Results 1 - 10
of
34
SPOC: A Secure and Privacy-preserving Opportunistic Computing Framework for Mobile-Healthcare Emergency
"... Abstract—With the pervasiveness of smart phones and the advance of wireless body sensor networks (BSNs), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. Howev ..."
Abstract
-
Cited by 11 (2 self)
- Add to MetaCart
(Show Context)
Abstract—With the pervasiveness of smart phones and the advance of wireless body sensor networks (BSNs), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information security and privacy preservation. In this paper, we propose a secure and privacy-preserving opportunistic computing framework, called SPOC, for m-Healthcare emergency. With SPOC, smart phone resources including computing power and energy can be opportunistically gathered to process the computing-intensive personal health information (PHI) during m-Healthcare emergency with minimal privacy disclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcare emergency, we introduce an efficient user-centric privacy access control in SPOC framework, which is based on an attribute-based access control and a new privacy-preserving scalar product computation (PPSPC) technique, and allows a medical user to decide who can participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis shows that the proposed SPOC framework can efficiently achieve user-centric privacy access control in m-Healthcare emergency. In addition, performance evaluations via extensive simulations demonstrate the SPOC’s effectiveness in term of providing high reliable PHI process and transmission while minimizing the privacy disclosure during m-Healthcare emergency. Index Terms—Mobile-Healthcare emergency; opportunistic computing; user-centric privacy access control; PPSPC 1
Vehicles Meet Infrastructure: Towards Capacity-Cost Tradeoffs for Vehicular Access Networks
- IEEE Trans. on Intelligent Transportation Systems
"... Abstract—Access infrastructure, such as Wi-Fi access points and cellular base stations (BSs), plays a vital role in providing pervasive Internet services to vehicles. However, the deployment costs of different access infrastructure are highly variable. In this paper, we make an effort to investigate ..."
Abstract
-
Cited by 8 (5 self)
- Add to MetaCart
Abstract—Access infrastructure, such as Wi-Fi access points and cellular base stations (BSs), plays a vital role in providing pervasive Internet services to vehicles. However, the deployment costs of different access infrastructure are highly variable. In this paper, we make an effort to investigate the capacity–cost tradeoffs for vehicular access networks, in which access infrastructure is deployed to provide a downlink data pipe to all vehicles in the network. Three alternatives of wireless access infrastructure are considered, i.e., cellular BSs, wireless mesh backbones (WMBs), and roadside access points (RAPs). We first derive a lower bound of downlink capacity for each type of access infrastructure. We then present a case study based on a perfect city grid of 400 km2 with 0.4 million vehicles, in which we examine the capacity–cost tradeoffs of different deployment solutions in terms of capital ex-penditures (CAPEX) and operational expenditures (OPEX). The rich implications from our results provide fundamental guidance on the choice of cost-effective access infrastructure for the emerg-ing vehicular networking. Index Terms—Access infrastructure, capacity-cost tradeoffs, downlink capacity, vehicular networks. I.
Reliable Freestanding Position-Based Routing in Highway Scenarios
, 2012
"... sensors ..."
(Show Context)
Fully Anonymous Profile Matching in Mobile Social Networks
, 2012
"... In this paper, we study user profile matching with privacy-preservation in mobile social networks (MSNs) and introduce a family of novel profile matching protocols. We first propose an explicit Comparison-based Profile Matching protocol (eCPM) which runs between two parties, an initiator and a resp ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
In this paper, we study user profile matching with privacy-preservation in mobile social networks (MSNs) and introduce a family of novel profile matching protocols. We first propose an explicit Comparison-based Profile Matching protocol (eCPM) which runs between two parties, an initiator and a responder. The eCPM enables the initiator to obtain the comparison-based matching result about a specified attribute in their profiles, while preventing their attribute values from disclosure. We then propose an implicit Comparison-based Profile Matching protocol (iCPM) which allows the initiator to directly obtain some messages instead of the comparison result from the responder. The messages unrelated to user profile can be divided into multiple categories by the responder. The initiator implicitly chooses the interested category which is unknown to the responder. Two messages in each category are prepared by the responder, and only one message can be obtained by the initiator according to the comparison result on a single attribute. We further generalize the iCPM to an implicit Predicate-based Profile Matching protocol (iPPM) which allows complex comparison criteria spanning multiple attributes. The anonymity analysis shows all these protocols achieve the confidentiality of user profiles. In addition, the eCPM reveals the comparison result to the initiator and provides only conditional anonymity; the iCPM and the iPPM do not reveal the result at all and provide full anonymity. We analyze the communication overhead and the anonymity strength of the protocols. We then present an enhanced version of the eCPM, called eCPM+, by combining the eCPM with a novel prediction-based adaptive pseudonym change strategy. The performance of the eCPM and the eCPM+ are comparatively studied through extensive trace-based simulations. Simulation results demonstrate that the eCPM+ achieves significantly higher anonymity strength with slightly larger number of pseudonyms than the eCPM.
