Your search keyword '"Ruoqing-Zhang"' showing total 10 results

1. A Temporal and Spatial Constrained Attribute-Based Access Control Scheme for Cloud Storage

Author

Xuan Wang, Yulin Wu, Ruoqing Zhang, Zoe Lin Jiang, Zechao Liu, and S. M. Yiu

Subjects

Scheme (programming language), Service (systems architecture), Computer science, business.industry, Distributed computing, Access control, 02 engineering and technology, Encryption, 020202 computer hardware & architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, Time domain, business, computer, Cloud storage, computer.programming_language, Access structure

Abstract

Cloud storage service allows data owners to store their (encrypted) data in a remote and may be untrusted cloud server. Attribute-Based Encryption (ABE) provides an excellent and flexible solution for data access control. As more and more applications evolved, ABE schemes may not handle all scenarios, in particular, if the access control has a time and location constraint. Time and location attributes are not as static as other general attributes. Existing ABE schemes cannot efficiently handle the continuous range of an attribute making it impractical for temporal and spatial constraints that are changing dynamically. In this paper, we propose a novel temporal and spatial constrained attribute-based access control (TSC-ABAC) scheme to solve this problem. Our system adopts a redesigned access structure and makes use of multi-dimensional range derivation function to match the time domain. This is the first ABE scheme that can efficiently handle time and location elements simultaneously. We further propose an extended TSC-ABAC scheme, which aims at reducing the decryption cost imposed on user. A thorough security and performance analysis shows that our design is secure and efficient. The result of our work could provide a feasible and practical data access control scheme for cloud storage services.

Published

2018

2. DCN: Detector-Corrector Network Against Evasion Attacks on Deep Neural Networks

Author

Ruoqing Zhang, Jing Wen, Siu-Ming Yiu, and Lucas C. K. Hui

Subjects

Artificial neural network, Contextual image classification, Computer science, business.industry, Deep learning, Evasion (network security), 020206 networking & telecommunications, 02 engineering and technology, 010501 environmental sciences, Machine learning, computer.software_genre, 01 natural sciences, Electronic mail, Binary classification, 0202 electrical engineering, electronic engineering, information engineering, Probability distribution, Artificial intelligence, business, computer, MNIST database, 0105 earth and related environmental sciences

Abstract

Deep neural networks are extensively used in image recognition. However, its integrity is compromised by evasion attacks. Attackers can easily craft adversarial examples that make DNNs unknowingly output the labels they want rather than the right labels. In a recent study, it was shown that existing detection methods are not effective in identifying these adversarial examples, i.e., it is a realistic threat to existing systems. Unlike the previous detection methods, we observe that the classification probability distributions of adversarial examples and those of untampered examples exhibit a big difference, which can be easily identified based on the output of a DNN without getting into the complicated DNN internal structure. Based on this new insight, we propose a new light-weight detection method by transforming the detection of adversarial examples into a binary classification problem. The detector we train achieves almost 100% accuracy on adversarial examples. Moreover, we propose a detector-corrector network that effectively reduces successful rate of existing state-of-the-art evasion attacks under three commonly used distance metrics. In particular, for the common L2 attack, DCN mitigates 99% adversarial examples on MNIST and 95% on CIFAR-10. Our evaluation demonstrates that DCN is significantly more effective and efficient against various evasion attacks than existing methods.

Published

2018

3. A Revocable Outsourcing Attribute-Based Encryption Scheme

Author

Siu-Ming Yiu, Lucas C. K. Hui, Xuan Wang, Zechao Liu, Junbin Fang, Zoe Lin Jiang, and Ruoqing Zhang

Subjects

Cryptographic primitive, Revocation, Computer science, business.industry, Computer security, computer.software_genre, Encryption, Outsourcing, Probabilistic encryption, Ciphertext, 56-bit encryption, Attribute-based encryption, business, computer

Abstract

Attribute-Based Encryption (ABE) is a generalized cryptographic primitive from normal public key encryption. It provides an access control mechanism over encrypted message using access policies and ascribed attributes. This scheme can solve the privacy issue when data is outsourced to cloud for storage well. However, there are some practical issues which must be fixed before ABE becomes applicable. One is that both the ciphertext size and the decryption time grows with the complexity of the access policy, which brings pressure to mobile devies. The other is that, from practical point of view, some users might be disabled for some attributes or be removed from the system. It demands on flexible revocation mechanism supporting both user and attribute granularities. In this research, we propose a solution adopting techniques on secure outsourcing of pairings to support outsourcing computation and adopting some techniques based on the tree-based scheme to solve user revocation and attribute revocation. We also give its security model and proof.

