Your search keyword '"Li, Yingjiu"' showing total 529 results

1. SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner

Author

Wang, Xunguang, Wu, Daoyuan, Ji, Zhenlan, Li, Zongjie, Ma, Pingchuan, Wang, Shuai, Li, Yingjiu, Liu, Yang, Liu, Ning, and Rahmel, Juergen

Subjects

Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence

Abstract

Jailbreaking is an emerging adversarial attack that bypasses the safety alignment deployed in off-the-shelf large language models (LLMs) and has evolved into four major categories: optimization-based attacks such as Greedy Coordinate Gradient (GCG), jailbreak template-based attacks such as "Do-Anything-Now", advanced indirect attacks like DrAttack, and multilingual jailbreaks. However, delivering a practical jailbreak defense is challenging because it needs to not only handle all the above jailbreak attacks but also incur negligible delay to user prompts, as well as be compatible with both open-source and closed-source LLMs. Inspired by how the traditional security concept of shadow stacks defends against memory overflow attacks, this paper introduces a generic LLM jailbreak defense framework called SelfDefend, which establishes a shadow LLM defense instance to concurrently protect the target LLM instance in the normal stack and collaborate with it for checkpoint-based access control. The effectiveness of SelfDefend builds upon our observation that existing LLMs (both target and defense LLMs) have the capability to identify harmful prompts or intentions in user queries, which we empirically validate using the commonly used GPT-3.5/4 models across all major jailbreak attacks. Our measurements show that SelfDefend enables GPT-3.5 to suppress the attack success rate (ASR) by 8.97-95.74% (average: 60%) and GPT-4 by even 36.36-100% (average: 83%), while incurring negligible effects on normal queries. To further improve the defense's robustness and minimize costs, we employ a data distillation approach to tune dedicated open-source defense models. These models outperform four SOTA defenses and match the performance of GPT-4-based SelfDefend, with significantly lower extra delays. We also empirically show that the tuned models are robust to targeted GCG and prompt injection attacks., Comment: This paper completes its earlier vision paper, available at arXiv:2402.15727

Published

2024

2. Prove You Owned Me: One Step beyond RFID Tag/Mutual Authentication

Author

Cai, Shaoying, Li, Yingjiu, Ma, Changshe, Chow, Sherman S. M., and Deng, Robert H.

Subjects

Computer Science - Cryptography and Security

Abstract

Radio Frequency Identification (RFID) is a key technology used in many applications. In the past decades, plenty of secure and privacy-preserving RFID tag/mutual authentication protocols as well as formal frameworks for evaluating them have been proposed. However, we notice that a property, namely proof of possession (PoP), has not been rigorously studied till now, despite it has significant value in many RFID applications. For example, in RFID-enabled supply chains, PoP helps prevent dis-honest parties from publishing information about products/tags that they actually have never processed. We propose the first formal framework for RFID tag/mutual authentication with PoP after correcting deficiencies of some existing RFID formal frameworks. We provide a generic construction to transform an RFID tag/mutual authentication protocol to one that supports PoP using a cryptographic hash function, a pseudorandom function (PRF) and a signature scheme. We prove that the constructed protocol is secure and privacy-preserving under our framework if all the building blocks possess desired security properties. Finally, we show an RFID mutual authentication protocol with PoP. Arming tag/mutual authentication protocols with PoP is an important step to strengthen RFID-enabled systems as it bridges the security gap between physical layer and data layer, and reduces the misuses of RFID-related data.

Published

2022

3. AnoPas: Practical anonymous transit pass from group signatures with time-bound keys

Author

Shi, Rui, Yang, Yang, Li, Yingjiu, Feng, Huamin, Pang, Hwee Hwa, and Deng, Robert H.

