Wenjing Lou

Virginia Polytechnic Institute and State University, Blacksburg, Virginia, United States

Are you Wenjing Lou?

Claim your profile

Publications (142)92.7 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: Conditional e-payments (or e-cash) allow the user to anonymously cash a bank-issued e-coin at a future time if and only if a certain agreed-upon public condition is satisfied, which are useful in plenty of applications such as prediction markets, anonymous online betting, and securities trading. In this paper, we propose a new and efficient conditional e-payment system based on Chen et al.’s restrictive partially blind signature scheme. Compared to the existing conditional e-payment schemes , and , our construction requires neither the inefficient cut-and-choose techniques nor the complicated knowledge proof protocols and thus has lower computation and communication complexity. Another significant contribution of this paper is a conditional e-payment system with transferability which allows the coin to be further transferred anonymously by a chain of payees.
    Future Generation Computer Systems 07/2014; 37:252–258. · 2.64 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Enabling keyword search directly over encrypted data is a desirable technique for effective utilization of encrypted data outsourced to the cloud. Existing solutions provide multi-keyword exact search that does not tolerate keyword spelling error, or single keyword fuzzy search that tolerates typos to certain extent. The current fuzzy search schemes rely on building an expanded index that covers possible keyword misspelling, which lead to significantly larger index file size and higher search complexity. In this paper, we propose a novel multi-keyword fuzzy search scheme by exploiting the locality-sensitive hashing technique. Our proposed scheme achieves fuzzy matching through algorithmic design rather than expanding the index file. It also eliminates the need of a predefined dictionary and effectively supports multiple keyword fuzzy search without increasing the index or search complexity. Extensive analysis and experiments on real-world data show that our proposed scheme is secure, efficient and accurate. To the best of our knowledge, this is the first work that achieves multi-keyword fuzzy search over encrypted cloud data.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Reactive jamming is considered the most powerful jamming attack as the attack efficiency is maximized while the risk of being detected is minimized. Currently, there are no effective anti-jamming solutions to secure OFDM wireless communications under reactive jamming attack. On the other hand, MIMO has emerged as a technology of great research interest in recent years mostly due to its capacity gain. In this paper, we explore the use of MIMO technology for jamming resilient OFDM communication, especially its capability to communicate against the powerful reactive jammer. We first investigate the jamming strategies and their impacts on the OFDM-MIMO receivers. We then present a MIMO-based anti-jamming scheme that exploits interference cancellation and transmit precoding capabilities of MIMO technology to turn a jammed non-connectivity scenario into an operational network. Our testbed evaluation shows the destructive power of reactive jamming attack, and also validates the efficacy and efficiency of our defense mechanisms.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
    IEEE INFOCOM 2014 - IEEE Conference on Computer Communications; 04/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Wireless power transfer is a promising technology to fundamentally address energy problems in a wireless sensor network. To make such a technology work effectively, a vehicle is needed to carry a charger to travel inside the network. On the other hand, it has been well recognized that a mobile base station offers significant advantages over a fixed one. In this paper, we investigate an interesting problem of co-locating the mobile base station on the wireless charging vehicle. We study an optimization problem that jointly optimizes traveling path, stopping points, charging schedule, and flow routing. Our study is carried out in two steps. First, we study an idealized problem that assumes zero traveling time, and develop a provably near-optimal solution to this idealized problem. In the second step, we show how to develop a practical solution with non-zero traveling time and quantify the performance gap between this solution and the unknown optimal solution to the original problem.
    Proceedings of the fourteenth ACM international symposium on Mobile ad hoc networking and computing; 07/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the increasing popularity of cloud computing, huge amount of documents are outsourced to the cloud for reduced management cost and ease of access. Although encryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions over encrypted data a challenging problem. In this paper, we present a privacy-preserving multi-keyword text search (MTS) scheme with similarity-based ranking to address this problem. To support multi-keyword search and search result ranking, we propose to build the search index based on term frequency and the vector space model with cosine similarity measure to achieve higher search result accuracy. To improve the search efficiency, we propose a tree-based index structure and various adaption methods for multi-dimensional (MD) algorithm so that the practical search efficiency is much better than that of linear search. To further enhance the search privacy, we propose two secure index schemes to meet the stringent privacy requirements under strong threat models, i.e., known ciphertext model and known background model. Finally, we demonstrate the effectiveness and efficiency of the proposed schemes through extensive experimental evaluation.
    Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security; 05/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The body area network (BAN) is a key enabling technology in e-healthcare. An important security issue is to establish initial trust relationships among the BAN devices before they are actually deployed and generate necessary shared secret keys to protect the subsequent wireless communications. Due to the ad hoc nature of the BAN and the extreme resource constraints of sensor devices, providing secure as well as efficient and user-friendly trust initialization is a challenging task. Traditional solutions for wireless sensor networks mostly depend on key predistribution, which is unsuitable for a BAN in many ways. In this article, we propose group device pairing (GDP), a user-aided multi-party authenticated key agreement protocol. Through GDP, a group of sensor devices that have no pre-shared secrets establish initial trust by generating various shared secret keys out of an unauthenticated channel. Devices authenticate themselves to each other with the aid of a human user who performs visual verifications. The GDP supports fast batch deployment, addition and revocation of sensor devices, does not rely on any additional hardware device, and is mostly based on symmetric key cryptography. We formally prove the security of the proposed protocols, and we implement GDP on a sensor network testbed and report performance evaluation results.