Enabling Trustworthy Service Evaluation in Service-oriented Mobile Social Networks
"... Abstract—In this paper, we propose a Trustworthy Service Evaluation (TSE) system to enable users to share service reviews in service-oriented mobile social networks (S-MSNs). Each service provider independently maintains a TSE for itself, which collects and stores users ’ reviews about its services ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract—In this paper, we propose a Trustworthy Service Evaluation (TSE) system to enable users to share service reviews in service-oriented mobile social networks (S-MSNs). Each service provider independently maintains a TSE for itself, which collects and stores users ’ reviews about its services without requiring any third trusted authority. The service reviews can then be made available to interested users in making wise service selection decisions. We identify three unique service review attacks, i.e., linkability, rejection, and modification attacks, and develop sophisticated security mechanisms for the TSE to deal with these attacks. Specifically, the basic TSE (bTSE) enables users to distributedly and cooperatively submit their reviews in an integrated chain form by using hierarchical and aggregate signature techniques. It restricts the service providers to reject, modify, or delete the reviews. Thus, the integrity and authenticity of reviews are therefore improved. Further, we extend the bTSE to a Sybil-resisted TSE (SrTSE) to enable the detection of two typical sybil attacks. In the SrTSE, if a user generates multiple reviews toward a vendor in a pre-defined time slot with different pseudonyms, the real identity of that user will be revealed. Through security analysis and numerical results, we show that the bTSE and the SrTSE effectively resist the service review attacks and the SrTSE additionally detects the sybil attacks in an efficient manner. Through performance evaluation, we show that the bTSE achieves better performance in terms of submission rate and delay than a service review system that does not adopt user cooperation. Keywords—Mobile social networks; trust evaluation; sybil attack; distributed system 1
CPAL: A Conditional Privacy-Preserving Authentication with Access Linkability for Roaming Service
"... Abstract—The roaming service enables mobile subscribers to access the Internet service anytime and anywhere, which can fulfill the requirement of ubiquitous access for the emerging paradigm of networking, e.g., the Internet of Things (IoT). In this paper, we propose a Conditional Privacy-preserving ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract—The roaming service enables mobile subscribers to access the Internet service anytime and anywhere, which can fulfill the requirement of ubiquitous access for the emerging paradigm of networking, e.g., the Internet of Things (IoT). In this paper, we propose a Conditional Privacy-preserving authen-tication with Access Linkability (CPAL) for roaming service, to provide universal secure roaming service and multi-level privacy preservation. CPAL provides an anonymous user linking function by utilizing a novel group signature technique, which can not only efficiently hide users ’ identities, but also enable the authorized entities to link all the access information of the same user without knowing the user’s real identity. Specifically, by using the master linking key possessed by the trust linking server, the authorized foreign network operators or service providers can link the access information from the user to improve its service, while
A Wormhole Attack Resistant Neighbor Discovery Scheme with RDMA Protocol for 60 GHz Directional Network
"... Abstract—In this paper, we propose a wormhole attack resistant secure neighbor discovery (SND) scheme for a centralized 60 GHz directional wireless network. In specific, the proposed SND scheme consists of three phases: the network controller (NC) broadcasting phase, the network nodes response/authe ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Abstract—In this paper, we propose a wormhole attack resistant secure neighbor discovery (SND) scheme for a centralized 60 GHz directional wireless network. In specific, the proposed SND scheme consists of three phases: the network controller (NC) broadcasting phase, the network nodes response/authentication phase and the NC time analysis phase. In the broadcasting phase and the response/authentication phase, local time information and antenna direction information are elegantly exchanged with signature-based authentication techniques between the NC and the legislate network nodes, which can prevent most of the wormhole attacks. In the NC time analysis phase, the NC can further detect the possible attack by using the time-delay information from the network nodes. To solve the transmission collision problem in the response/authentication phase, we also introduce a novel random delay multiple access (RDMA) protocol to divide the RA phase intoM periods, within which the unsuccessfully transmitting nodes randomly select a time slot to transmit. The optimal parameter setting of the RDMA protocol and the optional strategies of the NC are discussed. Both neighbor discovery time analysis and security analysis demonstrate the efficiency and effectiveness of the proposed SND scheme in conjunction with the RDMA protocol. Index Terms—Cyber physical systems, 60 GHz directional network, secure neighbor discovery, wormhole attack, random delay multiple access. F
