Search

Your search keyword '"Liming Fang"' showing total 74 results
Start Over Author "Liming Fang" Topic computer science
74 results on '"Liming Fang"'

1. Revocable Attribute-Based Encryption With Data Integrity in Clouds

Author

Joonsang Baek, Liming Fang, Zhe Liu, Jinyue Xia, Willy Susilo, and Chunpeng Ge

Subjects
021110 strategic, defence & security studies, Revocation, business.industry, Computer science, 0211 other engineering and technologies, Plaintext, Cloud computing, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Encryption, Data integrity, Ciphertext, Attribute-based encryption, Electrical and Electronic Engineering, business, computer
Abstract

Cloud computing enables enterprises and individu-1 als to outsource and share their data. This way, cloud computing 2 eliminates the heavy workload of local information infrastruc-3 ture. Attribute-based encryption has become a promising solution 4 for encrypted data access control in clouds due to the ability 5 to achieve one-to-many encrypted data sharing. Revocation is a 6 critical requirement for encrypted data access control systems. 7 After outsourcing the encrypted attribute-based ciphertext to the 8 cloud, the data owner may want to revoke some recipients that 9 were authorized previously, which means that the outsourced 10 attribute-based ciphertext needs to be updated to a new one 11 that is under the revoked policy. The integrity issue arises when 12 the revocation is executed. When a new ciphertext with the 13 revoked access policy is generated by the cloud server, the data 14 recipient cannot be sure that the newly generated ciphertext 15 guarantees to be decrypted to the same plaintext as the originally 16 encrypted data, since the cloud server is provided by a third 17 party, which is not fully trusted. In this paper, we consider 18 a new security requirement for the revocable attribute-based 19 encryption schemes: integrity. We introduce a formal definition 20 and security model for the revocable attribute-based encryption 21 with data integrity protection (RABE-DI). Then, we propose 22 a concrete RABE-DI scheme and prove its confidentiality and 23 integrity under the defined security model. Finally, we present 24 an implementation result and provide performance evaluation 25 which shows that our scheme is efficient and practical. 26

Published
2022

2. WebEnclave: Protect Web Secrets From Browser Extensions With Software Enclave

Author

Qian Wang, Cong Wang, Xinyu Wang, Liming Fang, and Yuefeng Du

Subjects
Same-origin policy, Source code, business.industry, Computer science, media_common.quotation_subject, Overhead (engineering), Usability, Content Security Policy, Computer security, computer.software_genre, Internet security, Information sensitivity, Web application, Electrical and Electronic Engineering, business, computer, media_common
Abstract

Browser extensions are widely used nowadays to customize users' browsers with more functionalities, meanwhile introduce potential risks due to escalated privileges. Existing security mechanisms, such as Same Origin Policy and Content Security Policy, do not apply to browser extensions that can read and write on web applications at any time. In spite of the state-of-art industrial efforts that rely on centralized management to inspect and detect malicious behaviors massively, the detection-based method cannot analyze fast-evolving behaviors of malicious browser extensions. To this end, we adopt a novel approach to protect users from malicious browser extensions, where we consider the problem of malicious extensions on the side of web applications. From a high level point of view, web developers are allowed to specify sensitive parts in a web application by using our provided software enclave. With our proposed WebEnclave extension installed, when users visit a web application, sensitive information required for the web application to work normally is sealed into an isolated world locally that malicious extensions cannot access. Extensive evaluation of our built prototype shows it can effectively protect user secrets from malicious extensions with negligible performance overhead and usability inconvenience. We also publish source codes for public use.

Published
2022

3. A Secure and Authenticated Mobile Payment Protocol Against Off-Site Attack Strategy

Author

Shouling Ji, Liming Fang, Anni Zhou, Zhe Liu, Changting Lin, Willy Susilo, Minghui Li, and Chunpeng Ge

Subjects
Attack strategy, Computer science, Trusted hardware, media_common.quotation_subject, Computer security, computer.software_genre, Payment, Payment protocol, Overhead (business), ComputerApplications_MISCELLANEOUS, Server, Mobile payment, ComputingMilieux_COMPUTERSANDSOCIETY, Electrical and Electronic Engineering, computer, Protocol (object-oriented programming), media_common
Abstract

Mobile payment system has been expected to provide more efficient and convenient payment methods. However, compared to traditional payments, the issues of mobile payment related to the security of electronic accounts and payment apps present serious challenges. In this paper, we find the potential security risks by analyzing the commonly used tokenized mobile payment method and put forward the corresponding off-site attack strategy. In this scenario, the attackers are not only limited to malicious third parties but also can be illegal merchants. To address the off-site attack, especially the potential attackers who may be malicious merchants, we also propose SALP, a secure and authenticated payment protocol. We conduct case studies to demonstrate that the SALP can effectively prevent the off-site payment attack without a trusted hardware environment. In particular, we finally argue that SALP does not bring additional system overhead without degrading the convenience of mobile payment.

Published
2022

4. A Verifiable and Fair Attribute-Based Proxy Re-Encryption Scheme for Data Sharing in Clouds

Author

Zhe Liu, Chunpeng Ge, Liming Fang, Willy Susilo, Jinyue Xia, and Joonsang Baek

Subjects
Computer science, business.industry, Cloud computing, Cryptography, Encryption, Computer security, computer.software_genre, Proxy re-encryption, Data sharing, Server, Ciphertext, Verifiable secret sharing, Electrical and Electronic Engineering, business, computer
Abstract

To manage outsourced encrypted data sharing in clouds, attribute-based proxy re-encryption (ABPRE) has become an elegant primitive. In ABPRE, a cloud server can transform an original recipient's ciphertext to a new one of a shared user's. As the transformation is computation consuming, a malicious cloud server may return an incorrect re-encrypted ciphertext to save its computation resources. Moreover, a shared user may accuse the cloud server of returning an incorrect re-encrypted ciphertext to refuse to pay the cost of using the cloud service. However, existing ABPRE schemes do not support a mechanism to achieve verifiability and fairness. In this paper, a novel verifiable and fair attribute-based proxy re-encryption (VF-ABPRE) scheme is introduced to support verifiability and fairness. The verifiability enables a shared user to verify whether the re-encrypted ciphertext returned by the server is correct and the fairness ensures a cloud server escape from malicious accusation if it has indeed conducted the re-encryption operation honestly. Additionally, we conduct a performance experiment to show the efficiency and practicality of the new VF-ABPRE scheme.

Published
2022

5. A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices

Author

Haiqin Weng, Jingzheng Wu, Raheem Beyah, Wei-Han Lee, Liming Fang, Shouling Ji, Binbin Zhao, Changting Lin, and Pan Zhou

Subjects
MQTT, 021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, Botnet, 02 engineering and technology, Computer security, computer.software_genre, Empirical research, Server, Scale (social sciences), Password protection, Electrical and Electronic Engineering, Internet of Things, business, computer, Vulnerability (computing)
Abstract

The Internet of Things (IoT) has become ubiquitous and greatly affected peoples‘ daily lives. With the increasing development of IoT devices, the corresponding security issues are becoming more and more challenging. Such a severe security situation raises the following questions that need urgent attention: What are the primary security threats that IoT devices face currently‘ How do vendors and users deal with these threats‘ In this paper, we aim to answer these critical questions through a large-scale systematic study. Specifically, we perform a ten-month-long empirical study on the vulnerability of 1,362,906 IoT devices varying from six types. The results show sufficient evidence that N-days vulnerability is seriously endangering the IoT devices: 385,060 (28.25%) devices suffer from at least one N-days vulnerability. Moreover, 2,669 of these vulnerable devices may have been compromised by botnets. We further reveal the massive differences among five popular IoT search engines: Shodan, Censys, Zoomeye, Fofa and NTI. Besides, we measure the security of MQTT servers and identify that 12,740 (88%) MQTT servers have no password protection. Our analysis can serve as an important guideline for investigating the security of IoT devices, as well as advancing the development of a more secure environment for IoT systems.

Published
2022

6. Code Synthesis for Dataflow-Based Embedded Software Design

Author

Wanli Chang, Yixiao Yang, Jiaguang Sun, Yu Jiang, Zhuo Su, Wen Li, Liming Fang, and Dongyan Wang

Subjects
Schedule, Source lines of code, Generator (computer programming), Java, Dataflow, Programming language, Computer science, computer.file_format, computer.software_genre, Computer Graphics and Computer-Aided Design, Code (cryptography), Code generation, Executable, Electrical and Electronic Engineering, computer, Software, computer.programming_language
Abstract

Model-driven methodology has been widely adopted in embedded software design, and Dataflow is a widely used computation model, with strong modeling and simulation ability supported in tools such as Ptolemy. However, its code synthesis support is quite limited, which restricts its applications in real industrial practice. In this paper, we focus on the automatic code synthesis of Dataflow, and implement , a code generator that could support most of the widely used modeling features such as expression type and boolean switch, more efficiently. First, we disassemble the Dataflow model into actors embedded in if-else or switch-case statements based on schedule analysis, which bridges the semantic gap between the code and the original Dataflow model. Then, we design well-designed templates for each actor, and synthesize well-structured executable C and Java codes with sequential code assembly. Compared to the existing C and Java code generators of Dataflow model in Ptolemy-II, and the C code generator in Simulink, the lines of code synthesized by are decreased by an average of , and , and the execution time of the synthesized code by is also decreased by an average of , and respectively.

