Wenjing Lou

Virginia Polytechnic Institute and State University, Блэксбург, Virginia, United States

Are you Wenjing Lou?

Claim your profile

Publications (154)142.67 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud computing has become the real trend of enterprise IT service model that offers cost-effective and scalable processing. Meanwhile, Software-Defined Networking (SDN) is gaining popularity in enterprise networks for flexibility in network management service and reduced operational cost. There seems a trend for the two technologies to go hand-in-hand in providing an enterprise’s IT services. However, the new challenges brought by the marriage of cloud computing and SDN, particularly the implications on enterprise network security, have not been well understood. This paper sets to address this important problem.
    Computer Networks 03/2015; DOI:10.1016/j.comnet.2015.02.026 · 1.28 Impact Factor
  • Li Yang, Jianfeng Ma, Wenjing Lou, Qi Jiang
    [Show abstract] [Hide abstract]
    ABSTRACT: Direct Anonymous Attestation (DAA) is a complex cryptographic protocol for remote attestation and provides both signer authentication and privacy. It was adopted by the Trusted Computing Group (TCG) as a technical standard. However, the DAA scheme in TCG specifications is designed for the single trusted domain attestation, and cannot be deployed in different trusted domain directly. It limits its application range in mobile networks, cloud computing, Internet of Things networks when users and authentication servers belong to different domains. Based on delegation of the trusted relationship, a new cross trusted domain direct anonymous attestation scheme is proposed in this paper. The proxy signature is used for trusted relationship delegation among different domains, and the DAA method is used for the computation platform authentication when a trusted platform accessing different trusted domains. Then the authentication protocol is designed and analyzed under Canetti–Krawczyk (CK) model for the platform remote attestation. The further analysis shows that our proposal can resist platform masquerade attacks and replay attacks, and the authentication protocol is provably secure. The security of the DAA remote attestation system is enhanced by the session key agreement. Finally, a prototype implementation and some experiments are given, the results show that the proposed scheme is effective and suitable for cross domain applications.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Identity-Based Encryption (IBE) which simplifies the public key and certificate management at Public Key Infrastructure (PKI) is an important alternative to public key encryption. However, one of the main efficiency drawbacks of IBE is the overhead computation at Private Key Generator (PKG) during user revocation. Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate. In this paper, aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting. Our scheme offloads most of the key generation related operations during key-issuing and key-update processes to a Key Update Cloud Service Provider, leaving only a constant number of simple operations for PKG and users to perform locally. This goal is achieved by utilizing a novel collusion-resistant technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound the identity component and the time component. Furthermore, we propose another construction which is provable secure under the recently formulized Refereed Delegation of Computation model. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.
    IEEE Transactions on Computers 02/2015; 64(2):425-437. DOI:10.1109/TC.2013.208 · 1.47 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the rapid development in availability of cloud services, the techniques for securely outsourcing the prohibitively expensive computations to untrusted servers are getting more and more attentions in the scientific community. In this paper, we investigate secure outsourcing for large-scale systems of linear equations, which are the most popular problems in various engineering disciplines. For the first time, we utilize the sparse matrix to propose a new secure outsourcing algorithm of large-scale linear equations in the fully malicious model. Compared with the state-of-the-art algorithm, the proposed algorithm only requires (optimal) one round communication (while the algorithm requires $L$ rounds of interactions between the client and cloud server, where $L$ denotes the number of iteration in iterative methods). Furthermore, the client in our algorithm can detect the misbehavior of cloud server with the (optimal) probability 1. Therefore, our proposed algorithm is superior in both efficiency and checkability. We also provide the experimental evaluation that demonstrates the efficiency and effectiveness of our algorithm.
    IEEE Transactions on Information Forensics and Security 01/2015; 10(1):69-78. DOI:10.1109/TIFS.2014.2363765 · 2.07 Impact Factor
  • IEEE Journal on Selected Areas in Communications 01/2015; DOI:10.1109/JSAC.2015.2391631 · 4.14 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this letter, we describe highly effective known-plaintext attacks against physical layer security schemes. We substantially reduce the amount of required known-plaintext symbols and lower the symbol error rate (SER) for the attacker. In particular, we analyze the security of orthogonal blinding schemes that disturb an eavesdropper's signal reception using artificial noise transmission. We improve the attack efficacy using fast converging optimization algorithms and combining the measurements of neighboring subchannels in a multicarrier system. We implement the enhanced attack algorithms by solving unregularized and regularized least squares problems. By means of simulation, we show that the performance of the new attack algorithms supersedes the normalized least mean square approach discussed in the work of Schulz et al., e.g., by lowering the eavesdropper's SER by 82% while using 95% less known plaintext.
