Wenbo He

PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks

Providing efficient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present two privacy-preserving data aggregation schemes for additive aggregation functions. The first scheme -cluster-based private data aggregation (CPDA)-leverages clustering protocol and algebraic properties of polynomials. It has the advantage of incurring less communication overhead. The second scheme -Slice-Mix-AggRegaTe (SMART)-builds on slicing techniques and the associative property of addition. It has the advantage of incurring less computation overhead. The goal of our work is to bridge the gap between collaborative data collection by wireless sensor networks and data privacy. We assess the two schemes by privacy-preservation efficacy, communication overhead, and data aggregation accuracy. We present simulation results of our schemes and compare their performance to a typical data aggregation scheme -TAG, where no data privacy protection is provided. Results show the efficacy and efficiency of our schemes. To the best of our knowledge, this paper is among the first on privacy-preserving data aggregation in wireless sensor networks.

Generalized loop-back recovery in optical mesh networks

Current means of providing loop-back recovery, which is widely used in SONET, rely on ring topologies, or on overlaying logical ring topologies upon physical meshes. Loop-back is desirable to provide rapid preplanned recovery of link or node failures in a bandwidth-efficient distributed manner. We introduce generalized loop-back, a novel scheme for performing loop-back in optical mesh networks. We present an algorithm to perform recovery for link failure and one to perform generalized loop-back recovery for node failure. We illustrate the operation of both algorithms, prove their validity, and present a network management protocol algorithm, which enables distributed operation for link or node failure. We present three different applications of generalized loop-back. First, we present heuristic algorithms for selecting recovery graphs, which maintain short maximum and average lengths of recovery paths. Second, we present WDM-based loop-back recovery for optical networks where wavelengths are used to back up other wavelengths. We compare, for WDM-based loop-back, the operation of generalized loop-back operation with known ring-based ways of providing loop-back recovery over mesh networks. Finally, we introduce the use of generalized loop-back to provide recovery in a way that allows dynamic choice of routes over preplanned directions.

A Reservation-based Smart Parking System

Finding a parking space in most metropolitan areas, especially during the rush hours, is difficult for drivers. The difficulty arises from not knowing where the available spaces may be at that time; even if known, many vehicles may pursue very limited parking spaces to cause serious traffic congestion. In this paper, we design and implement a prototype of Reservation-based Smart Parking System (RSPS) that allows drivers to effectively find and reserve the vacant parking spaces. By periodically learning the parking status from the sensor networks deployed in parking lots, the reservation service is affected by the change of physical parking status. The drivers are allowed to access this cyber-physical system with their personal communication devices. Furthermore, we study state-of-the-art parking policies in smart parking systems and compare their performance. The experiment results show that the proposed reservation-based parking policy has the potential to simplify the operations of parking systems, as well as alleviate traffic congestion caused by parking searching.

Challenges Towards Elastic Power Management in Internet Data Centers

Data Centers are energy consuming facilities that host Internet services such as cloud computing platforms. Their complex cyber and physical systems bring unprecedented challenges in resource managements. In this paper, we give an overview of the resource provisioning and utilization patterns in data centers and propose a macro-resource management layer to coordinate among cyber-and-physical resources. We review some existing work and solutions in the field and explain their limitations. We give some future research directions and the potential solutions to jointly optimize computing and environmental resources in datacenters.

Location Cheating: A Security Challenge to Location-Based Social Network Services

Location-based mobile social network services such as foursquare and Gowalla have grown exponentially over the past several years. These location-based services utilize the geographical position to enrich user experiences in a variety of contexts, including location-based searching and location-based mobile advertising. To attract more users, the location-based mobile social network services provide real-world rewards to the user, when a user checks in at a certain venue or location. This gives incentives for users to cheat on their locations. In this paper, we investigate the threat of location cheating attacks, find the root cause of the vulnerability, and outline the possible defending mechanisms. We use foursquare as an example to introduce a novel location cheating attack, which can easily pass the current location verification mechanism (e.g., cheater code of foursquare). We also crawl the foursquare website. By analyzing the crawled data, we show that automated large scale cheating is possible. Through this paper, we aim to call attention to location cheating in mobile social network services and provide insights into the defending mechanisms.

iPDA: An integrity-protecting private data aggregation scheme for wireless sensor networks