Published

2024

4. Accountable Fine-grained Blockchain Rewriting in the Permissionless Setting

Author

Tian, Yangguang, Liu, Bowen, Li, Yingjiu, Szalachowski, Pawel, and Zhou, Jianying

Subjects

Computer Science - Cryptography and Security

Abstract

Blockchain rewriting with fine-grained access control allows a user to create a transaction associated with a set of attributes, while another user (or modifier) who possesses enough rewriting privileges from a trusted authority satisfying the attribute set can rewrite the transaction. However, it lacks accountability and is not designed for open blockchains that require no trust assumptions. In this work, we introduce accountable fine-grained blockchain rewriting in a permissionless setting. The property of accountability allows the modifier's identity and her rewriting privileges to be held accountable for the modified transactions in case of malicious rewriting (e.g., modify the registered content from good to bad). We first present a generic framework to secure blockchain rewriting in the permissionless setting. Second, we present an instantiation of our approach and show its practicality through evaluation analysis. Last, we demonstrate that our proof-of-concept implementation can be effectively integrated into open blockchains., Comment: Under submission

Published

2021

5. HufuNet: Embedding the Left Piece as Watermark and Keeping the Right Piece for Ownership Verification in Deep Neural Networks

Author

Lv, Peizhuo, Li, Pan, Zhang, Shengzhi, Chen, Kai, Liang, Ruigang, Zhao, Yue, and Li, Yingjiu

Subjects

Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence

Abstract

Due to the wide use of highly-valuable and large-scale deep neural networks (DNNs), it becomes crucial to protect the intellectual property of DNNs so that the ownership of disputed or stolen DNNs can be verified. Most existing solutions embed backdoors in DNN model training such that DNN ownership can be verified by triggering distinguishable model behaviors with a set of secret inputs. However, such solutions are vulnerable to model fine-tuning and pruning. They also suffer from fraudulent ownership claim as attackers can discover adversarial samples and use them as secret inputs to trigger distinguishable behaviors from stolen models. To address these problems, we propose a novel DNN watermarking solution, named HufuNet, for protecting the ownership of DNN models. We evaluate HufuNet rigorously on four benchmark datasets with five popular DNN models, including convolutional neural network (CNN) and recurrent neural network (RNN). The experiments demonstrate HufuNet is highly robust against model fine-tuning/pruning, kernels cutoff/supplement, functionality-equivalent attack, and fraudulent ownership claims, thus highly promising to protect large-scale DNN models in the real-world.

Published

2021

6. A Practical Forward-Secure DualRing

Author

Li, Nan, Li, Yingjiu, Miyaji, Atsuko, Tian, Yangguang, Yuen, Tsz Hon, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Deng, Jing, editor, Kolesnikov, Vladimir, editor, and Schwarzmann, Alexander A., editor

Published

2023

7. AGChain: A Blockchain-based Gateway for Trustworthy App Delegation from Mobile App Markets

Author

Chen, Mengjie, Yi, Xiao, Wu, Daoyuan, Xu, Jianliang, Li, Yingjiu, and Gao, Debin

Subjects

Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture

Abstract

The popularity of smartphones has led to the growth of mobile app markets, creating a need for enhanced transparency, global access, and secure downloading. This paper introduces AGChain, a blockchain-based gateway that enables trustworthy app delegation within existing markets. AGChain ensures that markets can continue providing services while users benefit from permanent, distributed, and secure app delegation. During its development, we address two key challenges: significantly reducing smart contract gas costs and enabling fully distributed IPFS-based file storage. Additionally, we tackle three system issues related to security and sustainability. We have implemented a prototype of AGChain on Ethereum and Polygon blockchains, achieving effective security and decentralization with a minimal gas cost of around 0.002 USD per app upload (no cost for app download). The system also exhibits reasonable performance with an average overhead of 12%., Comment: This is a technical report submitted to the Special Issue of the Elsevier Journal of Systems Architecture (JSA)

Published

2021

8. DeepMnemonic: Password Mnemonic Generation via Deep Attentive Encoder-Decoder Model

Author

Cheng, Yao, Xu, Chang, Hai, Zhen, and Li, Yingjiu

Subjects

Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence

Abstract

Strong passwords are fundamental to the security of password-based user authentication systems. In recent years, much effort has been made to evaluate password strength or to generate strong passwords. Unfortunately, the usability or memorability of the strong passwords has been largely neglected. In this paper, we aim to bridge the gap between strong password generation and the usability of strong passwords. We propose to automatically generate textual password mnemonics, i.e., natural language sentences, which are intended to help users better memorize passwords. We introduce \textit{DeepMnemonic}, a deep attentive encoder-decoder framework which takes a password as input and then automatically generates a mnemonic sentence for the password. We conduct extensive experiments to evaluate DeepMnemonic on the real-world data sets. The experimental results demonstrate that DeepMnemonic outperforms a well-known baseline for generating semantically meaningful mnemonic sentences. Moreover, the user study further validates that the generated mnemonic sentences by DeepMnemonic are useful in helping users memorize strong passwords., Comment: Published in IEEE Transactions on Dependable and Secure Computing (TDSC)

Published

2020

9. PRI: PCH-based privacy-preserving with reusability and interoperability for enhancing blockchain scalability

Author

Li, Yuxian, Weng, Jian, Wu, Wei, Li, Ming, Li, Yingjiu, Tu, Haoxin, Wu, Yongdong, and Deng, Robert H.