Published
2022

7. Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

Author

Zhe Liu, Jinyue Xia, Liming Fang, and Chunpeng Ge

Subjects
021110 strategic, defence & security studies, Key generation, business.industry, Computer science, 0211 other engineering and technologies, Cryptography, Cloud computing, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Proxy re-encryption, Public-key cryptography, Key (cryptography), Electrical and Electronic Engineering, business, Broadcast encryption, computer
Abstract

Cloud computing has become prevalent due to its nature of massive storage and vast computing capabilities. Ensuring a secure data sharing is critical to cloud applications. Recently, a number of identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the problem. However, the IB-BPRE requires a cloud user (Alice) who wants to share data with a bunch of other users (e.g., colleagues) to participate the group shared key renewal process because Alice's private key is a prerequisite for shared key generation. This, however, does not leverage the benefit of cloud computing and causes the inconvenience for cloud users. Therefore, a novel security notion named revocable identity-based broadcast proxy re-encryption (RIB-BPRE) is presented to address the issue of key revocation in this work. In a RIB-BPRE scheme, a proxy can revoke a set of delegates, designated by the delegator, from the re-encryption key. The performance evaluation reveals that the proposed scheme is efficient and practical.

Published
2021

8. ANCS: Automatic NXDomain Classification System Based on Incremental Fuzzy Rough Sets Machine Learning

Author

Chunhua Su, Changchun Yin, Weiping Ding, Xinyu Yun, Zhe Liu, Lu Zhou, and Liming Fang

Subjects
business.industry, Computer science, Generalization, Applied Mathematics, Domain Name System, Feature extraction, Process (computing), 02 engineering and technology, Machine learning, computer.software_genre, Computational Theory and Mathematics, Artificial Intelligence, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), 020201 artificial intelligence & image processing, Artificial intelligence, Rough set, False positive rate, business, computer, Membership function
Abstract

Botmasters generate a large number of malicious algorithmically generated domains (mAGDs) through domain generation algorithms (DGAs) to infect a large number of hosts on a network, which creates inconvenience in people's network lives. The workload of detecting mAGDs by collecting the responses of the domain name system (DNS) is considerable. In this article, we propose a system named the automatic NXDomain classification system (ANCS) that can automatically identify and classify the nonexistent domain (NXD) as benign or malicious by studying the features extracted from benign NXDs (bNXDs) and mAGDs. The ANCS uses online, incremental, and fuzzy rough sets machine learning to improve the time, memory, false positive rate, false negative rate, and accuracy of the detection process. First, an online and incremental algorithm can reduce the training time. Second, the addition of fuzzy rough sets can dynamically adjust the degree of the membership function, optimizing the weight distribution of each feature, and further, improving the classification accuracy. The experimental evaluation shows that the ANCS can reach a very high classification accuracy at a low false positive rate and a low false negative rate, which has good practicability. Moreover, both time and memory are well guaranteed, and the ANCS also has good generalization performance, making up for sensitive points of noisy samples and the lack of nonincremental machine learning.

Published
2021

9. Countermeasure Based on Smart Contracts and AI against DoS/DDoS Attack in 5G Circumstances

Author

Liming Fang, Bo Zhao, Zhe Liu, Chunpeng Ge, Yang Li, and Weizhi Meng

Subjects
Scheme (programming language), Computer Networks and Communications, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Computer security, computer.software_genre, Data flow diagram, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Trustworthiness, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Database transaction, computer, Software, 5G, Countermeasure (computer), Information Systems, Vulnerability (computing), computer.programming_language
Abstract

The development of 5G has substantially increased the destructiveness of DoS/DDoS attacks because the data processing capability of computers has not been accordingly enhanced, and this contradiction creates a vulnerability for attackers to compromise a server by sending a massive data flow. in practical 5G circumstances, it is difficult to extract distinct features between malicious and benign massive data flows. This amplifies the difficulties of DoS/DDoS detection. Thus, precautions against DoS/DDoS attack in 5G are of great importance. in this article, we present a solution based on smart contracts and machine learning as a countermeasure against DoS/DDoS attacks in the 5G background by hiding a protected server in a blockchain network and flexibly restricting the scale of DoS/DDoS via transaction fees. We also leverage non-repudiation of smart contracts, analyzing users' malicious behavior of communication and executing punishment via smart contracts. Our scheme could effectively mitigate massive DoS/DDoS attacks in advance and dynamically punitively charge DoS/DDoS attacks. Compared to existing DoS/DDoS defense in 4G, our scheme offers numerous benefits, including making benign communication always dominate rational users and countering DoS/DDoS attacks before they are launched. Moreover, compared to common DoS/DDoS detection based on Ai, we consider the source trustworthiness of training samples and take measures to avoid backdoors where model trainers may compromise Ai models to launch DoS/DDoS attacks.

Published
2020

10. A Secure and Fine-Grained Scheme for Data Security in Industrial IoT Platforms for Smart City

Author

Liang Liu, Chunpeng Ge, Minghui Li, Zhe Liu, Hanyi Zhang, and Liming Fang

Subjects
Computer Networks and Communications, Computer science, business.industry, Data security, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Industrial control system, Computer security, computer.software_genre, Computer Science Applications, Secure communication, Hardware and Architecture, Smart city, Control system, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Communications protocol, business, computer, Information Systems
Abstract

With the high popularity of IoT devices, industrial IoT platforms, such as smart factories and oilfield industrial control systems, have become a new trend in the development of smart city. Although various manufacturers pay wide attention to the different functional requirements of IoT platforms, they seldom consider security issues, especially in terms of data security, which has led to a large number of cases of privacy leakage. Some works have been made to provide secure and reliable communication solutions for industrial IoT platforms, unfortunately, as different communication protocols and interaction models are adopted in different scenarios, these solutions are mainly isolated and fragmented. Therefore, it is an urgent challenge to construct a universal cross-platform secure communication scheme for industrial IoT platforms. In this article, we analyze the logic and requirements of different industrial IoT scenarios to abstracts them into a universal model. We summarize the possible attacks on different industrial IoT platforms and design a security scheme to capture these attacks based on the conditional proxy re-encryption primitive. The proposed scheme ensures that data cannot be accessed by an unauthorized user. We also evaluate the security and performance of our scheme, and the experimental results show that our scheme can achieve the functionality and security requirements with low overhead.

Published
2020

11. A blockchain based decentralized data security mechanism for the Internet of Things

Author

Liming Fang, Zhe Liu, and Chunpeng Ge

Subjects
Blockchain, Computer Networks and Communications, business.industry, Computer science, media_common.quotation_subject, Data security, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Payment, Theoretical Computer Science, Artificial Intelligence, Hardware and Architecture, Smart city, 0202 electrical engineering, electronic engineering, information engineering, Information system, 020201 artificial intelligence & image processing, Accumulator (computing), business, Database transaction, Software, Computer network, media_common
Abstract

The Internet of Things (IoT) is the core infrastructure of the smart city information system. With the explosive growth of IoT devices, how to securely maintain the important data generated by IoT devices has become an important issue. In the conventional IoT-cloud based infrastructure, the sensitive IoT data was stored in a third cloud service provider. However, in such a manner, the private IoT data may be disclosed by the cloud server since the cloud server knows all the data stored in it. This paper, for the first time, proposes a decentralized secure mechanism based on the blockchain technique to store the important data generated in the IoT system. This mechanism effectively solves the data reliability, security and privacy issues that may be encountered in the conventional IoT-cloud system. Considering the defects of simplified payment verification used by light nodes in blockchain networks, this paper proposes an Unspent Transaction Output (UTXO) verification mechanism based on the RSA accumulator, which makes the computational complexity of light nodes to generate and verify the UTXO proof to be constant. The proposed mechanism not only provides proof of inclusion but also supports efficient proof of exclusion for a lightweight node. Our experiment results indicate that the proposed scheme is practical and efficient.

Published
2020

12. A physiological and behavioral feature authentication scheme for medical cloud based on fuzzy-rough core vector machine

Author

Chunhua Su, Jinyue Xia, Li Yang, Lu Zhou, Liming Fang, and Changchun Yin

Subjects
Scheme (programming language), Information Systems and Management, Biometrics, Exploit, Computer science, Cloud computing, 02 engineering and technology, Login, Computer security, computer.software_genre, Theoretical Computer Science, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, computer.programming_language, business.industry, 05 social sciences, Fingerprint (computing), Authorization, 050301 education, Computer Science Applications, Data sharing, Identification (information), Control and Systems Engineering, 020201 artificial intelligence & image processing, business, 0503 education, computer, Software
Abstract

The medical cloud brings in connivance to share medical data within the same hospital or between different hospitals. However, sharing medical data on the cloud faces challenges such as (1) the medical cloud platform is vulnerable to cyber attacks, (2) medical data can be illegally accessed by the doctor without patient’s authorization, and (3) unauthorized access from an attacker. Currently, common security authentication schemes generally use fingerprint or face for identification, but these biometric data are easily copied and reused. At present, widely used biometric authentications such as fingerprint and faceID are easy to be copied and reused. The latest GAN algorithm has broken into almost all face recognition systems, the success proportion of the attack reached 95%. Therefore, a secure login authentication scheme is needed. In this paper, we propose a physiological and behavioral feature authentication scheme based on fuzzy-rough theory to limit the access right of medical devices. Such a scheme requires the doctor’s own gesture for the authorization to access the medical device. Fuzzy-rough core vector machine (FRCVM) approach is adopted in our scheme to achieve high classification accuracy and efficiency. The results have shown that our solutions are highly secure and practical. To secure the cloud platform and ensure only the authorized doctors can access the patient data, we have designed an efficient data sharing solution that enables medical data stored in the cloud to be hierarchically authorized for patient access. The solution exploits proxy re-encryption to protect patient-centric medical data sharing.