Data aggregation is an efficient mechanism widely used in wireless sensor networks (WSN) to collect statistics about data of interests. However, the shared-medium nature of communication makes the WSNs are vulnerable to eavesdropping and packet tampering/injection by adversaries. Hence, how to protect data privacy and data integrity are two major challenges for data aggregation in wireless sensor networks. In this paper, we present iPDA- an integrity-protecting private data aggregation scheme. In iPDA, data privacy is achieved through data slicing and assembling technique; and data integrity is achieved through redundancy by constructing disjoint aggregation paths/trees to collect data of interests. In iPDA, the data integrity-protection and data privacy-preservation mechanisms work synergistically. We evaluate the performance of iPDA scheme in terms of communication overhead and data aggregation accuracy, comparing with a typical data aggregation scheme - TAG, where no integrity protection and privacy preservation is provided. Simulation results show that iPDA achieves the design goals while still maintains the efficiency of data aggregation.

A Cluster-Based Protocol to Enforce Integrity and Preserve Privacy in Data Aggregation

Data fusion or information collection is one of the fundamental functions in the future cyber-physical systems. But, privacy concerns must be addressed and security must be assured in such systems. It is very challenging to achieve the synergy of privacy and integrity, because privacy preserving schemes try to hide or interfere with data, while integrity protection usually needs to enable peer monitoring or public access of the data. Therefore, privacy and integrity can be the conflicting requirements, one may barricade the implementation of the other.In this paper, we address both privacy of individual sensory data and integrity of aggregation result simultaneously by proposing a protocol called iCPDA, which piggybacks on a cluster-based privacy-preserving data aggregation protocol(CPDA). We implement the add-on feature to protect integrity of aggregation result. To show the efficacy and efficiency of the proposed scheme, we present simulation results. To the best of our knowledge, this paper is among the first protocols to preserve privacy and integrity in data aggregation.

SMOCK: A Scalable Method of Cryptographic Key Management for Mission-Critical Wireless Ad-Hoc Networks

Mission-critical networks show great potential in emergency response and/or recovery, health care, critical infrastructure monitoring, etc. Such mission-critical applications demand that security service be ldquoanywhere,rdquo ldquoanytime,rdquo and ldquoanyhow.rdquo However, it is challenging to design a key management scheme in current mission-critical networks to fulfill the required attributes of secure communications, such as data integrity, authentication, confidentiality, nonrepudiation, and service availability. In this paper, we present a self-contained public key-management scheme, a scalable method of cryptographic key management (SMOCK), which achieves almost zero communication overhead for authentication, and offers high service availability. In our scheme, a small number of cryptographic keys are stored offline at individual nodes before they are deployed in the network. To provide good scalability in terms of the number of nodes and storage space, we utilize a combinatorial design of public-private key pairs, which means nodes combine more than one key pair to encrypt and decrypt messages. We also show that SMOCK provides controllable resilience when malicious nodes compromise a limited number of nodes before key revocation and renewal.

A Certificateless Signature Scheme for Mobile Wireless Cyber-Physical Systems

Due to the unique characteristics of Cyber-Physical Systems (CPS) such as interaction with the physical world, many new research challenges arise. Many CPS applications will be implemented on computing devices using mobile ad hoc networks (MANETs). Before these systems can be used in multifarious environments, the security properties of these networks must be fully understood. Recently, several secure signature schemes for MANETs have been proposed based on public key cryptography and identity-based cryptography. In order to solve some problems in these schemes, such as the costly and complex key management problem in traditional public key cryptography and the ldquokey escrowrdquo problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we propose an efficient certificateless signature scheme for mobile wireless cyberphysical systems (McCLS) based on the bilinear Diffie-Hellman assumption. Empirical studies are conducted using QualNet to evaluate the effectiveness and efficiency of McCLS scheme under two most common attacks, i.e. black hole attack and rushing attack. Results show that McCLS scheme is more efficient than existing solutions and is able to resist these two kinds of attacks.

Optimal real-time sampling rate assignment for wireless sensor networks

How to allocate computing and communication resources in a way that maximizes the effectiveness of control and signal processing, has been an important area of research. The characteristic of a multi-hop Real-Time Wireless Sensor Network raises new challenges. First, the constraints are more complicated and a new solution method is needed. Second, a distributed solution is needed to achieve scalability. This article presents solutions to both of the new challenges. The first solution to the optimal rate allocation is a centralized solution that can handle the more general form of constraints as compared with prior research. The second solution is a distributed version for large sensor networks using a pricing scheme. It is capable of incremental adjustment when utility functions change. This article also presents a new sensor device/network backbone architecture---Real-time Independent CHannels (RICH), which can easily realize multi-hop real-time wireless sensor networking.