Published

2023

10. When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

Author

Liu, Ximing, Li, Yingjiu, Deng, Robert H., Chang, Bing, and Li, Shujun

Subjects

Computer Science - Cryptography and Security, Computer Science - Human-Computer Interaction

Abstract

This paper proposes the first user-independent inter-keystroke timing attacks on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users (not necessarily the target victims). Our attacks can thus be potentially launched on a large scale in real-world settings. We investigate inter-keystroke timing attacks in different online attack settings and evaluate their performance on PINs at different strength levels. Our experimental results show that the proposed attack performs significantly better than random guessing attacks. We further demonstrate that our attacks pose a serious threat to real-world applications and propose various ways to mitigate the threat., Comment: 16 pages, 9 figures

Published

2018

11. M-EDESE: Multi-Domain, Easily Deployable, and Efficiently Searchable Encryption

Author

Yuan, Jiaming, Li, Yingjiu, Ning, Jianting, Deng, Robert H., Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Su, Chunhua, editor, Gritzalis, Dimitris, editor, and Piuri, Vincenzo, editor

Published

2022

12. What's (Not) Validating Network Paths: A Survey

Author

Bu, Kai, Yang, Yutian, Laird, Avery, Luo, Jiaqing, Li, Yingjiu, and Ren, Kui

Subjects

Computer Science - Networking and Internet Architecture

Abstract

Validating network paths taken by packets is critical for a secure Internet architecture. Any feasible solution must both enforce packet forwarding along endhost-specified paths and verify whether packets have taken those paths. However, neither enforcement nor verification is supported by the current Internet. Due likely to a long-standing confusion between routing and forwarding, only limited solutions for path validation exist in the literature. This survey article aims to reinvigorate research in to the significant and essential topic of path validation. It crystallizes not only how path validation works but also where seemingly qualified solutions fall short. The analyses explore future research directions in path validation toward improving security, privacy, and efficiency., Comment: 30 pages with 5 figures, submitted to ACM Computing Surveys

Published

2018

13. SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications

Author

Wu, Daoyuan, Cheng, Yao, Gao, Debin, Li, Yingjiu, and Deng, Robert H.

Subjects

Computer Science - Cryptography and Security

Abstract

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for operations originally prohibited. Many prior studies have been performed to understand and mitigate this issue, but no defense is being deployed in the wild, largely due to the deployment difficulties and performance concerns. In this paper we present SCLib, a secure component library that performs in-app mandatory access control on behalf of app components. It does not require firmware modification or app repackaging as in previous works. The library-based nature also makes SCLib more accessible to app developers, and enables them produce secure components in the first place over fragmented Android devices. As a proof of concept, we design six mandatory policies and overcome unique implementation challenges to mitigate attacks originated from both system weaknesses and common developer mistakes. Our evaluation using ten high-profile open source apps shows that SCLib can protect their 35 risky components with negligible code footprint (less than 0.3% stub code) and nearly no slowdown to normal intra-app communications. The worst-case performance overhead to stop attacks is about 5%., Comment: This is the extended technical report version of our SCLib paper accepted by ACM CODASPY 2018 (http://www.ycheng.org/codaspy/2018/accepted.html)

Published

2018

14. Policy-Based Remote User Authentication From Multi-Biometrics.

Author

Tian, Yangguang, Li, Yingjiu, Deng, Robert H, Yang, Guomin, and Li, Nan

Subjects

*BIOMETRIC identification, *CLIENT/SERVER computing, *ENTROPY (Information theory), *ACCESS control, *PUBLIC key cryptography

Abstract

In this paper, we introduce the first generic framework of policy-based remote user authentication from multiple biometrics. The proposed framework allows an authorized user to remotely authenticate herself to an authentication server using her multiple biometrics, which enhances both the security and usability of user authentications. The authentication server approves a user's authentication request if and only if the user's multiple biometrics satisfies an authentication policy. In particular, the authentication policy can be dynamically updated to satisfy different security and usability requirements in practice. We implement an instantiation of the proposed framework and report its performance under various authentication policies. [ABSTRACT FROM AUTHOR]

Published

2024

15. SecComp: Towards Practically Defending Against Component Hijacking in Android Applications

Author

Wu, Daoyuan, Gao, Debin, Li, Yingjiu, and Deng, Robert H.