Published

2017

4. A Traceable Outsourcing CP-ABE Scheme with Attribute Revocation

Author

Zechao Liu, Xiaoqi Yu, Lucas C. K. Hui, Sm Yiu, Ruoqing Zhang, and Zoe Lin Jiang

Subjects

Revocation, business.industry, Computer science, Distributed computing, 020206 networking & telecommunications, Cloud computing, Cryptography, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Electronic mail, Outsourcing, Random oracle, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a useful cryptographic scheme and is being considered for cloud application as more and more users leverage cloud platforms to store and process their data. However, existing CP-ABE schemes still have a number of limitations that make it not effective to be used in a practical application. Firstly, the size of the ciphertext and the time for decryption grow with the complexity of the access formula. This efficiency issue becomes a problem when using a cloudplatform and mobile devices with limited processing capacity. Secondly, in reality, the attributes of users may be changed from time to time, or some users may eventually leave the system due to resignation. This practical concern requires a scheme with flexible and fine-grained revocation optionsupporting attribute-level changes. Lastly, traceability is also an important feature to track potential traitors who leak the partial decryption keys if ABE is used in a real scenario. None of the existing CP-ABE schemes are able to satisfy these three properties simultaneously. In this paper, we propose apractical CP-ABE that can achieve all three requirements. Our system adopts techniques on secure outsourcing of pairings to support efficient outsourcing computation and makes use of a subset cover algorithm to meet the requirements of revocation and traceability. Our scheme is proved to be a selectively replayable chosen-ciphertext attack (RCCA) secure in random oracle model. The result of our work could provide a feasible, reliable and practical CP-ABE scheme for the realistic application.

Published

2017

5. Crypt-EHRServer: Protecting Confidentiality with Attribute-Based Encryption and Encrypted Query Processing

Author

Lucas C. K. Hui, Ruoqing Zhang, and Chiling Chow

Subjects

SQL, 020205 medical informatics, business.industry, Computer science, Cloud computing, Cryptography, Plaintext, 02 engineering and technology, Computer security, computer.software_genre, Encryption, openEHR, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, computer.programming_language

Abstract

OpenEHR is an open standard specification for developing flexible electronic health record (EHR) management system. It defines the standard service models and APIs, and offers a whole lifetime data storage method to the patient's record. As an important OpenEHR system component, EHRServer plays the role of back-end services repository for data storage and query. It complies with the openEHR specifications and adopts MySQL database. However, current EHRServer has many limitations. For example, its official requirement stresses that one organization cannot access the EHR owned by other organizations. The original EHRServer database is in plaintext format. It can lead to the risk of electronic record leakage. Encryption is one common protection method, but the current EHRServer APIs do not support encrypted data query. That restricts building EHRServer on the cloud. What's more, the inconvenience of information sharing among different organizations may also hinder the extension of OpenEHR coverage to more domains and countries. To solve the above open problems, in this paper, we explore two approaches which guarantee the security and flexibility of sharing EHR on the cloud and thus propose a new architecture called Crypt-EHRServer. Firstly, we use attribute-based encryption to realize flexible EHR access authority for different authorized organizations. Secondly, we learn from an efficient ciphertext query model, CryptDB, and adopt their onion encryption approach to support standard SQL queries on the encrypted EHR. The result of our work could provide a flexible, scalable and secure EHR system. Crypt-EHRServer will benefit OpenEHR's widespread adoption in the world, and will also arouse people's awareness about incorporating security criteria into the design of electronic health records management systems.

Published

2017

6. F-DDIA: A Framework for Detecting Data Injection Attacks in Nonlinear Cyber-Physical Systems

Author

Siu-Ming Yiu, Jingxuan Wang, Ruoqing Zhang, Gang Zhou, and Lucas C. K. Hui

Subjects

021110 strategic, defence & security studies, Article Subject, Computer Networks and Communications, Computer science, Real-time computing, Detector, 0211 other engineering and technologies, Cyber-physical system, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Nonlinear system, Experimental testing, Compressed sensing, Feature (computer vision), Injection attacks, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, lcsh:T1-995, Data mining, lcsh:Science (General), Focus (optics), computer, lcsh:Q1-390, Information Systems

Abstract

Data injection attacks in a cyber-physical system aim at manipulating a number of measurements to alter the estimated real-time system states. Many researchers recently focus on how to detect such attacks. However, most of the detection methods do not work well for the nonlinear systems. In this paper, we present a compressive sampling methodology to identify the attack, which allows determining how many and which measurement signals are launched. The sparsity feature is used. Generally, our methodology can be applied to both linear and nonlinear systems. The experimental testing, which includes realistic load patterns from NYISO with various attack scenarios in the IEEE 14-bus system, confirms that our detector performs remarkably well.