Published
2020

13. A Novel Energy-Efficient and Privacy-Preserving Data Aggregation for WSNs

Author

Simin Hu, Renjun Ye, Fangzhou Zhou, Liang Liu, and Liming Fang

Subjects
Information privacy, data privacy, energy conservation, General Computer Science, Computer science, 02 engineering and technology, Network topology, Node (computer science), 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), General Materials Science, 020203 distributed computing, accuracy, business.industry, General Engineering, 020206 networking & telecommunications, Energy consumption, Data aggregator, Tree (data structure), lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Wireless sensor network, lcsh:TK1-9971, data processing, Computer network, Efficient energy use
Abstract

Data aggregation is a fundamental and efficient algorithm to reduce the communication overhead and energy consumption in wireless sensor networks (WSNs). However, WSNs need both energy-efficient and privacy-preserving when being deployed in an unprotected area. In this paper, we propose an energy-efficient and privacy-preserving data aggregation algorithm CBDA (the chain-based data aggregation). In the CBDA, sensor nodes will be organized as a tree topology. The leaf nodes of the tree sequentially reconnect with each other to form many chain topologies. For assuring data privacy, after data gathering, (1) the tail nodes (the nodes which on the tail of chain) need to slice their sensing data into J fragments. One fragment is kept by themselves, and they distribute the J -1 data fragments to their neighbor nodes. (2) Each tail node will inject some fake fragments into its J -1 fragments to interfere with adversaries. The CBDA can achieve less energy consumption and higher aggregation accuracy during data aggregation. We perform a comprehensive simulation to make a comparison among the CBDA with existing algorithms. The experimental results demonstrate that the CBDA outperforms the existing algorithms.

Published
2020

14. A Practical Model Based on Anomaly Detection for Protecting Medical IoT Control Services Against External Attacks

Author

Changchun Yin, Zehong Jimmy Cao, Liming Fang, Yang Li, Minghui Li, Zhe Liu, Fang, Liming, Li, Yang, Liu, Zhe, Yin, Changchun, Li, Minghui, and Cao, Zehong Jimmy

Subjects
Service (systems architecture), Electrical & Electronic Engineering, 08 Information and Computing Sciences, 09 Engineering, 10 Technology, Computer science, Network packet, 020208 electrical & electronic engineering, Control (management), Vulnerability, 02 engineering and technology, Computer security, computer.software_genre, Fuzzy logic, anomaly detection, smart healthcare, Field (computer science), Critical infrastructure, Internet of Things (IoT), Computer Science Applications, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Anomaly detection, State (computer science), Electrical and Electronic Engineering, computer, Information Systems
Abstract

Refereed/Peer-reviewed The application of the Internet of Things (IoT) in medical field has brought unprecedented convenience to human beings. However, attackers can use device configuration vulnerabilities to hijack devices, control services, steal medical data, or make devices operate illegally. These restrictions have led to huge security risks for IoT, and have challenged the management of critical infrastructure services. Based on these problems, this article proposes an anomaly detection system for detecting illegal behavior (DIB) in medical IoT environment.The DIB system can analyze data packets transmitted by medical IoT devices, learn operation rules by itself, and remind management personnel that the device is in an abnormal operation state to ensure the safety of control service. We further propose a model that is based on rough set theory and fuzzy core vector machine (FCVM) to improve the accuracy of DIB classification anomalies. Experimental results show that the R-FCVM is effective. usc

Published
2021

15. Multi-Gigabit over Copper Access Networks: Architectural Evolution and Techno-Economic Analysis

Author

Oliver Lamparter, Xiaofeng Zhang, Rico Schwendener, Marcel Reitmann, Jean-Claude Bischoff, T. Zasowski, and Liming Fang

Subjects
Network architecture, Access network, Computer Networks and Communications, Computer science, Architectural evolution, Gigabit, Distributed computing, 0202 electrical engineering, electronic engineering, information engineering, Techno economic, 020206 networking & telecommunications, 02 engineering and technology, Electrical and Electronic Engineering, Computer Science Applications
Abstract

In this article we present options for the evolution from G.fast-based access networks to multi-gigabit access networks with a focus on solutions based on G.mgfast. The corresponding evolutions of the network architecture as well as a framework for the cost modeling are shown. The starting point for future architecture evolutions is the ongoing wireline access rollout in Switzerland. Based on this, different evolution steps are possible. These architectures are described and compared to each other based on the cost modeling framework, which shows that for certain building sizes different options are cost optimal.

Published
2019

16. Turbo: Fraud Detection in Deposit-free Leasing Service via Real-Time Behavior Network Mining

Author

Xuhong Zhang, Hu Sihao, Jiaqi Yuan, Shouling Ji, Liming Fang, Zhao Li, Qi Chen, Qinming He, Wang Zhipeng, and Junfeng Zhou

Subjects
Service (systems architecture), Exploit, Concept drift, Computer science, Identity theft, Graph (abstract data type), Graph theory, Data mining, Network topology, computer.software_genre, computer, Heterogeneous network
Abstract

Online deposit-free leasing service has witnessed rapid growth in China and shows a promising market in the future. While eliminating the requirement of a deposit does attract more users to the service, it also lowers the cost for fraudsters. Since the emergence of this service is relatively new, there are few works in literature focusing on detecting fraud transactions in it. Existing efforts mainly fall into hard-coded solutions such as block-listing or scorecard methods, which can be impotent in the face of the diverse fraud tactics, e.g., identity theft, or even suffering concept drift problem as the tactics evolve. In this paper, we contribute Turbo, an efficient graph-based anti-fraud system, to fully exploit the abundant user behavior logs in a real-time manner. Turbo is able to additionally make use of the implicit user relationships beyond the user features in the logs. To capture the user relationships, we first propose a novel algorithm to construct a time-evolving user behavior network called BN. Empirical analysis demonstrates that fraudsters in BN exhibit unique temporal aggregation and homophilic patterns, which inspires us to develop a novel heterogeneous adaptive graph neural network algorithm called HAG. Specifically, in HAG two graph operators are presented to mitigate the over-smoothing problem and make better use of the heterogeneous behavior relations in BN. Extensive experiments on a real-world dataset show that our method outperforms state-of-the-art methods significantly and can give a response in seconds for each detection request.

Published
2021

17. Privacy Protection for Medical Data Sharing in Smart Healthcare

Author

Liming Fang, Chunpeng Ge, Muhammad Tanveer, Juncen Zhu, Changchun Yin, Alireza Jolfaei, Zehong Cao, Fang, Liming, Yin, Changchun, Zhu, Juncen, Ge, Chunpeng, Tanveer, M, Jolfaei, Alireza, and Cao, Zehong

Subjects
medical data privacy, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, smart healthcare, attribute-based encryption, Upload, 0803 Computer Software, 0805 Distributed Computing, 0806 Information Systems, Server, 0202 electrical engineering, electronic engineering, information engineering, Artificial Intelligence & Image Processing, Secure transmission, 021110 strategic, defence & security studies, business.industry, access control, Data sharing, Identification (information), Hardware and Architecture, 020201 artificial intelligence & image processing, Data center, business, computer
Abstract

Refereed/Peer-reviewed In virtue of advances in smart networks and the cloud computing paradigm, smart healthcare is transforming. However, there are still challenges, such as storing sensitive data in untrusted and controlled infrastructure and ensuring the secure transmission of medical data, among others. The rapid development of watermarking provides opportunities for smart healthcare. In this article, we propose a new data-sharing framework and a data access control mechanism. The applications are submitted by the doctors, and the data is processed in the medical data center of the hospital, stored in semi-trusted servers to support the selective sharing of electronic medical records from different medical institutions between different doctors. Our approach ensures that privacy concerns are taken into account when processing requests for access to patients' medical information. For accountability, after data is modified or leaked, both patients and doctors must add digital watermarks associated with their identification when uploading data. Extensive analytical and experimental results are presented that show the security and efficiency of our proposed scheme. usc

Published
2021

18. ELPPS: An Enhanced Location Privacy Preserving Scheme in Mobile Crowd-Sensing Network Based on Edge Computing

Author

Liming Fang, Minghui Li, and Yang Li

Subjects
Data processing, Information privacy, Computer science, business.industry, Mobile computing, 020206 networking & telecommunications, 02 engineering and technology, Grid, 0202 electrical engineering, electronic engineering, information engineering, Differential privacy, 020201 artificial intelligence & image processing, Enhanced Data Rates for GSM Evolution, business, Edge computing, Computer network, Data transmission
Abstract

Mobile Crowd-Sensing (MCS) is gradually extended to the edge network to reduce the delay of data transmission and improve the ability of data processing. However, a challenge is that there are still loopholes in the protection of privacy data, especially in location-based services. The attacker can reconstruct the location relationship network among the correlation about the environment information, identity information, and other sensing data provided by mobile users. Moreover, in the edge environment, this kind of attack is more accurate and more threatening to the location privacy information. To solve this problem, we propose a location privacy protection scheme (ELPPS) for a mobile crowd-sensing network in the edge environment, to protect the position correlation weight between sensing users through differential privacy. We use the grid anonymous algorithm to confuse the location information in order to reduce the computing cost of edge nodes. The experiment results show that the proposed framework can effectively protect the location information of the sensing users without reducing the availability of the sensing task results, and has a low delay.