Subjects

Computer Science - Cryptography and Security

Abstract

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By hijacking a vulnerable component in victim apps, an attack app can escalate its privilege for originally prohibited operations. Many prior studies have been performed to understand and mitigate this issue, but component hijacking remains a serious open problem in the Android ecosystem due to no effective defense deployed in the wild. In this paper, we present our vision on practically defending against component hijacking in Android apps. First, we argue that to fundamentally prevent component hijacking, we need to switch from the previous mindset (i.e., performing system-level control or repackaging vulnerable apps after they are already released) to a more proactive version that aims to help security-inexperienced developers make secure components in the first place. To this end, we propose to embed into apps a secure component library (SecComp), which performs in-app mandatory access control on behalf of app components. An important factor for SecComp to be effective is that we find it is possible to devise a set of practical in-app policies to stop component hijacking. Furthermore, we allow developers design custom policies, beyond our by-default generic policies, to support more fine-grained access control. We have overcome challenges to implement a preliminary SecComp prototype, which stops component hijacking with very low performance overhead. We hope the future research that fully implements our vision can eventually help real-world apps get rid of component hijacking., Comment: This is a technical report on Android security from Singapore Management University

Published

2016

16. M-EDESE: Multi-Domain, Easily Deployable, and Efficiently Searchable Encryption

Author

Yuan, Jiaming, primary, Li, Yingjiu, additional, Ning, Jianting, additional, and Deng, Robert H., additional

Published

2022

17. PkT-SIN: A Secure Communication Protocol for Space Information Networks with Periodic k-Time Anonymous Authentication

Author

Yang, Yang, primary, Xue, Wenyi, additional, Sun, Jianfei, additional, Yang, Guomin, additional, Li, Yingjiu, additional, Pang, HweeHua, additional, and Deng, Robert H., additional

Published

2024

18. AnoPay: Anonymous Payment for Vehicle Parking with Updatable Credential

Author

Yang, Yang, primary, Xue, Wenyi, additional, Zhan, Yonghua, additional, Huang, Minming, additional, Li, Yingjiu, additional, and Deng, Robert H., additional

Published

2024

19. Message Control for Blockchain Rewriting

Author

Li, Yingjiu, primary, Sengupta, Binanda, additional, Tian, Yangguang, additional, Yuan, Jiaming, additional, and Yuen, Tsz Hon, additional

Published

2024

20. A Robustness-Assured White-Box Watermark in Neural Networks

Author

Lv, Peizhuo, primary, Li, Pan, additional, Zhang, Shengzhi, additional, Chen, Kai, additional, Liang, Ruigang, additional, Ma, Hualong, additional, Zhao, Yue, additional, and Li, Yingjiu, additional

Published

2023

21. SignEPC : A Digital Signature Scheme for Efficient and Scalable Access Control in EPCglobal Network

Author

Lee, Roy Ka-Wei and Li, Yingjiu

Subjects

Computer Science - Cryptography and Security

Abstract

The EPCglobal network is a computer network which allows supply chain companies to search for their unknown partners globally and share information stored in product RFID tags with each other. Although there have been quite a number of recent research works done to improve the security of EPCglobal Network, the existing access control solutions are not efficient and scalable. For instance, when a user queries Electronic Product Code Information Service (EPCIS) for EPC event information, the EPCIS would have to query the Electronic Product Code Discovery Service (EPCDS) to check the access rights of the user. This implementation is not efficient and creates a bottleneck at EPCDS. In this paper, we design and propose a digital signature scheme, SignEPC, as a more efficient and scalable access control solution for EPCglobal network. Our paper will also evaluate SignEPC by considering the various possible attacks that could be done on our proposed model