A Multihop-Authenticated Proxy Mobile IP Scheme for Asymmetric VANETs
, 2012
"... Abstract—Vehicular communications networks are envisioned for the access to drive-thru Internet and IP-based infotainment ap-plications. These services are supported by roadside access routers (ARs) that connect vehicular ad hoc networks (VANETs) to exter-nal IP networks. However, VANETs suffer from ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract—Vehicular communications networks are envisioned for the access to drive-thru Internet and IP-based infotainment ap-plications. These services are supported by roadside access routers (ARs) that connect vehicular ad hoc networks (VANETs) to exter-nal IP networks. However, VANETs suffer from asymmetric links due to variable transmission ranges caused by mobility, obstacles, and dissimilar transmission power, which make it difficult to main-tain the bidirectional connections and to provide the IP mobility required by most IP applications. Moreover, vehicular mobility results in short-lived connections to the AR, affecting the avail-ability of IP services in VANETs. In this paper, we study the secure and timely handover of IP services in an asymmetric VANET and propose a multihop-authenticated Proxy Mobile IP (MA-PMIP) scheme. MA-PMIP provides an enhanced IP mobility scheme over infrastructure-to-vehicle-to-vehicle (I2V2V) communications that uses location and road traffic information. The MA-PMIP also reacts, depending on the bidirectionality of links, to improve availability of IP services. Moreover, our scheme ensures that the handover signaling is authenticated when V2V paths are employed to reach the infrastructure so that possible attacks are mitigated without affecting the performance of the ongoing sessions. Both analysis and extensive simulations in OMNeT++ are conducted, and the results demonstrate that the MA-PMIP improves service availability and provides secure seamless access to IP applications in asymmetric VANETs. Index Terms—Asymmetric links, infrastructure-to-vehicle-to-vehicle (I2V2V), IP mobility, multihop networks, mutual authen-tication, Proxy Mobile IP (PMIP), vehicular ad hoc network (VANET). I.
Attack-resilient Mix-zones over Road Networks: Architecture and Algorithms
, 2014
"... Continuous exposure of location information, even with spatially cloaked resolution, may lead to breaches of location privacy due to statistics-based inference attacks. An alternative and complementary approach to spatial cloaking based location anonymization is to break the continuity of location e ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
Continuous exposure of location information, even with spatially cloaked resolution, may lead to breaches of location privacy due to statistics-based inference attacks. An alternative and complementary approach to spatial cloaking based location anonymization is to break the continuity of location exposure by introducing techniques, such as mix-zones, where no application can trace user movements. Several factors impact on the effectiveness of mix-zone approach, such as user population, mix-zone geometry, location sensing rate and spatial resolution, as well as spatial and temporal constraints on user movement patterns. However, most of the existing mix-zone proposals fail to provide effective mix-zone construction and placement algorithms that are resilient to timing and transition attacks. This paper presents MobiMix, a road network based mix-zone framework to protect location privacy of mobile users traveling on road networks. It makes three original contributions. First, we provide the formal analysis on the vulnerabilities of directly applying theoretical rectangle mix-zones to road networks in terms of anonymization effectiveness and resilience to timing and transition attacks. Second, we develop a suite of road network mix-zone construction methods that effectively consider the above mentioned factors to provide higher level of resilience to timing and transition attacks, and yield a specified lower-bound on the level of anonymity. Third, we present a set of mix-zone placement algorithms that identify the best set of road intersections for mix-zone placement considering the road network topology, user mobility patterns and road characteristics. We evaluate the MobiMix approach through extensive experiments conducted on traces produced by GTMobiSim on different scales of geographic maps. Our experiments show that MobiMix offers high level of anonymity and high level of resilience to timing and transition attacks, compared to existing mix-zone approaches.
A Wormhole Attack Resistant Neighbor
, 2016
"... ABSTRACT In this paper, we propose a wormhole attack resistant secure neighbor discovery (SND) scheme for a centralized 60-GHz directional wireless network. Specifically, the proposed SND scheme consists of three phases: the network controller (NC) broadcasting phase, the network nodes response/auth ..."
Abstract
- Add to MetaCart
ABSTRACT In this paper, we propose a wormhole attack resistant secure neighbor discovery (SND) scheme for a centralized 60-GHz directional wireless network. Specifically, the proposed SND scheme consists of three phases: the network controller (NC) broadcasting phase, the network nodes response/authentication phase, and the NC time analysis phase. In the broadcasting phase and the response/authentication phase, local time information and antenna direction information are elegantly exchanged with signature-based authentication techniques between the NC and the legislate network nodes,
