Wenjing Lou

Virginia Polytechnic Institute and State University, Блэксбург, Virginia, United States

Are you Wenjing Lou?

Claim your profile

Publications (159)159.44 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: The dominate spectrum sharing paradigm of today is interference avoidance, where a secondary network can use the spectrum only when such a use is not interfering with the primary network. However, with the advances of physical-layer technologies, the mindset of this paradigm is being challenged. This paper explores a new paradigm called “transparent coexistence” for spectrum sharing between primary and secondary nodes in a multihop network environment. Under this paradigm, the secondary network is allowed to use the same spectrum simultaneously with the primary network as long as their activities are “transparent” (or “invisible”) to the primary network. Such transparency is accomplished through a systematic interference cancelation (IC) by the secondary nodes without any impact on the primary network. Although such a paradigm has been studied in the information theory (IT) and communications (COMM) communities, it is not well understood in the wireless networking community, particularly for multihop networks. This paper offers an in-depth study of this paradigm in a multihop network environment and addresses issues such as scheduling (both in frequency channels and time slots) and IC (to/from primary network and within the secondary network). Through a rigorous modeling and formulation, problem formulation, solution development, and simulation results, we show that transparent coexistence paradigm offers significant improvement in terms of spectrum access and throughput performance as compared to the current prevailing interference avoidance paradigm.
    IEEE Journal on Selected Areas in Communications 05/2015; 33(5):958-971. DOI:10.1109/JSAC.2014.2361090 · 4.14 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself. We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.
    IEEE Transactions on Parallel and Distributed Systems 05/2015; 26(5):1206-1216. DOI:10.1109/TPDS.2014.2318320 · 2.17 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud computing has become the real trend of enterprise IT service model that offers cost-effective and scalable processing. Meanwhile, Software-Defined Networking (SDN) is gaining popularity in enterprise networks for flexibility in network management service and reduced operational cost. There seems a trend for the two technologies to go hand-in-hand in providing an enterprise’s IT services. However, the new challenges brought by the marriage of cloud computing and SDN, particularly the implications on enterprise network security, have not been well understood. This paper sets to address this important problem.
    Computer Networks 03/2015; 81. DOI:10.1016/j.comnet.2015.02.026 · 1.28 Impact Factor
  • Li Yang, Jianfeng Ma, Wenjing Lou, Qi Jiang
    [Show abstract] [Hide abstract]
    ABSTRACT: Direct Anonymous Attestation (DAA) is a complex cryptographic protocol for remote attestation and provides both signer authentication and privacy. It was adopted by the Trusted Computing Group (TCG) as a technical standard. However, the DAA scheme in TCG specifications is designed for the single trusted domain attestation, and cannot be deployed in different trusted domain directly. It limits its application range in mobile networks, cloud computing, Internet of Things networks when users and authentication servers belong to different domains. Based on delegation of the trusted relationship, a new cross trusted domain direct anonymous attestation scheme is proposed in this paper. The proxy signature is used for trusted relationship delegation among different domains, and the DAA method is used for the computation platform authentication when a trusted platform accessing different trusted domains. Then the authentication protocol is designed and analyzed under Canetti–Krawczyk (CK) model for the platform remote attestation. The further analysis shows that our proposal can resist platform masquerade attacks and replay attacks, and the authentication protocol is provably secure. The security of the DAA remote attestation system is enhanced by the session key agreement. Finally, a prototype implementation and some experiments are given, the results show that the proposed scheme is effective and suitable for cross domain applications.
    Computer Networks 02/2015; 81. DOI:10.1016/j.comnet.2015.02.023 · 1.28 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Identity-Based Encryption (IBE) which simplifies the public key and certificate management at Public Key Infrastructure (PKI) is an important alternative to public key encryption. However, one of the main efficiency drawbacks of IBE is the overhead computation at Private Key Generator (PKG) during user revocation. Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate. In this paper, aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting. Our scheme offloads most of the key generation related operations during key-issuing and key-update processes to a Key Update Cloud Service Provider, leaving only a constant number of simple operations for PKG and users to perform locally. This goal is achieved by utilizing a novel collusion-resistant technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound the identity component and the time component. Furthermore, we propose another construction which is provable secure under the recently formulized Refereed Delegation of Computation model. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.
    IEEE Transactions on Computers 02/2015; 64(2):425-437. DOI:10.1109/TC.2013.208 · 1.47 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this letter, we describe highly effective known-plaintext attacks against physical layer security schemes. We substantially reduce the amount of required known-plaintext symbols and lower the symbol error rate (SER) for the attacker. In particular, we analyze the security of orthogonal blinding schemes that disturb an eavesdropper's signal reception using artificial noise transmission. We improve the attack efficacy using fast converging optimization algorithms and combining the measurements of neighboring subchannels in a multicarrier system. We implement the enhanced attack algorithms by solving unregularized and regularized least squares problems. By means of simulation, we show that the performance of the new attack algorithms supersedes the normalized least mean square approach discussed in the work of Schulz et al., e.g., by lowering the eavesdropper's SER by 82% while using 95% less known plaintext.