Published
2020

19. Secure Door on Cloud: A Secure Data Transmission Scheme to Protect Kafka's Data

Author

Minghui Li, Liming Fang, Keyu Jiang, Hanyi Zhang, Weiting Zhang, and Lu Zhou

Subjects
020203 distributed computing, Information privacy, Computer science, business.industry, computer.internet_protocol, Reliability (computer networking), Data security, 020206 networking & telecommunications, Cloud computing, Access control, Plaintext, 02 engineering and technology, Service-oriented architecture, Service provider, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, business, computer
Abstract

Apache Kafka, which is a high-throughput distributed message processing system, has been leveraged by the majority of enterprise for its outstanding performance. Unlike common cloud-based access control architectures, Kafka service providers often need to build their systems on other enterprises' high-performance cloud platforms. However, since the cloud platform belongs to a third party, it is not necessarily reliable. Paradoxically, it has been demonstrated that Kafka's data is stored in the cloud in the plaintext form, and thus poses a serious risk of user privacy leakage. In this paper, we propose a secure fine-grained data transmission scheme called Secure Door on Cloud (SDoC) to protect the data from being leaked in Kafka. SDoC is not only more secure than Kafka's built-in security mechanism, but also can effectively prevent third-party cloud from stealing plaintext data. To evaluate the performance of the SDoC, we simulate normal inter-entity communication and show that Kafka with SDoC integration has a lower data transfer time overhead than that of Kafka with built-in security mechanism opened.

Published
2020

20. Ciphertext-Policy Attribute-Based Encryption with Multi-keyword Search over Medical Cloud Data

Author

Liming Fang, Lu Zhou, Hao Wang, and Changchun Yin

Subjects
020203 distributed computing, Security analysis, Information retrieval, business.industry, Computer science, 020207 software engineering, Cryptography, Cloud computing, 02 engineering and technology, Construct (python library), Encryption, Outsourcing, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Attribute-based encryption, business
Abstract

Over the years, public health has faced a large number of challenges like COVID-19. Medical cloud computing is a promising method since it can make healthcare costs lower. The computation of health data is outsourced to the cloud server. If the encrypted medical data is not decrypted, it is difficult to search for those data. Many researchers have worked on searchable encryption schemes that allow executing searches on encrypted data. However, many existing works support single-keyword search. In this article, we propose a patient-centered fine-grained attribute-based encryption scheme with multi-keyword search (CP-ABEMKS) for medical cloud computing. First, we leverage the ciphertext-policy attribute-based technique to construct trapdoors. Then, we give a security analysis. Besides, we provide a performance evaluation, and the experiments demonstrate the efficiency and practicality of the proposed CP-ABEMKS.

Published
2020

21. Handitext: handwriting recognition based on dynamic characteristics with incremental LSTM

Author

Hongwei Zhu, Zhe Liu, Shouling Ji, Weizhi Meng, Liming Fang, Zehong Cao, Boqing Lv, Yu Yu, Fang, Liming, Zhu, Hongwei, Lv, Boqing, Liu, Zhe, Meng, Weizhi, Yu, Yu, Ji, Shouling, and Cao, Zehong

Subjects
Scheme (programming language), Password, Authentication, Biometrics, Computer science, business.industry, Reliability (computer networking), handwriting recognition based on dynamic characteristics with incremental LSTM [HandiText], 020206 networking & telecommunications, 02 engineering and technology, General Medicine, Machine learning, computer.software_genre, Handwriting, Handwriting recognition, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, Word (computer architecture), computer.programming_language
Abstract

The Internet of Things (IoT) is a new manifestation of data science. To ensure the credibility of data about IoT devices, authentication has gradually become an important research topic in the IoT ecosystem. However, traditional graphical passwords and text passwords can cause user’s serious memory burdens. Therefore, a convenient method for determining user identity is needed. In this article, we propose a handwriting recognition authentication scheme named HandiText based on behavior and biometrics features. When people write a word by hand, HandiText captures their static biological features and dynamic behavior features during the writing process (writing speed, pressure, etc.). The features are related to habits, which make it difficult for attackers to imitate. We also carry out algorithms comparisons and experiments evaluation to prove the reliability of our scheme. The experiment results show that the Long Short-Term Memory has the best classification accuracy, reaching 99% while keeping relatively low false-positive rate and false-negative rate. We also test other datasets, the average accuracy of HandiText reach 98%, with strong generalization ability. Besides, the 324 users we investigated indicated that they are willing to use this scheme on IoT devices. Refereed/Peer-reviewed

Published
2020

22. THP: a novel authentication scheme to prevent multiple attacks in SDN-based IoT network

Author

Mohsin Tanveer, Zehong Cao, Liming Fang, Shouling Ji, Zhenyu Wen, Weizhi Meng, Yang Li, Xinyu Yun, Fang, Liming, Li, Yang, Yun, Xinyu, Wen, Zhenyu, Ji, Shouling, Meng, Weizhi, Cao, Zehong, and Tanveer, M

Subjects
Computer Networks and Communications, Computer science, 0805 Distributed Computing, 1005 Communications Technologies, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Permission, shoulder-surfing, Shoulder surfing, 0202 electrical engineering, electronic engineering, information engineering, password, Hacker, Password, 021110 strategic, defence & security studies, Authentication, business.industry, Usability, security and privacy, Computer Science Applications, Internet of Things (IoT), Hardware and Architecture, Signal Processing, 020201 artificial intelligence & image processing, business, Information Systems, Computer network
Abstract

Refereed/Peer-reviewed SDN has provided significant convenience for network providers and operators in cloud computing. Such a great advantage is extending to the Internet of Things network. However, it also increases the risk if the security of an SDN network is compromised. For example, if the network operator's permission is illegally obtained by a hacker, he/she can control the entry of the SDN network. Therefore, an effective authentication scheme is needed to fit various application scenarios with high-security requirements. In this article, we design, implement, and evaluate a new authentication scheme called the hidden pattern (THP), which combines graphics password and digital challenge value to prevent multiple types of authentication attacks at the same time. We examined THP in the perspectives of both security and usability, with a total number of 694 participants in 63 days. Our evaluation shows that THP can provide better performance than the existing schemes in terms of security and usability. usc

Published
2020

23. Privacy preserving cloud data sharing system with flexible control

Author

Jiandong Wang, Liming Fang, Zhiqiu Huang, and Chunpeng Ge

Subjects
Theoretical computer science, General Computer Science, business.industry, Computer science, 020207 software engineering, Plaintext, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Fuzzy logic, Set (abstract data type), Control and Systems Engineering, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, Proxy (statistics), business
Abstract

With the development of cloud technology, sharing date between users securely becomes more and more important. Moreover, the cloud server should provide a flexible control on sharing date. This work presents a notion named fuzzy conditional broadcast proxy re-encryption (FC-BPRE), in which a semi-honest proxy can transform a delegator’s ciphertext to a new ciphertext for a set of delegatees when the ciphertext satisfies a certain condition set by the delegator. However, the proxy cannot learn any useful information about the underlying plaintext. The proxy can convert a ciphertext, encrypted under a condition set W, to a ciphertext encrypted under a condition set W′ using a broadcast re-encryption key, if and only if S and S′ are close to each other. We first formalize the notion of FC-PBRE scheme and then proposed a construction.

Published
2018

24. Employing Hybrid sub-Nyquist Sampling Rates to Support Heterogeneous Services of Varying Capacity in 25-Gbps DDM-OFDM-PON

Author

Fumin Liu, Chun-Ting Lin, Lei Zhou, Chia-Chien Wei, Jhih-Hao Hsu, LiMing Fang, Chi-Hsiang Lin, and Min Yu

Subjects
lcsh:Applied optics. Photonics, sub-Nyquist sampling, orthogonal frequency-division multiplexing, Computer science, Orthogonal frequency-division multiplexing, Bandwidth (signal processing), lcsh:TA1501-1820, Delay-division multiplexing, 02 engineering and technology, Passive optical network, Multiplexing, Atomic and Molecular Physics, and Optics, 020210 optoelectronics & photonics, Transmission (telecommunications), Sampling (signal processing), 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, lcsh:QC350-467, Nyquist–Shannon sampling theorem, Nyquist rate, Electrical and Electronic Engineering, lcsh:Optics. Light
Abstract

Delay-division-multiplexing (DDM) involves the use of signal preprocessing for the detection of data via sub-Nyquist analog-to-digital sampling, based on preallocated relative sampling delays among optical network users (ONUs) in an orthogonal frequency-division multiplexing (OFDM) passive optical network (PON). If a DDM-PON consists of $M$ virtual groups, the sampling rate at the receivers is only $1/M$ of the Nyquist rate, but the maximum capacity of each ONU is fixed at $1/M$ of the total capacity. In this study, we developed a novel DDM scheme that uses hybrid sub-Nyquist sampling rates to accommodate heterogeneous services of different capacities in an OFDM-PON. To equalize the transmission performances using hybrid sub-Nyquist sampling rates, the modification of preprocessing was proposed, and its necessity was demonstrated. Without loss of generality, we experimentally demonstrated a 25-Gbps DDM-OFDM-PON using hybrid sampling at 1/2, 1/8, and 1/32 (or 1/8, 1/16, and 1/32) of the Nyquist rate. Compared to a DDM-PON with a fixed sub-Nyquist rate, the received signals based on hybrid sub-Nyquist sampling rates show similar sensitivities. A loss budget of 26 dB was experimentally achieved using all sub-Nyquist sampling rates after employing the modified preprocessing.

