Xiaolin Gui

Enabling Encrypted Cloud Media Center with Secure Deduplication

Multimedia contents, especially videos, are being exponentially generated today. Due to the limited local storage, people are willing to store the videos at the remote cloud media center for its low cost and scalable storage. However, videos may have to be encrypted before outsourcing for privacy concerns. For practical purposes, the cloud media center should also provide the deduplication functionality to eliminate the storage and bandwidth redundancy, and adaptively disseminate videos to heterogeneous networks and different devices to ensure the quality of service. In light of the observations, we present a secure architecture enabling the encrypted cloud media center. It builds on top of latest advancements on secure deduplication and video coding techniques, with fully functional system implementations on encrypted video deduplication and adaptive video dissemination services. Specifically, to support efficient adaptive dissemination, we utilize the scalable video coding (SVC) techniques and propose a tailored layer-level secure deduplication strategy to be compatible with the internal structure of SVC. Accordingly, we adopt a structure-compatible encryption mechanism and optimize the way how encrypted SVC videos are stored for fast retrieval and efficient dissemination. We thoroughly analyze the security strength of our system design with strong video protection. Furthermore, we give a prototype implementation with encrypted end-to-end deployment on Amazon cloud platform. Extensive experiments demonstrate the practicality of our system.

Service Operator-Aware Trust Scheme for Resource Matchmaking across Multiple Clouds

This paper proposes a service operator-aware trust scheme (SOTS) for resource matchmaking across multiple clouds. Through analyzing the built-in relationship between the users, the broker, and the service resources, this paper proposes a middleware framework of trust management that can effectively reduces user burden and improve system dependability. Based on multidimensional resource service operators, we model the problem of trust evaluation as a process of multi-attribute decision-making, and develop an adaptive trust evaluation approach based on information entropy theory. This adaptive approach can overcome the limitations of traditional trust schemes, whereby the trusted operators are weighted manually or subjectively. As a result, using SOTS, the broker can efficiently and accurately prepare the most trusted resources in advance, and thus provide more dependable resources to users. Our experiments yield interesting and meaningful observations that can facilitate the effective utilization of SOTS in a large-scale multi-cloud environment.

A Crowdsourcing Assignment Model Based on Mobile Crowd Sensing in the Internet of Things

With the powerful sensing capability of mobile smart devices, users can easily obtained the crowd sensing services with smart devices in the Internet of Things (IoT). However, credible interaction issues between mobile users are still the hard problems in the past. In this paper, we focus on how to assign the crowdsourcing sensing tasks based on the credible interaction between users. First, a novel credible crowdsourcing assignment model is proposed based on social relationship cognition and community detection. Second, the service quality factor (SQF), link reliability factor (LRF), and region heat factor (RHF) are introduced to scientifically evaluate the user crowdsourcing preferences. Then, a crowdsourcing algorithm based on analytic hierarchy process (AHP) theory is proposed. Finally, the simulation experiments prove the correctness, effectiveness, and robustness of our method.

Nodes Social Relations Cognition for Mobility-Aware in the Internet of Things

In mobility-aware of Internet of Things (IOT), according to the problem of data-aware and data-transmit which casued by nodes mobility and random. We propose the nodes social relations cognition algorithm which based on social network. Firstly, we would quantize the social relation of all nodes by introducing interconnection factor and distance factor. Then, build cohesive subgroups and node-mobile probability tree to predict the trace of mobile nodes. Finally, we determine awareness service nodes in the objective regions, through trust-transference and probability calculation. Simulation experiment demonstrate that this method helps to resolve the problem of awareness hole in sparse networks, improving the way of date acquistion and increasing the quality of awareness service in IOT.

An approach with two-stage mode to detect cache-based side channel attacks

Side channel attacks, which intend to analyze third party sharing resources responses, has become a significant security threat to cloud, in particular the cache-based side channel attacks. In this paper, to eliminate such a security threat in cloud, based on the observation that the creation of a side channel has certain effects on the resource utilization in both the host and guest, we investigate the detection approach for detecting cache-based side channel attacks, named CSDA. The approach uses the two-stage detection mode which consists of host detection and guest detection, combines shape test and regularity test to extract the attack features from hosts and guests, and uses pattern recognition techniques to distinguish the attack VMs from the legitimate VMs. At last, a series of experiments are conducted, and the experimental results show that CSDA is capable of detecting them in cloud effectively.