    01/2015; 4(1):34-37. DOI:10.1109/LWC.2014.2363176
  • [Show abstract] [Hide abstract]
    ABSTRACT: Passive monitoring by distributed wireless sniffers has been used to strategically capture the network traffic, as the basis of automatic network diagnosis. However, the traditional monitoring techniques fall short in cognitive radio networks (CRNs) due to the much larger number of channels to be monitored and the secondary users' channel availability uncertainty imposed by primary user activities. To better serve CRNs, we propose a systematic passive monitoring framework, i.e., SpecMonitor, for traffic collection using a limited number of sniffers in Wi-Fi-like CRNs. We jointly consider primary user activity and secondary user channel access pattern to optimize the traffic capturing strategy. In particular, we exploit a nonparametric density estimation method to learn and predict secondary users' access pattern in an online fashion, which rapidly adapts to the users' dynamic behaviors and supports accurate estimation of merged access patterns from multiple users. We also design near-optimal monitoring algorithms that maximize two levels of quality-of-monitoring goals based on the predicted channel access patterns. The simulations and experiments show that SpecMonitor outperforms the existing schemes significantly.
    IEEE Transactions on Wireless Communications 10/2014; 13(10):5893-5905. DOI:10.1109/TWC.2014.2339218 · 2.76 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: The rapid advances of MIMO to date have mainly stayed at the physical layer or single-hop communications. Such advantages have not been fully realized at the network level, particularly for multi-hop networks. This is mainly due to the lack of a tractable and accurate model that can characterize MIMO's powerful capabilities such as spatial multiplexing (SM) and interference cancellation (IC). Recently a new DoF-based model was proposed to capture MIMO's SM and IC capabilities in multi-hop networks. This model is based on a novel node-ordering concept and only requires simple numeric computation on DoFs. In this article we review previous models for MIMO and then describe this new DoF model. This new DoF model has the potential to enable significant advances in MIMO research in the networking community.
    IEEE Network 10/2014; 28(5):81-85. DOI:10.1109/MNET.2014.6915444 · 3.72 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the rapid development in availability of cloud services, the techniques for securely outsourcing the prohibitively expensive computations to untrusted servers are getting more and more attentions in the scientific community. Exponentiations modulo a large prime have been considered the most expensive operation in discrete-logarithm based cryptographic protocols, and the computationally limited devices such as RFID tags or smartcard may be incapable to accomplish these operations. Therefore, it is meaningful to present an efficient method to securely outsource most of this work-load to (untrusted) cloud servers. In this paper, we propose a new secure outsourcing algorithm for (variable-exponent, variable-base) exponentiation modular a prime in the two untrusted program model. Compared with the state-of-the-art algorithm cite{HL05}, the proposed algorithm is superior in both efficiency and checkability. We then utilize this algorithm as a subroutine to achieve outsource-secure Cramer-Shoup encryptions and Schnorr signatures. Besides, we propose the first outsource-secure and efficient algorithm for simultaneous modular exponentiations. Moreover, we formally prove that both the algorithms can achieve the desired security notions. We also provide the experimental evaluation that demonstrates the efficiency and effectiveness of the proposed outsourcing algorithms and schemes.
    IEEE Transactions on Parallel and Distributed Systems 09/2014; 25(9). DOI:10.1109/TPDS.2013.180 · 2.17 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Conditional e-payments (or e-cash) allow the user to anonymously cash a bank-issued e-coin at a future time if and only if a certain agreed-upon public condition is satisfied, which are useful in plenty of applications such as prediction markets, anonymous online betting, and securities trading. In this paper, we propose a new and efficient conditional e-payment system based on Chen et al.’s restrictive partially blind signature scheme. Compared to the existing conditional e-payment schemes , and , our construction requires neither the inefficient cut-and-choose techniques nor the complicated knowledge proof protocols and thus has lower computation and communication complexity. Another significant contribution of this paper is a conditional e-payment system with transferability which allows the coin to be further transferred anonymously by a chain of payees.
    Future Generation Computer Systems 07/2014; 37:252–258. DOI:10.1016/j.future.2013.07.015 · 2.64 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure deduplication in cloud storage. Although convergent encryption has been extensively adopted for secure deduplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure deduplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose Dekey , a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement Dekey using the Ramp secret sharing scheme and demonstrate that Dekey incurs limited overhead in realistic environments.