Published

2015

22. Privacy-Preserving Biometric-Based Remote User Authentication with Leakage Resilience

Author

Tian, Yangguang, Li, Yingjiu, Chen, Rongmao, Li, Nan, Liu, Ximeng, Chang, Bing, Yu, Xingjie, Akan, Ozgur, Series Editor, Bellavista, Paolo, Series Editor, Cao, Jiannong, Series Editor, Coulson, Geoffrey, Series Editor, Dressler, Falko, Series Editor, Ferrari, Domenico, Series Editor, Gerla, Mario, Series Editor, Kobayashi, Hisashi, Series Editor, Palazzo, Sergio, Series Editor, Sahni, Sartaj, Series Editor, Shen, Xuemin (Sherman), Series Editor, Stan, Mircea, Series Editor, Xiaohua, Jia, Series Editor, Zomaya, Albert Y., Series Editor, Beyah, Raheem, editor, Chang, Bing, editor, Li, Yingjiu, editor, and Zhu, Sencun, editor

Published

2018

23. Efficient ciphertext-policy attribute-based encryption with blackbox traceability

Author

Xu, Shengmin, Yuan, Jiaming, Xu, Guowen, Li, Yingjiu, Liu, Ximeng, Zhang, Yinghui, and Ying, Zuobin

Published

2020

24. Generic Construction of ElGamal-Type Attribute-Based Encryption Schemes with Revocability and Dual-Policy

Author

Xu, Shengmin, Zhang, Yinghui, Li, Yingjiu, Liu, Ximeng, Yang, Guomin, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Chen, Songqing, editor, Choo, Kim-Kwang Raymond, editor, Fu, Xinwen, editor, Lou, Wenjing, editor, and Mohaisen, Aziz, editor

Published

2019

25. Anonymous Asynchronous Payment Channel from k-Time Accountable Assertion

Author

Tian, Yangguang, Li, Yingjiu, Sengupta, Binanda, Li, Nan, Yu, Yong, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Mu, Yi, editor, Deng, Robert H., editor, and Huang, Xinyi, editor

Published

2019

26. Privacy-Preserving Remote User Authentication with k-Times Untraceability

Author

Tian, Yangguang, Li, Yingjiu, Sengupta, Binanda, Deng, Robert Huijie, Ching, Albert, Liu, Weiwei, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Guo, Fuchun, editor, Huang, Xinyi, editor, and Yung, Moti, editor

Published

2019

27. DSH: Deniable Secret Handshake Framework

Author

Tian, Yangguang, Li, Yingjiu, Zhang, Yinghui, Li, Nan, Yang, Guomin, Yu, Yong, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Su, Chunhua, editor, and Kikuchi, Hiroaki, editor

Published

2018

28. When Human cognitive modeling meets PINs: User-independent inter-keystroke timing attacks

Author

Liu, Ximing, Li, Yingjiu, Deng, Robert H., Chang, Bing, and Li, Shujun

Published

2019

29. Attribute-Based Encryption with Granular Revocation

Author

Cui, Hui, Deng, Robert H., Ding, Xuhua, Li, Yingjiu, Akan, Ozgur, Series editor, Bellavista, Paolo, Series editor, Cao, Jiannong, Series editor, Coulson, Geoffrey, Series editor, Dressler, Falko, Series editor, Ferrari, Domenico, Series editor, Gerla, Mario, Series editor, Kobayashi, Hisashi, Series editor, Palazzo, Sergio, Series editor, Sahni, Sartaj, Series editor, Shen, Xuemin Sherman, Series editor, Stan, Mircea, Series editor, Xiaohua, Jia, Series editor, Zomaya, Albert Y., Series editor, Deng, Robert, editor, Weng, Jian, editor, Ren, Kui, editor, and Yegneswaran, Vinod, editor

Published

2017

30. Attribute-Based Encryption with Expressive and Authorized Keyword Search

Author

Cui, Hui, Deng, Robert H., Liu, Joseph K., Li, Yingjiu, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Pieprzyk, Josef, editor, and Suriadi, Suriadi, editor

Published

2017

31. Employing Smartwatch for Enhanced Password Authentication

Author

Chang, Bing, Liu, Ximing, Li, Yingjiu, Wang, Pingjian, Zhu, Wen-Tao, Wang, Zhan, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Ma, Liran, editor, Khreishah, Abdallah, editor, Zhang, Yan, editor, and Yan, Mingyuan, editor

Published

2017

32. User-friendly deniable storage for mobile devices

Author

Chang, Bing, Cheng, Yao, Chen, Bo, Zhang, Fengwei, Zhu, Wen-Tao, Li, Yingjiu, and Wang, Zhan