Published
2018

25. Provably Secure Dynamic ID-Based Anonymous Two-Factor Authenticated Key Exchange Protocol With Extended Security Model

Author

Kefei Chen, Xiao Tan, Guilin Wang, Qi Xie, Duncan S. Wong, and Liming Fang

Subjects
Dictionary attack, Computer Networks and Communications, Computer science, 02 engineering and technology, Computer security, computer.software_genre, Forward secrecy, 0202 electrical engineering, electronic engineering, information engineering, Session key, Safety, Risk, Reliability and Quality, Password, Authentication, Revocation, business.industry, 020208 electrical & electronic engineering, 020206 networking & telecommunications, Public key infrastructure, Mutual authentication, Computer security model, Authenticated Key Exchange, Authentication protocol, Smart card, Challenge–response authentication, business, computer, Computer network
Abstract

Authenticated key exchange (AKE) protocol allows a user and a server to authenticate each other and generate a session key for the subsequent communications. With the rapid development of low-power and highly-efficient networks, such as pervasive and mobile computing network in recent years, many efficient AKE protocols have been proposed to achieve user privacy and authentication in the communications. Besides secure session key establishment, those AKE protocols offer some other useful functionalities, such as two-factor user authentication and mutual authentication. However, most of them have one or more weaknesses, such as vulnerability against lost-smart-card attack, offline dictionary attack, de-synchronization attack, or the lack of forward secrecy, and user anonymity or untraceability. Furthermore, an AKE scheme under the public key infrastructure may not be suitable for light-weight computational devices, and the security model of AKE does not capture user anonymity and resist lost-smart-card attack. In this paper, we propose a novel dynamic ID-based anonymous two-factor AKE protocol, which addresses all the above issues. Our protocol also supports smart card revocation and password update without centralized storage. Further, we extend the security model of AKE to support user anonymity and resist lost-smart-card attack, and the proposed scheme is provably secure in extended security model. The low-computational and bandwidth cost indicates that our protocol can be deployed for pervasive computing applications and mobile communications in practice.

Published
2017

26. Identity-based conditional proxy re-encryption with fine grain policy

Author

Willy Susilo, Jiandong Wang, Chunpeng Ge, and Liming Fang

Subjects
021110 strategic, defence & security studies, Fine grain, Theoretical computer science, OR gate, General Computer Science, Computer science, Open problem, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Proxy re-encryption, Computer Science Applications, Hardware and Architecture, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Proxy (statistics), Law, computer, Software
Abstract

An identity-based conditional proxy re-encryption scheme (IB-CPRE) allows a semi-trusted proxy to convert a ciphertext satisfying one condition, which is set by the delegator, under one identity to another without the necessity to reveal the underlying message. In ICISC 2012, Liang, Liu, Tan, Wong and Tang proposed an IB-CPRE scheme, and left an open problem on how to construct chosen-ciphertext secure IB-CPRE supporting OR gates on conditions. In this work, we answer this aforementioned problem by constructing an identity-based conditional proxy re-encryption scheme with fine grain policy (IB-CPRE-FG). In an IB-CPRE-FG scheme, each ciphertext is labeled with a set of descriptive conditions and each re-encryption key is associated with an access tree that specifies which type of ciphertexts the proxy can re-encrypt. Furthermore, our scheme can be proved secure against adaptive access tree and adaptive identity chosen-ciphertext attack.

Published
2017

27. A proxy broadcast re-encryption for cloud data sharing

Author

Liming Fang, Maosheng Sun, Chunpeng Ge, and Jiandong Wang

Subjects
Delegate, Computer Networks and Communications, Computer science, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Random oracle, Public-key cryptography, Malleability, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, business.industry, 020207 software engineering, Plaintext, Proxy re-encryption, Ciphertext indistinguishability, Hardware and Architecture, 020201 artificial intelligence & image processing, Attribute-based encryption, Semantic security, business, computer, Software
Abstract

Proxy re-encryption (PRE) enables a semi-trusted proxy to automatically convert a delegator’s ciphertext to a delegate’s ciphertext without learning anything about the underlying plaintext. PRE schemes have broad applications, such as cloud data sharing systems, distributed file systems, email forward systems and DRM systems. In this paper, we introduced a new notion of proxy broadcast re-encryption (PBRE). In a PBRE scheme, a delegator, Alice, can delegate the decryption right to a set of users at a time, which means that Alice’s ciphertext can be broadcast re-encrypted. We propose a PBRE scheme and prove its security against a chosen-ciphertext attack (CCA) in the random oracle model under the decisional n-BDHE assumption. Furthermore, our scheme is collusion-resistant, which means the proxy cannot collude with a set of delegates to reveal the delegator’s private key.

Published
2017

28. A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch

Author

Liming Fang, Minghui Li, Chunpeng Ge, Lu Zhou, and Hanyi Zhang

Subjects
Information privacy, Computer science, Wearable computer, Access control, 02 engineering and technology, Computer security, computer.software_genre, re-encryption, lcsh:Chemical technology, Biochemistry, Article, Analytical Chemistry, attribute-based encryption, Smartwatch, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, lcsh:TP1-1185, Electrical and Electronic Engineering, smart watch, Instrumentation, business.industry, Homomorphic encryption, 020206 networking & telecommunications, homomorphic computation, Atomic and Molecular Physics, and Optics, privacy preservation, Software deployment, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer
Abstract

A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving and data access control. In this paper, we propose a fine-grained privacy-preserving access control architecture for smart watches (FPAS). In FPAS, we leverage the identity-based authentication scheme to protect the devices from malicious connection and policy-based access control for data privacy preservation. The core policy of FPAS is two-fold: (1) utilizing a homomorphic and re-encrypted scheme to ensure that the ciphertext information can be correctly calculated, (2) dividing the data requester by different attributes to avoid unauthorized access. We present a concrete scheme based on the above prototype and analyze the security of the FPAS. The performance and evaluation demonstrate that the FPAS scheme is efficient, practical, and extensible.

Published
2019

29. Tell the Device Password: Smart Device Wi-Fi Connection Based on Audio Waves

Author

Zuchao Ma, Zhaoyang Han, Liang Liu, and Liming Fang

Subjects
Internet of things, Computer science, Smart device, 0211 other engineering and technologies, audio waves, 02 engineering and technology, Encryption, lcsh:Chemical technology, Biochemistry, Article, Analytical Chemistry, law.invention, law, Wi-Fi provisioning, 0202 electrical engineering, electronic engineering, information engineering, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, Password, 021110 strategic, defence & security studies, Wireless network, business.industry, smart devices. Wi-Fi provisioning, smart devices, 020206 networking & telecommunications, Keying, Atomic and Molecular Physics, and Optics, Transmission (telecommunications), business, Computer network
Abstract

IoT devices are now enriching people’s life. However, the security of IoT devices seldom attracts manufacturers’ attention. There are already some solutions to the problem of connecting a smart device to a user’s wireless network based on the 802.11 transmission such as Smart Config from TI. However, it is insecure in many situations, and it does not have a satisfactory transmission speed, which does not mean that it has a low bit rate. It usually takes a long time for the device to recognize the data it receives and decode them. In this paper, we propose a new Wi-Fi connection method based on audio waves. This method is based on MFSK (Multiple frequency-shift keying) and works well in short distance, which enables the correctness and efficiency. In addition, audio waves can hardly be eavesdropped, which provides higher security than other methods. We also put forward an encryption solution by using jamming signal, which can greatly improve the security of the transmission.

Published
2019
Full Text
View/download PDF

30. Novel Time Synchronization Scheme in Delay-Division-Multiplexing OFDM-PON Using Sub-Nyquist Sampling

Author

Wei-Lun Chen, Min Yu, LiMing Fang, Fumin Liu, Chia-Chien Wei, Chun-Ting Lin, and Lei Zhou

Subjects
Signal processing, Computer science, Orthogonal frequency-division multiplexing, Sampling (statistics), 02 engineering and technology, Division (mathematics), 01 natural sciences, Multiplexing, 010309 optics, 020210 optoelectronics & photonics, Sampling (signal processing), Modulation, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, Bit error rate, Nyquist–Shannon sampling theorem
Abstract

We propose a novel time synchronization scheme in a DDM-OFDM-PON under the constraint of sub-Nyquist sampling. In a 25-Gb/s DDM-PON, the scheme can acquire precise delays, making the delay-related penalty in SNR < 0.2 dB.