    ACM Transactions on Sensor Networks (TOSN). 03/2013; 9(2).
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a privacy-preserving proximity-based security system for location-based services in wireless networks, without requiring any pre-shared secret, trusted authority, or public key infrastructure. In this system, the proximity-based authentication and session key establishment are implemented based on spatial temporal location tags. Incorporating the unique physical features of the signals sent from multiple ambient radio sources, the location tags cannot be easily forged by attackers. More specifically, each radio client builds a public location tag according to the received signal strength indicators, sequence numbers, and media access control (MAC) addresses of the ambient packets. Each client also keeps a secret location tag that consists of the packet arrival time information to generate the session keys. As clients never disclose their secret location tags, this system is robust against eavesdroppers and spoofers outside the proximity range. The system improves the authentication accuracy by introducing a nonparametric Bayesian method called infinite Gaussian mixture model in the proximity test and provides flexible proximity range control by taking into account multiple physical-layer features of various ambient radio sources. Moreover, the session key establishment strategy significantly increases the key generation rate by exploiting the packet arrival time of the ambient signals. The authentication accuracy and key generation rate are evaluated via experiments using laptops in typical indoor environments.
    IEEE Transactions on Information Forensics and Security 01/2013; 8(12):2089-2100. · 1.90 Impact Factor
  • Liang Xiao, Qiben Yan, Wenjing Lou, Y.T. Hou
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a privacy-preserving proximity-based security strategy for location-based services in wireless networks, without requiring any pre-shared secret, trusted authority or public key infrastructure. More specifically, radio clients build their location tags according to the unique physical features of their ambient radio signals, which cannot be forged by attackers outside the proximity range. The proximity-based authentication and session key generation is based on the public location tag, which incorporates the received signal strength indicator (RSSI), sequence number and MAC address of the ambient radio packets. Meanwhile, as the basis for the session key generation, the secret location tag consisting of the arrival time interval of the ambient packets, is never broadcast, making it robust against eavesdroppers and spoofers. The proximity test utilizes the nonparametric Bayesian method called infinite Gaussian mixture model, and provides range control by selecting different features of various ambient radio sources. The authentication accuracy and key generation rate are evaluated via experiments using laptops in typical indoor environments.
    Communications (ICC), 2013 IEEE International Conference on; 01/2013
  • Lu Shi, Shucheng Yu, Wenjing Lou, Y.T. Hou
    [Show abstract] [Hide abstract]
    ABSTRACT: Lacking trusted central authority, distributed systems have received serious security threats from Sybil attack, where an adversary forges identities of more than one node and attempts to control the system. By utilizing the real-world trust relationships between users, social network-based defense schemes have been proposed to mitigate the impact of Sybil attacks. These solutions are mostly built on the assumption that the social network graph can be partitioned into two loosely linked regions - a tightly connected non-Sybil region and a Sybil region. Although such an assumption may hold in certain settings, studies have shown that the real-world social connections tend to divide users into multiple inter-connected small worlds instead of a single uniformly connected large region. Given this fact, the applicability of existing schemes would be greatly undermined for inability to distinguish Sybil users from valid ones in the small non-Sybil regions. This paper addresses this problem and presents SybilShield, the first protocol that defends against Sybil attack utilizing multi-community social network structure in real world. Our scheme leverages the sociological property that the number of cutting edges between a non-Sybil community and a Sybil community, which represent human-established trust relationships, is much smaller than that among non-Sybil communities. With the help of agent nodes, SybilShield greatly reduces false positive rate of non-Sybils among multiple communities, while effectively identifying Sybil nodes. Analytical results prove the superiority of SybilShield. Our experiments on a real-world social network graph with 100,000 nodes also validate the effectiveness of SybilShield.
    INFOCOM, 2013 Proceedings IEEE; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Wireless energy transfer is a promising technology to fundamentally address energy and lifetime problems in a wireless sensor network (WSN). On the other hand, it has been well recognized that a mobile base station has significant advantages over a static one. In this paper, we study the interesting problem of co-locating the mobile base station on the wireless charging vehicle (WCV). The goal is to minimize energy consumption of the entire system while ensuring none of the sensor nodes runs out of energy. We develop a mathematical model for this complex problem. Instead of studying the general problem formulation (OPT-t), which is time-dependent, we show that it is sufficient to study a special subproblem (OPT-s) which only involves space-dependent variables. Subsequently, we develop a provably near-optimal solution to OPT-s. The novelty of this research mainly resides in the development of several solution techniques to tackle a complex problem that is seemingly intractable at first glance. In addition to addressing a challenging and interesting problem in a WSN, we expect the techniques developed in this research can be applied to address other related networking problems involving time-dependent movement, flow routing, and energy consumption.