    IEEE Transactions on Parallel and Distributed Systems 06/2014; 25(6):1615-1625. DOI:10.1109/TPDS.2013.284 · 2.17 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Linear programming (LP) has been well studied in the scientific community for various engineering applications such as network flow problems, packet routing, portfolio optimization, and financial data management, etc. In this paper, we first utilize the sparse matrix to investigate secure outsourcing for large-scale LP systems, which is considered as a prohibitively expensive computation for the clients with resource-constraint devices. Besides, we propose a secure and practical scheme which is suitable for any LP problem (feasible, infeasible or unbounded) even in the fully malicious model. Compared with the state-of-the-art algorithm [30], our proposed algorithm only requires O(n2) computational overhead instead of O(nρ) for 2 <; ρ ≤ 3. Furthermore, the client C can detect the misbehavior of cloud server S with the (optimal) probability 1 under the computational complexity of O(n).
    2014 IEEE 28th International Conference on Advanced Information Networking and Applications (AINA); 05/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Reactive jamming is considered the most powerful jamming attack as the attack efficiency is maximized while the risk of being detected is minimized. Currently, there are no effective anti-jamming solutions to secure OFDM wireless communications under reactive jamming attack. On the other hand, MIMO has emerged as a technology of great research interest in recent years mostly due to its capacity gain. In this paper, we explore the use of MIMO technology for jamming resilient OFDM communication, especially its capability to communicate against the powerful reactive jammer. We first investigate the jamming strategies and their impacts on the OFDM-MIMO receivers. We then present a MIMO-based anti-jamming scheme that exploits interference cancellation and transmit precoding capabilities of MIMO technology to turn a jammed non-connectivity scenario into an operational network. Our testbed evaluation shows the destructive power of reactive jamming attack, and also validates the efficacy and efficiency of our defense mechanisms.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper explores a new paradigm for the coexistence among heterogeneous multi-hop networks in unplanned deployment settings, called cooperative interference mitigation (CIM). CIM exploits recent advancements in physical layer technologies such as technology-independent multiple output (TIMO), making it possible for disparate networks to cooperatively mitigate the interference to each other to enhance everyone's performance, even if they possess different wireless technologies. This paper offers a thorough study of the CIM paradigm for unplanned multi-hop networks. We first show the feasibility of CIM among heterogeneous multi-hop networks by exploiting only channel ratio information, and then establish a tractable model to accurately characterize the CIM behaviors of both networks. We also develop a bi-criteria optimization formulation to maximize both networks' throughput, and propose a new methodology to compute the Pareto-optimal throughput curve as performance bound. Simulation results show that CIM provides significant performance gains to both networks compared with the traditional interference-avoidance paradigm.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Enabling keyword search directly over encrypted data is a desirable technique for effective utilization of encrypted data outsourced to the cloud. Existing solutions provide multi-keyword exact search that does not tolerate keyword spelling error, or single keyword fuzzy search that tolerates typos to certain extent. The current fuzzy search schemes rely on building an expanded index that covers possible keyword misspelling, which lead to significantly larger index file size and higher search complexity. In this paper, we propose a novel multi-keyword fuzzy search scheme by exploiting the locality-sensitive hashing technique. Our proposed scheme achieves fuzzy matching through algorithmic design rather than expanding the index file. It also eliminates the need of a predefined dictionary and effectively supports multiple keyword fuzzy search without increasing the index or search complexity. Extensive analysis and experiments on real-world data show that our proposed scheme is secure, efficient and accurate. To the best of our knowledge, this is the first work that achieves multi-keyword fuzzy search over encrypted cloud data.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a privacy-preserving proximity-based security system for location-based services in wireless networks, without requiring any pre-shared secret, trusted authority, or public key infrastructure. In this system, the proximity-based authentication and session key establishment are implemented based on spatial temporal location tags. Incorporating the unique physical features of the signals sent from multiple ambient radio sources, the location tags cannot be easily forged by attackers. More specifically, each radio client builds a public location tag according to the received signal strength indicators, sequence numbers, and media access control (MAC) addresses of the ambient packets. Each client also keeps a secret location tag that consists of the packet arrival time information to generate the session keys. As clients never disclose their secret location tags, this system is robust against eavesdroppers and spoofers outside the proximity range. The system improves the authentication accuracy by introducing a nonparametric Bayesian method called infinite Gaussian mixture model in the proximity test and provides flexible proximity range control by taking into account multiple physical-layer features of various ambient radio sources. Moreover, the session key establishment strategy significantly increases the key generation rate by exploiting the packet arrival time of the ambient signals. The authentication accuracy and key generation rate are evaluated via experiments using laptops in typical indoor environments.