A comprehensive and adaptive trust model for large-scale P2P networks

Based on human psychological cognitive behavior, a Comprehensive and Adaptive Trust (CAT) model for large-scale P2P networks is proposed. Firstly, an adaptive trusted decision-making method based on HEW (Historical Evidences Window) is proposed, which can not only reduce the risk and improve system efficiency, but also solve the trust forecasting problem when the direct evidences are insufficient. Then, direct trust computing method based on IOWA (Induced Ordered Weighted Averaging) operator and feedback trust converging mechanism based on DTT (Direct Trust Tree) are set up, which makes the model have a better scalability than previous studies. At the same time, two new parameters, confidence factor and feedback factor, are introduced to assign the weights to direct trust and feedback trust adaptively, which overcomes the shortage of traditional method, in which the weights are assigned by subjective ways. Simulation results show that, compared to the existing approaches, the proposed model has remarkable enhancements in the accuracy of trust decision-making and has a better dynamic adaptation capability in handling various dynamic behaviors of peers.

A Framework for Measuring Query Privacy in Location-based Service

The widespread use of location-based services (LBSs), which allows untrusted service provider to collect large number of user request records, leads to serious privacy concerns. In response to these issues, a number of LBS privacy protection mechanisms (LPPMs) have been recently proposed. However, the evaluation of these LPPMs usually disregards the background knowledge that the adversary may possess about users’ contextual information, which runs the risk of wrongly evaluating users’ query privacy. In this paper, we address these issues by proposing a generic formal quantification framework,which comprehensively contemplate the various elements that influence the query privacy of users and explicitly states the knowledge that an adversary might have in the context of query privacy. Moreover, a way to model the adversary’s attack on query privacy is proposed, which allows us to show the insufficiency of the existing query privacy metrics, e.g., k-anonymity. Thus we propose two new metrics: entropy anonymity and mutual information anonymity. Lastly, we run a set of experiments on datasets generated by network based generator of moving objects proposed by Thomas Brinkhoff. The results show the effectiveness and efficient of our framework to measure the LPPM.

Proxy encryption based secure multicast in wireless mesh networks

A decentralized and self-healing secure multicast framework is proposed, which is based on the new multi-hop proxy encryption, in order to address the unique vulnerabilities of wireless mesh network. The topology aware key encryption key (KEK) is generated first. The session key, used as the traffic encryption key (TEK), is distributed along the key path. The routers only transform and forward the received message instead of decrypting and re-encrypting. Then the service data is encapsulated by the authenticated encryption efficiently. The proposal achieves the data confidentiality, the data integrity, the source authentication, and the backward/forward secrecy simultaneously. The highlight is threefold: (1) The centralized key distribution center, the trusted party and the private channel are eliminated. (2) All of the local traffic is broadcasted, which reduces the communication cost. (3) The self-healing mechanism cures the link failure caused by the failed routers and reconstructs the multicast key path. Compared with the similar schemes, the proposal has advantages with regard to the storage overheads, the computational delay, and the rekeying cost.

Multi-recipient signcryption for secure group communication

When a sender sends multiple messages to multiple recipients, overheads can be reduced efficiently by multi-recipient signcryption schemes. We proposed two multi-recipient signcryption schemes. The first scheme called SM-MR SCS (Single Message - Multiple Receivers SignCryption Scheme), which is an efficient broadcast signcryption scheme. The second scheme called MM-MR SCS (Multiple Messages - Multiple Receivers SignCryption Scheme) can send the distinct message to different recipients simultaneously. The proposed schemes keep the same security level as SCS due to its reproducibility. Compared with traditional methods, overheads of the new schemes are reduced sharply. They are more efficient than other known schemes when a sender sends different messages to distinct recipients.

The Maximum Coverage Set Calculated Algorithm for WSN Area Coverage

The Coverage Control Technology is one of the basic technologies of wireless sensor network, and is mainly concerned about how to prolong the network lifetime on the basis of meeting users’ perception demand. Among this, in the study of area coverage, the set K-cover algorithm is broadly accepted because that it can prolong network lifetime rather well. However, maximum set covers problem is proved to be NP-Complete. At the same time, the existing set K-cover algorithms are centralized, and can not adapt to the large-scale sensor network applications and expansion. So, how to get the maximum coverage set number and realize node set division by distribut ed algorithm is becoming the problem of people attention. Thus, this paper firstly utilizes node minimum layer overlapping subfield to find out area minimum coverage value, as the upper limit of coverage node set’s number. On the basis of this maximum, it put forward to way of dividing node set. Secondly, the maximum coverage set number calculated algorithm is proposed. Simulation result shows the distributed algorithm MCNCA is very effective.