Published

2017

7. A Provable Secure Mutual RFID Authentication Protocol Based on Error-Correct Code

Author

Zehui Li, Ruoqing Zhang, Yatao Yang, and Zichen Li

Subjects

business.industry, Computer science, Cryptography, Computer security, computer.software_genre, Encryption, Public-key cryptography, Authentication protocol, McEliece cryptosystem, Radio-frequency identification, business, Protocol (object-oriented programming), computer, Data Authentication Algorithm, Computer network

Abstract

The security of radio frequency identification (RFID) has become an increasingly severe issue. We propose a mutual RFID authentication secure protocol, based on the QC-MDPC McEliece type public cryptography in order to protect the information interaction security in wireless channel of RFID system. It owns low storage of public key, perfect efficiency of encryption & decryption, and high security. The security proofed for this novel protocol was given by using the reduction method, and the hardness of attacking protocol was reduced to the decoding hard problem of the linear codes. The performance results also show that compared to other authentication protocols, this protocol is more feasible for RFID system which has low cost and high efficiency.

Published

2014

8. A Homomorphic ElGamal Variant Based on BGN's Method

Author

Zhiwei Chen, Ruoqing Zhang, Yatao Yang, and Zichen Li

Subjects

Discrete mathematics, Homomorphic secret sharing, business.industry, Computer science, Cramer–Shoup cryptosystem, Homomorphic encryption, ElGamal signature scheme, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Public-key cryptography, Cryptosystem, business, computer, ElGamal encryption, Computer Science::Cryptography and Security, Goldwasser–Micali cryptosystem

Abstract

Homomorphic encryption has numerous applications, which can directly calculate on encrypted data. In this paper, a simple variant of ElGamal is presented which supports arbitrary additions and one multiplication, similarly to the cryptosystem of Boneh, Goh, and Nissim (BGN). The construction adopts a bilinear pairing map to meet the multiplicative homomorphism. A confirmatory example is given to prove this cryptosystems homomorphism. In the additive homomorphic operation aspect, our scheme possesses a higher security than BGN's method. Obviously, it also offers a way of multiplying two cipher texts. Finally, a security analysis is shown to demonstrate that this variant of ElGamal cryptosystem satisfy CPA and IND-CCA security.

Published

2013

9. An Efficient Massive Evidence Storage and Retrieval Scheme in Encrypted Database

Author

Zichen-Li, Yatao-Yang, Ruoqing-Zhang, and Zehui-Li

Subjects

Database, Initialization vector, Computer science, business.industry, Plaintext, Cloud computing, computer.software_genre, Encryption, Digital evidence, Data redundancy, Ciphertext, business, computer, Database model

Abstract

In this paper, the problem is described which of storing massive digital evidence and preventing potential information leaks in forensics. The strategy of cloud encrypted database is therefore to be proposed. Existing encrypted database frameworks and solutions do not provide a satisfactory result to solve the problem. They either cause potential information leaks or have unacceptable data redundancy. We propose an efficient encrypted database model adopting initialization vector transfer and numerical order replacement. Experimental results show that the ciphertext retrieval speed can be significantly matched with what of plaintext.

Published

2013

10. An efficient scheme for log integrity check in security monitoring system

Author

Yatao Yang, Zhiwei Chen, Ruoqing Zhang, and Zichen Li

Subjects

Scheme (programming language), Security monitoring, Computer science, Hash function, Login, Computer security, computer.software_genre, Group testing, Integrity check, Computer engineering, Transversal design, Overhead (computing), computer, computer.programming_language

Abstract

In this paper, we describe the problem of checking the integrity of log in monitoring system for forensics investigation. Existing frameworks and solutions do not provide a satisfactory result to solve the problem. They either require a mass amount of storage overhead to store the hash values of the events or may not be able to match the situation in an effective way if some events have been modified. We propose an efficient hashing scheme with Shifted Transversal Design Group Testing algorithm to calculate hash values for all events in a log file as the integrity proof and precisely locate the events which have been corrupted. Experimental results show that the storage overhead can be significantly decreased by adopting the scheme.

Published

2013