    IEEE Wireless Communication Letters 02/2015; 4(1):34-37. DOI:10.1109/LWC.2014.2363176
  • IEEE Transactions on Mobile Computing 01/2015; DOI:10.1109/TMC.2015.2410772 · 2.91 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the rapid development in availability of cloud services, the techniques for securely outsourcing the prohibitively expensive computations to untrusted servers are getting more and more attentions in the scientific community. In this paper, we investigate secure outsourcing for large-scale systems of linear equations, which are the most popular problems in various engineering disciplines. For the first time, we utilize the sparse matrix to propose a new secure outsourcing algorithm of large-scale linear equations in the fully malicious model. Compared with the state-of-the-art algorithm, the proposed algorithm only requires (optimal) one round communication (while the algorithm requires $L$ rounds of interactions between the client and cloud server, where $L$ denotes the number of iteration in iterative methods). Furthermore, the client in our algorithm can detect the misbehavior of cloud server with the (optimal) probability 1. Therefore, our proposed algorithm is superior in both efficiency and checkability. We also provide the experimental evaluation that demonstrates the efficiency and effectiveness of our algorithm.
    IEEE Transactions on Information Forensics and Security 01/2015; 10(1):69-78. DOI:10.1109/TIFS.2014.2363765 · 2.07 Impact Factor
  • IEEE Journal on Selected Areas in Communications 01/2015; DOI:10.1109/JSAC.2015.2391631 · 4.14 Impact Factor
  • IEEE Transactions on Mobile Computing 01/2015; DOI:10.1109/TMC.2015.2413788 · 2.91 Impact Factor
  • Liang Liu, Xiaofeng Chen, Wenjing Lou
    [Show abstract] [Hide abstract]
    ABSTRACT: We address a concrete secure multi-party computational (MPC) problem related to a triangle, of which the coordinates of the three vertexes are confidentially kept by the three participants, respectively. The three parties wish to collaboratively compute the area of this triangle while preserving their own coordinate privacy. As one of the merits, our protocol employs weaker assumptions of the existence of pseudorandom generators. Especially, unlike massive secure MPC protocols that mainly rely on the primitive of oblivious transfer (OT), ours utilizes a new computing idea named round summation to avoid this burdensome obstacle. Finally, we provide a proof of the protocol by a series of security reductions of our newly-defined games, which seems somewhat stronger than the previous simulation-based proofs.
    International Journal of Information Security 01/2015; DOI:10.1007/978-3-319-08344-5_6 · 0.94 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: The rapid advances of MIMO to date have mainly stayed at the physical layer or single-hop communications. Such advantages have not been fully realized at the network level, particularly for multi-hop networks. This is mainly due to the lack of a tractable and accurate model that can characterize MIMO's powerful capabilities such as spatial multiplexing (SM) and interference cancellation (IC). Recently a new DoF-based model was proposed to capture MIMO's SM and IC capabilities in multi-hop networks. This model is based on a novel node-ordering concept and only requires simple numeric computation on DoFs. In this article we review previous models for MIMO and then describe this new DoF model. This new DoF model has the potential to enable significant advances in MIMO research in the networking community.
    IEEE Network 10/2014; 28(5):81-85. DOI:10.1109/MNET.2014.6915444 · 3.72 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Passive monitoring by distributed wireless sniffers has been used to strategically capture the network traffic, as the basis of automatic network diagnosis. However, the traditional monitoring techniques fall short in cognitive radio networks (CRNs) due to the much larger number of channels to be monitored and the secondary users' channel availability uncertainty imposed by primary user activities. To better serve CRNs, we propose a systematic passive monitoring framework, i.e., SpecMonitor, for traffic collection using a limited number of sniffers in Wi-Fi-like CRNs. We jointly consider primary user activity and secondary user channel access pattern to optimize the traffic capturing strategy. In particular, we exploit a nonparametric density estimation method to learn and predict secondary users' access pattern in an online fashion, which rapidly adapts to the users' dynamic behaviors and supports accurate estimation of merged access patterns from multiple users. We also design near-optimal monitoring algorithms that maximize two levels of quality-of-monitoring goals based on the predicted channel access patterns. The simulations and experiments show that SpecMonitor outperforms the existing schemes significantly.
    IEEE Transactions on Wireless Communications 10/2014; 13(10):5893-5905. DOI:10.1109/TWC.2014.2339218 · 2.76 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the rapid development in availability of cloud services, the techniques for securely outsourcing the prohibitively expensive computations to untrusted servers are getting more and more attentions in the scientific community. Exponentiations modulo a large prime have been considered the most expensive operation in discrete-logarithm based cryptographic protocols, and the computationally limited devices such as RFID tags or smartcard may be incapable to accomplish these operations. Therefore, it is meaningful to present an efficient method to securely outsource most of this work-load to (untrusted) cloud servers. In this paper, we propose a new secure outsourcing algorithm for (variable-exponent, variable-base) exponentiation modular a prime in the two untrusted program model. Compared with the state-of-the-art algorithm cite{HL05}, the proposed algorithm is superior in both efficiency and checkability. We then utilize this algorithm as a subroutine to achieve outsource-secure Cramer-Shoup encryptions and Schnorr signatures. Besides, we propose the first outsource-secure and efficient algorithm for simultaneous modular exponentiations. Moreover, we formally prove that both the algorithms can achieve the desired security notions. We also provide the experimental evaluation that demonstrates the efficiency and effectiveness of the proposed outsourcing algorithms and schemes.