    IEEE Transactions on Information Forensics and Security 12/2013; 8(12):2089-2100. DOI:10.1109/TIFS.2013.2286269 · 2.07 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Wireless power transfer is a promising technology to fundamentally address energy problems in a wireless sensor network. To make such a technology work effectively, a vehicle is needed to carry a charger to travel inside the network. On the other hand, it has been well recognized that a mobile base station offers significant advantages over a fixed one. In this paper, we investigate an interesting problem of co-locating the mobile base station on the wireless charging vehicle. We study an optimization problem that jointly optimizes traveling path, stopping points, charging schedule, and flow routing. Our study is carried out in two steps. First, we study an idealized problem that assumes zero traveling time, and develop a provably near-optimal solution to this idealized problem. In the second step, we show how to develop a practical solution with non-zero traveling time and quantify the performance gap between this solution and the unknown optimal solution to the original problem.
    Proceedings of the fourteenth ACM international symposium on Mobile ad hoc networking and computing; 07/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud computing is envisioned as the next generation architecture of IT enterprises, providing convenient remote access to massively scalable data storage and application services. While this outsourced storage and computing paradigm can potentially bring great economical savings for data owners and users, its benefits may not be fully realized due to wide concerns of data owners that their private data may be involuntarily exposed or handled by cloud providers. Although end-to-end encryption techniques have been proposed as promising solutions for secure cloud data storage, a primary challenge toward building a full-fledged cloud data service remains: how to effectively support flexible data utilization services such as search over the data in a privacy-preserving manner. In this article, we identify the system requirements and challenges toward achieving privacy-assured searchable outsourced cloud data services, especially, how to design usable and practically efficient search schemes for encrypted cloud storage. We present a general methodology for this using searchable encryption techniques, which allows encrypted data to be searched by users without leaking information about the data itself and users¿ queries. In particular, we discuss three desirable functionalities of usable search operations: supporting result ranking, similarity search, and search over structured data. For each of them, we describe approaches to design efficient privacy-assured searchable encryption schemes, which are based on several recent symmetric-key encryption primitives. We analyze their advantages and limitations, and outline the future challenges that need to be solved to make such secure searchable cloud data service a reality.
    IEEE Network 07/2013; 27(4):56-62. DOI:10.1109/MNET.2013.6574666 · 3.72 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the increasing popularity of cloud computing, huge amount of documents are outsourced to the cloud for reduced management cost and ease of access. Although encryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions over encrypted data a challenging problem. In this paper, we present a privacy-preserving multi-keyword text search (MTS) scheme with similarity-based ranking to address this problem. To support multi-keyword search and search result ranking, we propose to build the search index based on term frequency and the vector space model with cosine similarity measure to achieve higher search result accuracy. To improve the search efficiency, we propose a tree-based index structure and various adaption methods for multi-dimensional (MD) algorithm so that the practical search efficiency is much better than that of linear search. To further enhance the search privacy, we propose two secure index schemes to meet the stringent privacy requirements under strong threat models, i.e., known ciphertext model and known background model. Finally, we demonstrate the effectiveness and efficiency of the proposed schemes through extensive experimental evaluation.
    Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security; 05/2013

Publication Stats

4k Citations
142.67 Total Impact Points


  • 2009–2015
    • Virginia Polytechnic Institute and State University
      • • Department of Computer Science
      • • Department of Electrical and Computer Engineering
      Блэксбург, Virginia, United States
  • 2007–2012
    • Illinois Institute of Technology
      • Department of Electrical & Computer Engineering
      Chicago, Illinois, United States
  • 2004–2011
    • Worcester Polytechnic Institute
      • Department of Electrical and Computer Engineering
      Worcester, Massachusetts, United States
  • 2006
    • New Jersey Institute of Technology
      • Department of Electrical and Computer Engineering
      Newark, NJ, United States
  • 2001–2006
    • University of Florida
      • Department of Electrical and Computer Engineering
      Gainesville, FL, United States