Information Assurance Research (IAR) Laboratory, UALR

    • Lu Shi (PhD Student, since Jan. 2011)

Research Project I - Collaborative and Privacy-preserving Machine Learning over Outsourced Biomedical Information

Accuracy of the training process of machine learning would be improved if the training set is appropriately large. It is thus beneficial to allow individuals to utilize each other's private training data set. However, privacy issue exists when sharing sensitive biomedical information for the purpose of collaborative training. It is necessary to let individuals utilize each other's private biomedical information (training data) without revealing the data content to others. Secure computation techniques can solve this tension, but they are believed to be too expensive in complexity to be practical for most applications. In this project we designed practical collaborative and privacy-preserving machine learning algorithms [1]. Our solution is also able to securely mitigate most computationally intensive operations to the cloud and thus leave minimal computational complexity on user side.


Research Project II - Cryptography-enabled Fine-grained Cloud Data Sharing

Moving into cloud introduces a challenging issue of securing data storage and sharing. Due to the open nature of the cloud, cloud customers may want to keep sensitive data confidential against cloud servers while storing them in the cloud. This requirement, however, would render flexible data sharing difficult since it rules out most traditional access control mechanisms in which the servers usually need to access data content. While data encryption provides a nature solution to data confidentiality, it also raises the tension between efficient key management and fine-grained data access control in large-scale applications. Our goal for this project is to solve this tension and allow cloud customers to enforce fine-grained access policies with scalability and efficiency.

In this project we propose to let cloud customers (data owners) encrypt data before outsourcing. We utilize attribute-based encryption for data encryption, in which attributes are defined for data and user decryption keys are associated with flexible access structures defined over the attributes. We allow cloud costumers to offload computation-intensive operations to cloud servers without disclosing data content [5,6]. We achieve this with our novel computation delegation technique which uniquely combines attribute-based encryption with proxy re-encryption. In addition, our solution is able to provide user accountability [7] and privacy preservation of access policies [8].


Research Project III - Security and Privacy in Wireless Body Area Networks

Wireless body area network (BAN) is a promising technology for real-time monitoring of physiological signals to support medical applications. In order to ensure the trustworthy and reliable gathering of patient's critical health information, it is essential to provide node authentication service in a BAN, which prevents an attacker from impersonation and false data/command injection. Although quite fundamental, the authentication in BAN still remains a challenging issue. On one hand, traditional authentication solutions depend on prior trust among nodes whose establishment would require either key pre-distribution or non-intuitive participation by inexperienced users, while they are vulnerable to key compromise. On the other hand, most existing non-cryptographic authentication schemes require advanced hardware capabilities or significant modifications to the system software, which are impractical for BANs.

In this project we proposed a lightweight body area network authentication scheme (BANA)[2] that does not depend on prior-trust among the nodes and can be efficiently realized on commercial off-the-shelf low-end sensor devices. This is achieved by exploiting physical layer characteristics unique to a BAN, namely, the distinct received signal strength (RSS) variation behaviors between an on-body communication channel and an off-body channel. Our main finding is that the latter is more unpredictable over time, especially under various body motion scenarios. This unique channel characteristic naturally arises from the multi-path environment surrounding a BAN, and cannot be easily forged by attackers. We then adopt clustering analysis to differentiate the signals from an attacker and a legitimate node.


Related Publications
  1. Jiawei Yuan and Shucheng Yu, "Privacy Preserving Back-Propagation Neural Network Learning Made Practical with Cloud Computing", Accepted, IEEE Transactions on Parallel and DistributedSystems (TPDS).
  2. Lu Shi, Ming Li, Shucheng Yu, and Jiawei Yuan, "BANA: Body Area Network Authentication Exploiting Channel Characteristics", ACM WiSec 2012, Tucson, Arizona, April 16-18, 2012.
  3. Ming Li, Shucheng Yu, Ning Cao, and Wenjing Lou, "Authorized Private Keyword Search over Encrypted Personal Health Records in Cloud Computing", IEEE ICDCS 2011, Minnesapolis, MN, June 20-24 2011.
  4. Ming Li, Shucheng Yu, Kui Ren, and Wenjing Lou, "Securing Personaly Health Records in Cloud Computing: Patient-centric and Fine-grained Data Access Control in Multi-owner Settings", The 6th International Conference on Security and Privacy in Communication Networks (SecureComm 2010), Singapore, September 7-10, 2010.
  5. Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou, "Attribute Based Data Sharing with Attribute Revocation", ACM ASIACCS 2010, Beijing, China, April 13-16, 2010.
  6. Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou, "Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing", IEEE INFOCOM 2010, San Diego, CA, March 15-19, 2010.
  7. Shucheng Yu, Kui Ren, Wenjing Lou, and Jin Li, "Defending Against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems", The 5th International Conference on Security and Privacy in Communication Networks (SecureComm 2009), Athens, Greece, September 14-18, 2009.
  8. Shucheng Yu, Kui Ren, and Wenjing Lou, "Attribute-Based Content Distribution with Hidden Policy", The 4th Workshop on Secure Network Protocols (NPSec 2008), Orlando, FL, USA, October 19, 2008, in conjunction with ICNP 2008.