Published
2019

32. A Chosen-Ciphertext Secure Fuzzy Identity-Based Proxy Re-Encryption Scheme

Author

Liming Fang, Chunpeng Ge, and Jiandong Wang

Subjects
Theoretical computer science, General Computer Science, Biometrics, Computer science, business.industry, 020207 software engineering, 02 engineering and technology, Computer security model, Encryption, Fuzzy logic, Proxy re-encryption, Covert, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Proxy (statistics), business
Abstract

Green and Ateniese introduced the notion of identity-based proxy re-encryption (IBPRE), whereby the proxy can covert a ciphertext encrypted under the delegator's identity to an encryption under the delegatee's identity of the same message. In some situations, biometric, such as dactylogram, was used as identities. However, these biometric identities will inherently have some noise when they are sampled each time. To make identity-based proxy re-encryption flexible on identities, we introduced a new primitive called fuzzy identity-based proxy re-encryption (FIB-PRE), in which an identity is viewed as a set of descriptive attributes. In a fuzzy identity-based proxy re-encryption scheme, an identity can decrypt a ciphertext re-encrypted under another identity , if and only if and are close to each other as measured by the “set overlap” distance metric. In this work, we first formulate the security model of a FIB-PRE scheme. Finally, we present a construction of FIB-PRE and prove its CCA security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random model.

Published
2016

33. Research on Non-interactive Construction based on Fuzzy Conditional Proxy Re-encryption

Author

Chunpeng Ge, Liming Fang, and Jiandong Wang

Subjects
Theoretical computer science, General Computer Science, Fang, Computer science, Ciphertext, Plaintext, Data_CODINGANDINFORMATIONTHEORY, Semantic security, Proxy (statistics), Fuzzy logic, Proxy re-encryption
Abstract

In a conditional proxy re-encryption (C-PRE) scheme, a semi-trusted proxy can transform Alice’s ciphertext into Bob’s ciphertext without learning the underlying plaintext, if the ciphertext satisfies a certain condition. To achieve more fine-grained delegation on conditions, Fang, Wang and Ge introduced the notion of fuzzy conditional proxy re-encryption (FC-PRE), whereby the conditions is viewed a set of descriptive

Published
2015

34. A privacy preserve big data analysis system for wearable wireless sensor network

Author

Huading Ling, Chunpeng Ge, Changchun Yin, Liming Fang, Juncen Zhu, and Zhe Liu

Subjects
General Computer Science, business.industry, Computer science, Big data, Wearable computer, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Order (business), Health care, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Leakage (economics), business, Law, Wireless sensor network, computer
Abstract

Big data and artificial intelligence develop rapidly. Big data analysis has been applied in many fields of smart healthcare. Once these data are leaked or modified during transmission, it will not only invade the privacy of patients, but also endanger their lives. Many researchers worked on encrypted personal health records (PHR). However, there are still some challenges, such as data leakage during deep learning and leakage of training models, and some users do not want their data to be leaked to the analysis organization. How to protect privacy while leveraging deep learning is a pressing issue. In this paper, we present a system for predicting disease and timely alarms by collecting data from sensors and using deep learning to analyze and monitor patient health data. In order to protect the privacy of health data, we adopt an assured data deletion approach which the data owner can choose to revoke some users’ access to their health data. Extensive analysis and experimental results are presented that demonstrate the security, and efficiency of our proposed approach.

Published
2020

35. A Hybrid Fuzzy Convolutional Neural Network Based Mechanism for Photovoltaic Cell Defect Detection with Electroluminescence Images

Author

Huading Ling, Changchun Yin, Aiping Zhang, Zhe Liu, Liming Fang, and Chunpeng Ge

Subjects
Computer science, business.industry, Deep learning, Photovoltaic system, Feature extraction, Fuzzy set, Pattern recognition, Convolutional neural network, Fuzzy logic, Convolution, Computational Theory and Mathematics, Hardware and Architecture, Signal Processing, Artificial intelligence, Smart camera, business
Abstract

In the intelligent manufacturing process of solar photovoltaic (PV) cells, the automatic defect detection system using the Industrial Internet of Things (IIoT) smart cameras and sensors cooperated in IIoT has become a promising solution. Many works have been devoted to defect detection of PV cells in a data-driven way. However, because of the subjectivity and fuzziness of human annotation, the data contains a high quantity of noise and unpredictable uncertainties, which creates great difficulties in automatic defect detection. To address this problem, we propose a novel architecture named fuzzy convolution, which integrates fuzzy logic and convolution operations at microscopic level. Combining the proposed fuzzy convolution with the regular convolution, we build a network called Hybrid Fuzzy Convolutional Neural Network (HFCNN). Compared with convolutional neural networks (CNNs), HFCNN can address the uncertainties of PV cell data to improve the accuracy with fewer parameters, making it possible to apply our method in smart cameras. Experimental results on a public dataset show the superiority of our proposed method compared with CNNs.

Published
2020

36. Secure Keyword Search and Data Sharing Mechanism for Cloud Computing

Author

Pawel Szalachowski, Chunpeng Ge, Jinyue Xia, Zhe Liu, Willy Susilo, and Liming Fang

Subjects
021110 strategic, defence & security studies, Information privacy, Database, business.industry, Computer science, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Computer security model, Service provider, computer.software_genre, Encryption, Random oracle, Data sharing, Chosen-ciphertext attack, Electrical and Electronic Engineering, business, computer
Abstract

The emergence of cloud infrastructure has significantly reduced the costs of hardware and software resources in computing infrastructure. To ensure security, the data is usually encrypted before it's outsourced to the cloud. Unlike searching and sharing the plain data, it is challenging to search and share the data after encryption. Nevertheless, it is a critical task for the cloud service provider as the users expect the cloud to conduct a quick search and return the result without losing data confidentiality. To overcome these problems, we propose a ciphertext-policy attribute-based mechanism with keyword search and data sharing (CPAB-KSDS) for encrypted cloud data. The proposed solution not only supports attribute-based keyword search but also enables attribute-based data sharing at the same time, which is in contrast to the existing solutions that only support either one of two features. Additionally, the keyword in our scheme can be updated during the sharing phase without interacting with the PKG. In this article, we describe the notion of CPAB-KSDS as well as its security model. Besides, we propose a concrete scheme and prove that it is against chosen ciphertext attack and chosen keyword attack secure in the random oracle model. Finally, the proposed construction is demonstrated practical and efficient in the performance and property comparison.

Published
2020

37. APD-based delay-division-multiplexing OFDM-PONs

Author

Min Yu, Chi-Hsiang Lin, LiMing Fang, Lei Zhou, Jhih-Hao Hsu, Chia-Chien, Fumin Liu, and Chun-Ting Lin

Subjects
020210 optoelectronics & photonics, Sampling (signal processing), Computer science, Orthogonal frequency-division multiplexing, Modulation, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, 02 engineering and technology, Nyquist rate, Avalanche photodiode, Passive optical network, Multiplexing, Communication channel
Abstract

Based on pre-allocated relative sampling delays among optical network users (ONUs) in an orthogonal frequency-division multiplexing (OFDM) passive optical network (PON), the delay-division-multiplexing (DDM) technique employs signal pre-processing to enable demand data to be received by sub-Nyquist analog-to-digital sampling. This work employed an avalanche photodiode (APD) in a DDM-OFDM-PON to achieve higher loss budget, compared to a p-i-n photodiode (PIN). To successfully enable the pre-processing, however, the knowledge of channel response is required; thus, it is critical to estimate complete channel response in DDM-OFDM systems under the constraint of sub-Nyquist sampling. To avoid spectral overlapping in channel estimation, the subcarriers of training symbols in different frequency zones are allocated to different time slots. Unfortunately, this scheme may sustain inaccurate channel estimation due to different degrees of APD saturation for training subcarriers at different frequency zones, leading to significant penalty in performance. Thus, careful control of electrical driving power and optical received power for the training symbols will be important to reduce the impact of saturation on channel estimation, thereby improving transmission performance. We experimentally examined the impact of the accuracy of channel estimation in a 25-Gbps APD-based OFDM-PON. Compared to a PIN, we successfully demonstrated the DDM scheme based on an APD and 1/32 of Nyquist rate with 5-dB improvement in sensitivity after 25-km fiber transmission.