    IEEE Transactions on Parallel and Distributed Systems 09/2014; 25(9). DOI:10.1109/TPDS.2013.180 · 2.17 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Conditional e-payments (or e-cash) allow the user to anonymously cash a bank-issued e-coin at a future time if and only if a certain agreed-upon public condition is satisfied, which are useful in plenty of applications such as prediction markets, anonymous online betting, and securities trading. In this paper, we propose a new and efficient conditional e-payment system based on Chen et al.’s restrictive partially blind signature scheme. Compared to the existing conditional e-payment schemes , and , our construction requires neither the inefficient cut-and-choose techniques nor the complicated knowledge proof protocols and thus has lower computation and communication complexity. Another significant contribution of this paper is a conditional e-payment system with transferability which allows the coin to be further transferred anonymously by a chain of payees.
    Future Generation Computer Systems 07/2014; 37:252–258. DOI:10.1016/j.future.2013.07.015 · 2.64 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure deduplication in cloud storage. Although convergent encryption has been extensively adopted for secure deduplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure deduplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose Dekey , a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement Dekey using the Ramp secret sharing scheme and demonstrate that Dekey incurs limited overhead in realistic environments.
    IEEE Transactions on Parallel and Distributed Systems 06/2014; 25(6):1615-1625. DOI:10.1109/TPDS.2013.284 · 2.17 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Linear programming (LP) has been well studied in the scientific community for various engineering applications such as network flow problems, packet routing, portfolio optimization, and financial data management, etc. In this paper, we first utilize the sparse matrix to investigate secure outsourcing for large-scale LP systems, which is considered as a prohibitively expensive computation for the clients with resource-constraint devices. Besides, we propose a secure and practical scheme which is suitable for any LP problem (feasible, infeasible or unbounded) even in the fully malicious model. Compared with the state-of-the-art algorithm [30], our proposed algorithm only requires O(n2) computational overhead instead of O(nρ) for 2 <; ρ ≤ 3. Furthermore, the client C can detect the misbehavior of cloud server S with the (optimal) probability 1 under the computational complexity of O(n).
    2014 IEEE 28th International Conference on Advanced Information Networking and Applications (AINA); 05/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Reactive jamming is considered the most powerful jamming attack as the attack efficiency is maximized while the risk of being detected is minimized. Currently, there are no effective anti-jamming solutions to secure OFDM wireless communications under reactive jamming attack. On the other hand, MIMO has emerged as a technology of great research interest in recent years mostly due to its capacity gain. In this paper, we explore the use of MIMO technology for jamming resilient OFDM communication, especially its capability to communicate against the powerful reactive jammer. We first investigate the jamming strategies and their impacts on the OFDM-MIMO receivers. We then present a MIMO-based anti-jamming scheme that exploits interference cancellation and transmit precoding capabilities of MIMO technology to turn a jammed non-connectivity scenario into an operational network. Our testbed evaluation shows the destructive power of reactive jamming attack, and also validates the efficacy and efficiency of our defense mechanisms.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper explores a new paradigm for the coexistence among heterogeneous multi-hop networks in unplanned deployment settings, called cooperative interference mitigation (CIM). CIM exploits recent advancements in physical layer technologies such as technology-independent multiple output (TIMO), making it possible for disparate networks to cooperatively mitigate the interference to each other to enhance everyone's performance, even if they possess different wireless technologies. This paper offers a thorough study of the CIM paradigm for unplanned multi-hop networks. We first show the feasibility of CIM among heterogeneous multi-hop networks by exploiting only channel ratio information, and then establish a tractable model to accurately characterize the CIM behaviors of both networks. We also develop a bi-criteria optimization formulation to maximize both networks' throughput, and propose a new methodology to compute the Pareto-optimal throughput curve as performance bound. Simulation results show that CIM provides significant performance gains to both networks compared with the traditional interference-avoidance paradigm.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014

Publication Stats

4k Citations
159.44 Total Impact Points

Institutions

  • 2009–2015
    • Virginia Polytechnic Institute and State University
      • Department of Computer Science
      Блэксбург, Virginia, United States
  • 2007–2012
    • Illinois Institute of Technology
      • Department of Electrical & Computer Engineering
      Chicago, Illinois, United States
  • 2004–2011
    • Worcester Polytechnic Institute
      • Department of Electrical and Computer Engineering
      Worcester, Massachusetts, United States
  • 2006
    • New Jersey Institute of Technology
      • Department of Electrical and Computer Engineering
      Newark, NJ, United States
  • 2001–2006
    • University of Florida
      • Department of Electrical and Computer Engineering
      Gainesville, FL, United States