Published

2018

33. ShadowKey: A Practical Leakage Resilient Password System

Author

Li, Yingjiu, Yan, Qiang, Deng, Robert H., Zdonik, Stan, Series editor, Shekhar, Shashi, Series editor, Katz, Jonathan, Series editor, Wu, Xindong, Series editor, Jain, Lakhmi C., Series editor, Padua, David, Series editor, Shen, Xuemin (Sherman), Series editor, Furht, Borko, Series editor, Subrahmanian, V.S., Series editor, Hebert, Martial, Series editor, Ikeuchi, Katsushi, Series editor, Siciliano, Bruno, Series editor, Jajodia, Sushil, Series editor, Lee, Newton, Series editor, Li, Yingjiu, Yan, Qiang, and Deng, Robert H.

Published

2015

34. CoverPad: A Leakage Resilient Password System on Touch-Screen Mobile Devices

Author

Li, Yingjiu, Yan, Qiang, Deng, Robert H., Zdonik, Stan, Series editor, Shekhar, Shashi, Series editor, Katz, Jonathan, Series editor, Wu, Xindong, Series editor, Jain, Lakhmi C., Series editor, Padua, David, Series editor, Shen, Xuemin (Sherman), Series editor, Furht, Borko, Series editor, Subrahmanian, V.S., Series editor, Hebert, Martial, Series editor, Ikeuchi, Katsushi, Series editor, Siciliano, Bruno, Series editor, Jajodia, Sushil, Series editor, Lee, Newton, Series editor, Li, Yingjiu, Yan, Qiang, and Deng, Robert H.

Published

2015

35. Leakage Resilient Password Systems: Attacks, Principles, and Usability

Author

Li, Yingjiu, Yan, Qiang, Deng, Robert H., Zdonik, Stan, Series editor, Shekhar, Shashi, Series editor, Katz, Jonathan, Series editor, Wu, Xindong, Series editor, Jain, Lakhmi C., Series editor, Padua, David, Series editor, Shen, Xuemin (Sherman), Series editor, Furht, Borko, Series editor, Subrahmanian, V.S., Series editor, Hebert, Martial, Series editor, Ikeuchi, Katsushi, Series editor, Siciliano, Bruno, Series editor, Jajodia, Sushil, Series editor, Lee, Newton, Series editor, Li, Yingjiu, Yan, Qiang, and Deng, Robert H.

Published

2015

36. EvoPass: Evolvable graphical password against shoulder-surfing attacks

Author

Yu, Xingjie, Wang, Zhan, Li, Yingjiu, Li, Liang, Zhu, Wen Tao, and Song, Li

Published

2017

37. SparkAC: Fine-Grained Access Control in Spark for Secure Data Sharing and Analytics

Author

Xue, Tao, primary, Wen, Yu, additional, Luo, Bo, additional, Li, Gang, additional, Li, Yingjiu, additional, Zhang, Boyang, additional, Zheng, Yang, additional, Hu, Yanfei, additional, and Meng, Dan, additional

Published

2023

38. RFID Privacy at the Network Level

Author

Li, Yingjiu, Deng, Robert H., Bertino, Elisa, Li, Yingjiu, Deng, Robert H., and Bertino, Elisa

Published

2014

39. RFID Security at the Network Level

Author

Li, Yingjiu, Deng, Robert H., Bertino, Elisa, Li, Yingjiu, Deng, Robert H., and Bertino, Elisa

Published

2014

40. RFID Privacy at the Physical Level

Author

Li, Yingjiu, Deng, Robert H., Bertino, Elisa, Li, Yingjiu, Deng, Robert H., and Bertino, Elisa

Published

2014

41. Introduction

Author

Li, Yingjiu, Deng, Robert H., Bertino, Elisa, Li, Yingjiu, Deng, Robert H., and Bertino, Elisa

Published

2014

42. RFID Security at the Physical Level

Author

Li, Yingjiu, Deng, Robert H., Bertino, Elisa, Li, Yingjiu, Deng, Robert H., and Bertino, Elisa

Published

2014

43. Server-Aided Revocable Attribute-Based Encryption

Author

Cui, Hui, Deng, Robert H., Li, Yingjiu, Qin, Baodong, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Askoxylakis, Ioannis, editor, Ioannidis, Sotiris, editor, Katsikas, Sokratis, editor, and Meadows, Catherine, editor