Published
2018

38. A Secure Multimedia Data Sharing Scheme for Wireless Network

Author

Liming Fang, Liang Liu, Maosheng Sun, and Jinyue Xia

Subjects
Article Subject, Multimedia, Computer Networks and Communications, business.industry, Computer science, Wireless network, 020206 networking & telecommunications, 020207 software engineering, Cloud computing, 02 engineering and technology, Trusted third party, Encryption, computer.software_genre, Default gateway, Ciphertext, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, Wireless, lcsh:T1-995, The Internet, business, lcsh:Science (General), computer, Information Systems, lcsh:Q1-390
Abstract

A large number of wireless devices like WiFi cameras and 4G robots have been deployed in the rapidly growing wireless network such as Internet of Things. All of the devices (sensors) are collecting and analyzing multimedia data all the time while they are actively working, and it is also required to share data among these the sensors. Typically, the wireless data is transmitted through the network gateway or the cloud platforms. In such a wireless environment, if there is no appropriate protection to the data, it is easy to cause potential data leakage. In reality, the owner of the sensor might only want to share the multimedia data stored in the sensor with a trusted third party (e.g., a family member or a coworker) through an internet gateway or the cloud platform. Ideally, the gateway or the cloud platform in the wireless network should transform one user’s encrypted data (wireless multimedia data) directly into another ciphertext under a set of new users (e.g., a trusted third party) without accessing the user’s plaintext data. In this work, a new secure notion called fuzzy-conditional proxy broadcast re-encryption (FC-PBRE) is presented to address the concern. In a FC-PBRE scheme, the proxy (the gateway or cloud server) uses a broadcast re-encryption key to re-encrypt the encrypted wireless multimedia data which can be decrypted by a set of delegatees if and only if the broadcast key’s conditional set W is close to the conditional set W′ of the ciphertext. With the FC-PBRE scheme, the wireless multimedia data is not disclosed and cannot be learnt by the proxy (the gateway or cloud server). In this paper, we first present the definition of security against chosen-ciphertext attacks for FC-PBRE. Second, we propose an efficient fuzzy-conditional proxy broadcast re-encryption scheme. Third, we prove that our FC-PBRE scheme is CCA-secure in the random oracle model based on the Decisional nBDHE assumption.

Published
2018

39. A Key-Policy Attribute-Based Proxy Re-Encryption Without Random Oracles: Table 1

Author

Zhiqiu Huang, Jiandong Wang, Chunpeng Ge, Willy Susilo, Yongjun Ren, and Liming Fang

Subjects
General Computer Science, business.industry, Computer science, Internet privacy, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Proxy re-encryption, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Proxy (statistics), computer, Key policy
Published
2015

40. A ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds

Author

Willy Susilo, Liming Fang, Duncan S. Wong, and Kaitai Liang

Subjects
Plaintext-aware encryption, Computer Networks and Communications, business.industry, Computer science, Plaintext, Encryption, Computer security, computer.software_genre, Proxy re-encryption, Computer Science Applications, Theoretical Computer Science, Random oracle, Ciphertext indistinguishability, Computational Theory and Mathematics, Malleability, Ciphertext, Attribute-based encryption, Bilinear map, business, Semantic security, computer, Software
Abstract

Ciphertext-policy attribute-based proxy re-encryption CP-ABPRE extends the traditional Proxy Re-Encryption PRE by allowing a semi-trusted proxy to transform a ciphertext under an access policy to another ciphertext with the same plaintext under a new access policy i.e., attribute-based re-encryption. The proxy, however, learns nothing about the underlying plaintext. CP-ABPRE has many real world applications, such as fine-grained access control in cloud storage systems and medical records sharing among different hospitals. All the existing CP-ABPRE schemes are leaving chosen-ciphertext attack CCA security as an interesting open problem. This paper, for the first time, proposes a new CP-ABPRE scheme to tackle the problem. The new scheme supports attribute-based re-encryption with any monotonic access structures. Despite being constructed in the random oracle model, our scheme can be proven CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption. Copyright © 2014 John Wiley & Sons, Ltd.

Published
2014

41. Security Data Auditing based on Multifunction Digital Watermark for Multimedia File in Cloud Storage

Author

Jin Wang, Yongjun Ren, Jian Shen, Liming Fang, and Jiang Xu

Subjects
Service (systems architecture), Access network, Cloud computing security, General Computer Science, Multimedia, business.industry, Computer science, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Cloud computing, computer.software_genre, Computer security, Server, business, computer, Host (network), Digital watermarking, Cloud storage
Abstract

Cloud computing is a promising computing model that enables convenient and on-demand network access to a shared pool of configurable computing resources. In cloud computing, data owners host their data on cloud servers and data consumers can access the data from cloud servers. This new paradigm of data storage service also introduces new security challenges, because data owners and data servers have different identities and different business interests. Therefore, an independent auditing service is required to make sure that the data is correctly hosted in the Cloud. However, the existing solutions are not specific to the multimedia data. Moreover copyright protection is not provided. In this paper, we define specially a provable data possession model for multimedia file, and present a framework based on digital watermarking for multimedia data storages audit service, in which we analyze the security features of audit service for multimedia data outsourcing and the corresponding properties of digital watermarking. Moreover as an example, we present a provable data possession scheme based on double function self-embedded digital watermark, which integrate image content audit service and copyright protection.

Published
2014

42. On downstream transmissions in EPON Protocol over Coax (EPoC): An analysis of Coax framing approaches and other relevant considerations

Author

Biswanath Mukherjee, Kira Zhangli, Saigopal Thota, Hesham Elbakoury, Partha Bhaumik, Jim Chen, and Liming Fang

Subjects
Radio frequency over glass, Computer Networks and Communications, business.industry, Computer science, Quality of service, EPON Protocol over Coax, Physical layer, Access control, Passive optical network, Atomic and Molecular Physics, and Optics, Hardware and Architecture, Framing (construction), Electrical and Electronic Engineering, business, Software, Computer network, Data transmission
Abstract

We present different mechanisms for downstream transmissions in the coax segment of Ethernet Passive Optical Network (EPON) Protocol over Coax (EPoC). EPoC is the transparent extension of EPON over a cable operator's Hybrid Fiber-Coax network. For managing and controlling such a hybrid network, a network operator prefers to have a unified scheduling, management, and quality of service environment that includes both the optical and coax portions of the network. In EPoC, this is achieved by extending the EPON Medium Access Control to run over the coax physical layer, to have a centralized end-to-end network control from the cable head-end to the end users premises. In this paper, we focus on the downstream transmissions in EPoC. We study three different framing approaches for downstream coax frames based on how sub-carriers in an orthogonal frequency division multiplexed symbol are modulated. We discuss the merits and demerits of each approach and then compare them based on their control overheads and the maximum average data transmission rates each of them can achieve. We analyze how different parameters such as modulation profile, symbol duration, number of sub-carriers and length of resource blocks affect the data rates and the performance of downstream transmissions. We present simulation results to examine the implications of these factors on packet-level performance, such as delay. The results indicate that dynamic and hybrid framing approaches tend to perform better than static approaches, when traffic and usage pattern are identical to those in real-world scenarios. Finally, we outline the important engineering and research problems in this area which can be topics of future research.

Published
2014

43. Y-DWMS: A Digital Watermark Management System Based on Smart Contracts

Author

Liang Liu, Liming Fang, Bo Zhao, Weizhi Meng, Chunpeng Ge, Hanyi Zhang, and Chunhua Su

Subjects
blockchain, game theory, Digital rights management, Smart contract, Computer science, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, lcsh:Chemical technology, Computer security, computer.software_genre, Biochemistry, Article, Analytical Chemistry, Blockchain, 0202 electrical engineering, electronic engineering, information engineering, Digital rights, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, Digital watermarking, Game theory, digital rights management, business.industry, Information technology, 020206 networking & telecommunications, Atomic and Molecular Physics, and Optics, ComputingMilieux_GENERAL, Management system, 020201 artificial intelligence & image processing, smart contract, business, computer
Abstract

With the development of information technology, films, music, and other publications are inclined to be distributed in digitalized form. However, the low cost of data replication and dissemination leads to digital rights problems and brings huge economic losses. Up to now, existing digital rights management (DRM) schemes have been powerless to deter attempts of infringing digital rights and recover losses of copyright holders. This paper presents a YODA-based digital watermark management system (Y-DWMS), adopting non-repudiation of smart contract and blockchain, to implement a DRM mechanism to infinitely amplify the cost of infringement and recover losses copyright holders suffered once the infringement is reported. We adopt game analysis to prove that in Y-DWMS, the decision of non-infringement always dominates rational users, so as to fundamentally eradicate the infringement of digital rights, which current mainstream DRM schemes cannot reach.

Published
2019

44. Conditional proxy broadcast re-encryption with fine grain policy for cloud data sharing

Author

Liming Fang, Chunpeng Ge, Maosheng Sun, and Jiandong Wang

Subjects
Theoretical computer science, Fine grain, business.industry, Computer science, Plaintext, Data_CODINGANDINFORMATIONTHEORY, Encryption, Random oracle, Cloud data, If and only if, Hardware and Architecture, Ciphertext, business, Proxy (statistics), Software
Abstract

Conditional proxy broadcast re-encryption (CPBRE) enables a semi-trusted proxy to convert Alice's ciphertext satisfying a certain condition into a set of users' ciphertext. The proxy, however, cannot learn anything about the underlying plaintext. The traditional CPBRE schemes cannot support flexible control on conditions. In this paper, we present a new primitive named conditional proxy broadcast re-encryption with fine grain policy (CPBRE-FG). In a CPBRE-FG scheme, the re-encryption key is generated with an access tree, and the ciphertext is constructed under a set of descriptive conditions. The proxy can convert a ciphertext if and only if the set of conditions satisfies the access tree. We formalise the notion of CPBRE-FG and present an efficient CPBRE-FG scheme. Finally, we prove it against chosen-ciphertext attack (CCA) security in the random oracle model.

