused by the asymmetric configuration of settings in OSNs. In this paper we present the privacy risks due to the lack of symmetric configurations, which exist in most of the OSNs. To make our idea more clear, we propose a inference attack and show that it can be used to infer users private information, even users already made their friend list private. We theoretically analyze the risk of proposed privacy issues, and evaluate the risk using experiments based on real-world OSN data. We show that it is not sufficient to only disable friend list and group list to guarantee privacy, and propose methods to mitigate these privacy issues.

Privacy protection in social networks using l -diversity

With the increasing popularity of online social networks, such as twitter and weibo, privacy preserving publishing of social network data has raised serious concerns. In this paper, we focus on the problem of preserving the sensitive attribute of the node in social network data. We call a graph l-diversity anonymous if all the same degree nodes in the graph form a group in which the frequency of the most frequent sensitive value is at most

VLSP: Enabling Location Privacy in Vehicular Location Based Services

frac{1}{l}

SecGuard: secure and practical integrity protection model for operating systems

. To achieve this objective, we devise an efficient heuristic algorithm via graphic l-diverse partition and also use three anonymous strategies(AdjustGroup, RedirectEdges, AssignResidue)to optimize the heuristic algorithm. Finally, we verify the effectiveness of the algorithm through experiments.