Xiaocong Jin

TIGHT: A Geographic Routing Protocol for Cognitive Radio Mobile Ad Hoc Networks

This paper presents TIGHT, a geographic routing protocol for cognitive radio mobile ad hoc networks. TIGHT offers three routing modes and allows secondary users to fully explore the transmission opportunities over a primary channel without affecting primary users (PUs). The greedy mode routes a packet via greedy geographic forwarding until a PU region is encountered and then further routes the packet around the PU region to where greedy forwarding can resume. It works best when the PUs are only occasionally active. In contrast, the optimal and suboptimal modes route a packet along optimal and suboptimal trajectories to the destination, respectively. They work best when the PUs are active most of the time. The suboptimal mode is computationally more efficient than the optimal mode at the cost of using suboptimal trajectories in rare cases. The efficacy of TIGHT is confirmed by extensive simulations.

SecureFind: Secure and Privacy-Preserving Object Finding via Mobile Crowdsourcing

The plummeting cost of Bluetooth tags and the ubiquity of mobile devices are revolutionizing the traditional lost-and-found service. This paper presents SecureFind, a secure and privacy-preserving object-finding system via mobile crowdsourcing. In SecureFind, a unique Bluetooth tag is attached to every valuable object, and the owner of a lost object submits an object-finding request to many mobile users via the SecureFind service provider. Each mobile user involved searches his vicinity for the lost object on behalf of the object owner who can infer the location of his lost object based on the responses from mobile users. SecureFind is designed to ensure strong object security such that only the object owner can discover the location of his lost object as well as offering location privacy to mobile users involved. The high efficacy and efficiency of SecureFind are confirmed by extensive simulations.

Privacy-preserving crowdsourced spectrum sensing

Crowdsourced spectrum sensing has great potential in improving current spectrum database services. Without strong incentives and location privacy protection in place, however, mobile users will be reluctant to act as mobile crowdsourcing workers for spectrum sensing tasks. In this paper, we present PriCSS, the first framework for a crowdsourced spectrum sensing service provider to select spectrum-sensing participants in a differentially privacy-preserving manner. Thorough theoretical analysis and simulation studies show that PriCSS can simultaneously achieve differential location privacy, approximate social cost minimization, and truthfulness.

SpecGuard: Spectrum misuse detection in dynamic spectrum access systems

Dynamic spectrum access is the key to solving worldwide spectrum shortage. The open wireless medium subjects DSA systems to unauthorized spectrum use by illegitimate users. This paper presents SpecGuard, the first crowdsourced spectrum misuse detection framework for DSA systems. In SpecGuard, a transmitter is required to embed a spectrum permit into its physical-layer signals, which can be decoded and verified by ubiquitous mobile users. We propose three novel schemes for embedding and detecting a spectrum permit at the physical layer. Detailed theoretical analyses, MATLAB simulations, and USRP experiments confirm that our schemes can achieve correct, low-intrusive, and fast spectrum misuse detection.

SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users

Dynamic spectrum access (DSA) is the key to solving worldwide wireless spectrum shortage. In a DSA system, unlicensed secondary users can opportunistically use a spectrum band when it is not used by the licensed primary user. The open nature of the wireless medium means that any secondary user can freely use any given spectrum band. Secondary-user authentication is thus essential to ensure the proper operations of DSA systems. We propose SafeDSA, a novel PHY-based scheme for authenticating secondary users in DSA systems. In SafeDSA, the secondary user embeds his spectrum-use authorization into the cyclic prefix of each physical-layer symbol, which can be detected and authenticated by a verifier. In contrast to previous work, SafeDSA achieves robust and efficient authentication of secondary users with negligible impact on normal data transmissions. We validate the efficacy and efficiency of SafeDSA through detailed MATLAB simulations and USRP experiments. Our results show that SafeDSA can detect fake secondary users with a maximum false-positive rate of 0.091 and a negligible false-negative rate based on USRP experiments.

iLock: Immediate and Automatic Locking of Mobile Devices against Data Theft

Mobile device losses and thefts are skyrocketing. The sensitive data hosted on a lost/stolen device are fully exposed to the adversary. Although password-based authentication mechanisms are available on mobile devices, many users reportedly do not use them, and a device may be lost/stolen while in the unlocked mode. This paper presents the design and evaluation of iLock, a secure and usable defense against data theft on a lost/stolen mobile device. iLock automatically, quickly, and accurately recognizes the users physical separation from his/her device by detecting and analyzing the changes in wireless signals. Once significant physical separation is detected, the device is immediately locked to prevent data theft. iLock relies on acoustic signals and requires at least one speaker and one microphone that are available on most COTS (commodity-off-the-shelf) mobile devices. Extensive experiments on Samsung Galaxy S5 show that iLock can lock the device with negligible false positives and negatives.