Published

2016

44. A Feasible No-Root Approach on Android

Author

Cheng, Yao, Li, Yingjiu, Deng, Robert H., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Liu, Joseph K., editor, and Steinfeld, Ron, editor

Published

2016

45. Efficient Tag Path Authentication Protocol with Less Tag Memory

Author

Wang, Hongbing, Li, Yingjiu, Zhang, Zongyang, Zhao, Yunlei, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Bao, Feng, editor, Chen, Liqun, editor, Deng, Robert H., editor, and Wang, Guojun, editor

Published

2016

46. Double Issuer-Hiding Attribute-Based Credentials From Tag-Based Aggregatable Mercurial Signatures

Author

Shi, Rui, Yang, Yang, Li, Yingjiu, Feng, Huamin, Shi, Guozhen, Pang, Hwee Hwa, and Deng, Robert H.

Abstract

Attribute-based anonymous credentials offer users fine-grained access control in a privacy-preserving manner. However, in such schemes obtaining a user's credentials requires knowledge of the issuer's public key, which obviously reveals the issuer's identity that must be hidden from users in certain scenarios. Moreover, verifying a user's credentials also requires the knowledge of issuer's public key, which may infer the user's private information from their choice of issuer. In this article, we introduce the notion of double issuer-hiding attribute-based credentials (${\sf DIHAC}$DIHAC) to tackle these two problems. In our model, a central authority can issue public-key credentials for a group of issuers, and users can obtain attribute-based credentials from one of the issuers without knowing which one it is. Then, a user can prove that their credential was issued by one of the authenticated issuers without revealing which one to a verifier. We provide a generic construction, as well as a concrete instantiation for ${\sf DIHAC}$DIHAC based on structure-preserving signatures on equivalence classes (JOC's 19) and a novel primitive which we call $tag$tag-$based$based $aggregatable$aggregatable $mercurial$mercurial $signatures$signatures. Our construction is efficient without relying on zero-knowledge proofs. We provide rigorous evaluations on personal laptop and smartphone platforms, respectively, to demonstrate its practicability.

Published

2024

47. Identifiable, But Not Visible: A Privacy-Preserving Person Reidentification Scheme

Author

Zhao, Bowen, Li, Yingjiu, Liu, Ximeng, Li, Xiaoguo, Pang, Hwee Hwa, and Deng, Robert H.

Abstract

Person re-identification (Person Re-ID) is widely regarded as a promising technique to identify a target person through surveillance cameras in the wild. Nevertheless, person Re-ID leads to severe personal image privacy concerns as personal images are stipulated by laws and guidelines as private data. To address these concerns, this article explores the first solution for building a privacy-preserving person Re-ID system. Specifically, this article formulizes privacy-preserving person Re-ID as similarity metrics of encrypted feature vectors because the underlying operation of person Re-ID is to compute the similarity of feature vectors that are extracted from person images by a machine learning model. However, feature vectors are generally denoted by floating-point numbers. To this end, this article exploits a series of new encoding mechanisms and secure batch computing protocols to encrypt floating-point feature vectors and achieve the underlying operation of person Re-ID. Rigorous theoretical analyses demonstrate that this work achieves person Re-ID without compromising any personal image privacy. Furthermore, the proposed secure batch protocols significantly enhance the performance of privacy-preserving person Re-ID while outputting the same precision as the previous method.

Published

2023

48. Anonymous Asynchronous Payment Channel from k-Time Accountable Assertion

Author

Tian, Yangguang, primary, Li, Yingjiu, additional, Sengupta, Binanda, additional, Li, Nan, additional, and Yu, Yong, additional

Published

2019

49. Server-Aided Revocable Identity-Based Encryption

Author

Qin, Baodong, Deng, Robert H., Li, Yingjiu, Liu, Shengli, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Pandu Rangan, C., Editorial Board Member, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Weikum, Gerhard, Series Editor, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Pernul, Günther, editor, Y A Ryan, Peter, editor, and Weippl, Edgar, editor

Published

2015

50. Detecting Camouflaged Applications on Mobile Application Markets

Author

Kywe, Su Mon, Li, Yingjiu, Deng, Robert H., Hong, Jason, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lee, Jooyoung, editor, and Kim, Jongsung, editor

Published

2015