Published
2019

45. EPON protocol over coax (EPoC): overview and design issues from a MAC layer perspective?

Author

Hesham Elbakoury, Saigopal Thota, Biswanath Mukherjee, Liming Fang, Partha Bhaumik, Kira Zhangli, and Jim Chen

Subjects
Radio frequency over glass, Network architecture, Computer Networks and Communications, business.industry, Computer science, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, EPON Protocol over Coax, Physical layer, Internet backbone, Passive optical network, Ethernet frame, Computer Science Applications, Embedded system, Electrical and Electronic Engineering, business, Computer network
Abstract

We investigate the challenges in designing the network architecture for running EPON (Ethernet Passive Optical Network) Protocol over Coax, or EPoC in short. EPoC is the transparent extension of EPON over a cable operator's Hybrid Fiber-Coax (HFC) network, and uses a hybrid of optical and coaxial technologies to carry traffic to and from end-users and the Internet backbone. For managing and controlling such a hybrid network, a network operator will prefer to have a unified scheduling, management, and quality-of-service (QoS) environment that includes both the optical and coax portions of the network. This can be achieved by extending the EPON Medium Access Control (MAC) to run over the coax physical layer, to have a centralized end-to-end network control from the cable head-end to the end-users' premises. The use of the coax portion of the network is transparent to EPON protocol operation in the headend, as the same MAC runs over the entire network. In this article, we describe the architecture of EPoC, and outline how the EPON MAC Control, i.e., the EPON Multi-Point Control Protocol (MPCP) can be extended for designing an end-to-end Multi-Point MAC Control for EPoC. We explain the design of several MAC functions and their operation, including framing for coax, Ethernet frame fragmentation, generation of upstream and downstream Media Allocation Plans, and automatic discovery and registration of user equipment. With strong backing from both service operators and equipment vendors, EPoC is set to become a rapidly-evolving standard within the next few years, and the creation of the IEEE 802.3bn Task Force for EPoC is a major step in that direction.

Published
2013

46. Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Author

Jiandong Wang, Chunpeng Ge, Liming Fang, and Willy Susilo

Subjects
Scheme (programming language), Information Systems and Management, business.industry, Computer science, Adversary, Encryption, Computer security, computer.software_genre, Oracle, Computer Science Applications, Theoretical Computer Science, Random oracle, Public-key cryptography, Artificial Intelligence, Control and Systems Engineering, Key (cryptography), Chosen-ciphertext attack, business, computer, Software, Secure channel, computer.programming_language
Abstract

The notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a ''trapdoor'' (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.'s work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and secure channel free, proposed by Byun et al. and Baek et al., respectively. The former realizes the fact that in practice, the space of the keywords used is very limited, while the latter considers the removal of secure channel between the receiver and the server to make PEKS practical. Unfortunately, the existing construction of PEKS secure against keyword guessing attack is only secure under the random oracle model, which does not reflect its security in the real world. Furthermore, there is no complete definition that captures secure channel free PEKS schemes that are secure against chosen keyword attack, chosen ciphertext attack, and against keyword guessing attacks, even though these notions seem to be the most practical application of PEKS primitives. In this paper, we make the following contributions. First, we define the strongest model of PEKS which is secure channel free and secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. In particular, we present two important security notions namely IND-SCF-CKCA and IND-KGA. The former is to capture an inside adversary, while the latter is to capture an outside adversary. Intuitively, it should be clear that IND-SCF-CKCA captures a more stringent attack compared to IND-KGA. Second, we present a secure channel free PEKS scheme secure without random oracle under the well known assumptions, namely DLP, DBDH, SXDH and truncated q-ABDHE assumption. Our contributions fill the gap in the literature and hence, making the notion of PEKS very practical. We shall highlight that our scheme is IND-SCF-CKCA secure.

Published
2013

47. A massage robot based on Chinese massage therapy

Author

Lei Hu, Jie Zhang, Junyuan Jiang, Yun Wang, Bangcheng Zhang, Jun Zhang, Yan Cui, Liming Fang, and Lvzhong Ma

Subjects
medicine.medical_specialty, Massage, Computer science, Kinematics, Safety control, Thumb, Industrial and Manufacturing Engineering, Computer Science Applications, medicine.anatomical_structure, Physical medicine and rehabilitation, Control and Systems Engineering, medicine, Robot, Eye tracking, System structure
Abstract

PurposeAs Chinese massage is increasingly popular, many physicians are needed these days. In order to promote the experience and skills of experts and reduce labour intensity during massage, a massage robot, which could reproduce the expert techniques with individualized manipulation parameters and enhanced safety control strategies, is presented in this paper.Design/methodology/approachThe kinematic and force features of key massage techniques, such as Thumb Kneading, Pressing, Rolling, Vibrating and Pinching, are summarized by analyzing the massage processes of expert physicians, and a mathematical model for robotic massage is established. With safety issues taken into account, the overall system structure of the massage robot is proposed. The system generally consists of a positioning platform and a massage end‐effector which implements the massage techniques, and the end‐effector is further divided into a parallel mechanism and a massage hand to accommodate different techniques. Visual tracking is used for positioning acupuncture points by recognizing markers on a massage vest worn by the patient. A pain threshold value is introduced to individualize therapy schemes and a force‐position control method based on the pain threshold is presented.FindingsVAS (Visual Analogue Scale) tests for lumbar muscle strain are carried out using the massage robot, and the treatment effect of the massage robot based on traditional Chinese massage therapy theory is initially validated.Research limitations/implicationsThe treatment effect of the massage robot needs to be assessed clinically for more occasions and more clinical experiments will be conducted, to optimize the configuration and control strategy to meet the clinical needs in future work.Originality/valueThe robotic massage system presented in this paper is acting on acupuncture points based on traditional Chinese massage therapy theory, with human manipulation techniques reproduced and expert experiences incorporated. The massage robot can take the place of a massager to perform Chinese massage. Most of the massage robotic systems published in the world perform only one massage technique and the whole massage process is not completely considered. By comparison, the authors' massage robot could perform five techniques. Furthermore, the authors have designed the procedure of robotic massage specifically for patients who suffer from lumbar muscle strain.

Published
2013

48. High speed OFDM-CDMA optical access network

Author

Ian H. White, Liming Fang, Adrian Wonfor, Qi Wang, L. Zhou, Richard V. Penty, X. Guo, Wonfor, Adrian [0000-0003-2219-7900], Penty, Richard [0000-0003-4605-1455], White, Ian [0000-0002-7368-0305], and Apollo - University of Cambridge Repository

Subjects
business.industry, Orthogonal frequency-division multiplexing, Computer science, Code division multiple access, Time division multiple access, 02 engineering and technology, Optical performance monitoring, optical communications, 01 natural sciences, Passive optical network, Atomic and Molecular Physics, and Optics, 010309 optics, modulation, 020210 optoelectronics & photonics, Optics, 10G-PON, networks, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, Electronic engineering, Channel access method, business, Telecommunications
Abstract

We demonstrate the feasibility of a 16 × 3.75 Gb/s (60 Gb/s aggregate) Orthogonal frequency division multiplexing-code division multiple access passive optical network for next-generation access applications. 3.75 Gb/s PON channel transmission over 25 km single-mode fiber shows 0.1 dB dispersion and 0.9 dB crosstalk penalties. Advantages of the system include high capacity, enhanced spectral efficiency, coding gain, and networking functions such as increased security and single-wavelength operation.

Published
2016

49. 16-User OFDM-CDMA Optical Access Network

Author

Liming Fang, Richard V. Penty, L. Zhou, X. Guo, Ian H. White, Adrian Wonfor, Qi Wang, and X. Li

Subjects
Access network, Orthogonal frequency-division multiplexing, business.industry, Computer science, Code division multiple access, 02 engineering and technology, Coding gain, Crosstalk, 020210 optoelectronics & photonics, Time-division multiplexing, Polarization mode dispersion, Wavelength-division multiplexing, 0202 electrical engineering, electronic engineering, information engineering, Electronic engineering, Telecommunications, business
Abstract

We demonstrate a 16×2.5 Gb/s (40 Gb/s aggregate) OFDM-CDMA PON for next-generation access applications. Four-channel error-free transmission over 25 km SMF shows 6 dB coding gain, with 0.1 dB dispersion and 0.9 dB crosstalk penalties.

Published
2016

50. Hierarchical conditional proxy re-encryption

Author

Jiandong Wang, Liming Fang, Willy Susilo, and Chunpeng Ge

Subjects
Theoretical computer science, business.industry, Computer science, Encryption, Computer security, computer.software_genre, Proxy re-encryption, Hardware and Architecture, Wildcard, Computer Science::Multimedia, Ciphertext, Key derivation function, Proxy (statistics), business, Law, computer, Software, Computer Science::Cryptography and Security
Abstract

In this paper, we introduce a new primitive called hierarchical conditional proxy re-encryption (HC-PRE) that enhances the concept of C-PRE by allowing more general re-encryption key delegation patterns. Hierarchical conditional proxy re-encryption (HC-PRE) scheme is the hierarchical extension of conditional proxy re-encryption (C-PRE) where the condition is a vector of keywords. We present an efficient construction of hierarchical key derivation C-PRE scheme where the ciphertext length is independent from the depth of the hierarchy. We further extend our work by presenting a more generalized key delegation, by allowing the use of a wildcard in the keyword vector.

Published
2012

Catalog

Books, media, physical & digital resources
See catalog results