Your face your heart: Secure mobile face authentication with photoplethysmograms

Face authentication emerges as a powerful method for preventing unauthorized access to mobile devices. It is, however, vulnerable to photo-based forgery attacks (PFA) and videobased forgery attacks (VFA), in which the adversary exploits a photo or video containing the users frontal face. Effective defenses against PFA and VFA often rely on liveness detection, which seeks to find a live indicator that the submitted face photo or video of the legitimate user is indeed captured in real time. In this paper, we propose FaceHeart, a novel and practical face authentication system for mobile devices. FaceHeart simultaneously takes a face video with the front camera and a fingertip video with the rear camera on COTS mobile devices. It then achieves liveness detection by comparing the two photoplethysmograms independently extracted from the face and fingertip videos, which should be highly consistent if the two videos are for the same live person and taken at the same time. As photoplethysmograms are closely tied to human cardiac activity and almost impossible to forge or control, FaceHeart is strongly resilient to PFA and VFA. Extensive user experiments on Samsung Galaxy S5 have confirmed the high efficacy and efficiency of FaceHeart.

DPSense: Differentially Private Crowdsourced Spectrum Sensing

Dynamic spectrum access (DSA) has great potential to address worldwide spectrum shortage by enhancing spectrum efficiency. It allows unlicensed secondary users to access the underutilized licensed spectrum when the licensed primary users are not transmitting. As a key enabler for DSA systems, crowdsourced spectrum sensing (CSS) allows a spectrum sensing provider (SSP) to outsource the sensing of spectrum occupancy to distributed mobile users. In this paper, we propose DPSense, a novel framework that allows the SSP to select mobile users for executing spatiotemporal spectrum-sensing tasks without violating the location privacy of mobile users. Detailed evaluations on real location traces confirm that DPSense can provide differential location privacy to mobile users while ensuring that the SSP can accomplish spectrum-sensing tasks with overwhelming probability and also the minimal cost.

Privacy-Preserving Crowdsourced Spectrum Sensing

Dynamic spectrum access is promising for mitigating worldwide wireless spectrum shortage. Crowdsourced spectrum sensing (CSS) refers to recruiting ubiquitous mobile users to perform real-time spectrum sensing at specified locations and has great potential in mitigating the drawbacks of current spectrum database operations. Without strong incentives and location privacy protection in place, however, mobile users will be reluctant to act as mobile crowdsourcing workers for spectrum-sensing tasks. In this paper, we first formulate participant selection in CSS systems as a reverse auction problem, in which each participant’s true cost for spectrum sensing is closely tied to his current location. Then, we demonstrate how the location privacy of CSS participants can be easily breached under the framework. Finally, we present PriCSS, a novel framework for a CSS service provider to select CSS participants in a differentially privacy-preserving manner. In this framework, we propose PriCSS− and PriCSS+, two different schemes under distinct design objectives and assumptions. PriCSS− is an approximately truthful scheme that achieves differential location privacy and an approximate minimum payment, while PriCSS+ is a truthful scheme that achieves differential location privacy and an approximate minimum social cost. The detailed theoretical analysis and simulation studies are performed to demonstrate the efficacy of both schemes.

POWERFUL: Mobile app fingerprinting via power analysis

Which apps a mobile user has and how they are used can disclose significant private information about the user. In this paper, we present the design and evaluation of POWERFUL, a new attack which can fingerprint sensitive mobile apps (or infer sensitive app usage) by analyzing the power consumption profiles on Android devices. POWERFUL works on the observation that distinct apps and their different usage patterns all lead to distinguishable power consumption profiles. Since the power profiles on Android devices require no permission to access, POWERFUL is very difficult to detect and can pose a serious threat against user privacy. Extensive experiments involving popular and sensitive apps in Google Play Store show that POWERFUL can identify the app used at any particular time with accuracy up to 92.9%, demonstrating the feasibility of POWERFUL.