    INFOCOM, 2013 Proceedings IEEE; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.
    IEEE Transactions on Parallel and Distributed Systems 01/2013; 24(1):131-143. · 1.80 Impact Factor
  • Source
    Computer Security--ESORICS 2013; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud computing is envisioned as the next generation architecture of IT enterprises, providing convenient remote access to massively scalable data storage and application services. While this outsourced storage and computing paradigm can potentially bring great economical savings for data owners and users, its benefits may not be fully realized due to wide concerns of data owners that their private data may be involuntarily exposed or handled by cloud providers. Although end-to-end encryption techniques have been proposed as promising solutions for secure cloud data storage, a primary challenge toward building a full-fledged cloud data service remains: how to effectively support flexible data utilization services such as search over the data in a privacy-preserving manner. In this article, we identify the system requirements and challenges toward achieving privacy-assured searchable outsourced cloud data services, especially, how to design usable and practically efficient search schemes for encrypted cloud storage. We present a general methodology for this using searchable encryption techniques, which allows encrypted data to be searched by users without leaking information about the data itself and users¿ queries. In particular, we discuss three desirable functionalities of usable search operations: supporting result ranking, similarity search, and search over structured data. For each of them, we describe approaches to design efficient privacy-assured searchable encryption schemes, which are based on several recent symmetric-key encryption primitives. We analyze their advantages and limitations, and outline the future challenges that need to be solved to make such secure searchable cloud data service a reality.
    IEEE Network 01/2013; 27(4):56-62. · 2.85 Impact Factor
  • Ming Li, Shucheng Yu, Ning Cao, Wenjing Lou
    [Show abstract] [Hide abstract]
    ABSTRACT: Making new connections according to personal preferences is a crucial service in mobile social networking, where an initiating user can find matching users within physical proximity of him/her. In existing systems for such services, usually all the users directly publish their complete profiles for others to search. However, in many applications, the users' personal profiles may contain sensitive information that they do not want to make public. In this paper, we propose FindU, a set of privacy-preserving profile matching schemes for proximity-based mobile social networks. In FindU, an initiating user can find from a group of users the one whose profile best matches with his/her; to limit the risk of privacy exposure, only necessary and minimal information about the private attributes of the participating users is exchanged. Two increasing levels of user privacy are defined, with decreasing amounts of revealed profile information. Leveraging secure multi-party computation (SMC) techniques, we propose novel protocols that realize each of the user privacy levels, which can also be personalized by the users. We provide formal security proofs and performance evaluation on our schemes, and show their advantages in both security and efficiency over state-of-the-art schemes.
    IEEE Transactions on Wireless Communications 01/2013; 12(5):2024-2033. · 2.42 Impact Factor
  • Huacheng Zeng, Yi Shi, Y.T. Hou, Wenjing Lou
    [Show abstract] [Hide abstract]
    ABSTRACT: Degree-of-Freedom (DoF)-based model is a simple yet powerful tool to analyze MIMO's spatial multiplexing (SM) and interference cancellation (IC) capabilities in a multi-hop network. Recently, a new DoF model was proposed and was shown to achieve the same rate region as the matrix-based model (under SM and IC). The essence of this new DoF model is a novel node ordering concept, which eliminates potential duplication of DoF allocation for IC. In this paper, we investigate DoF scheduling for a multi-hop MIMO network based on this new DoF model. Specifically, we study how to perform DoF allocation among the nodes for SM and IC so as to maximize the minimum rate among a set of sessions. We formulate this problem as a mixed integer linear programming (MILP) and develop an efficient DoF scheduling algorithm to solve it. We show that our algorithm is amenable to local implementation and has polynomial time complexity. More importantly, it guarantees the feasibility of final solution (upon algorithm termination), despite that node ordering establishment and adjustment are performed locally. Simulation results show that our algorithm can offer a result that is close to an upper bound found by CPLEX solver, thus showing that the result found by our algorithm is highly competitive.
    INFOCOM, 2013 Proceedings IEEE; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: The dominant spectrum sharing paradigm of today is the interweave paradigm. This paper advocates a new and alternative paradigm called United network of Primary and Secondary networks (UPS). UPS allows a complete cooperation between primary and secondary networks at the node level to relay each other's traffic, in addition to existing dynamic spectrum access (DSA) in time, space, and frequency domains. Such cooperation allows the primary and secondary networks to access a much richer network resources from the combined network. As a case study, we consider a problem with the goal of supporting the rate requirement of the primary network traffic while maximizing the minimum throughput of the secondary sessions. For this problem, we develop an optimization model and formulate a combinatorial optimization problem. Although this problem is in the form of mixed integer linear program (MILP), we can use CPLEX to solve it efficiently. Simulation results show that the UPS paradigm offers much better throughput performance than the interweave DSA paradigm.
    Mobile Ad-Hoc and Sensor Systems (MASS), 2013 IEEE 10th International Conference on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Passive monitoring by distributed wireless sniffers has been used to strategically capture the network traffic, as the basis of automatic network diagnosis. However, the traditional monitoring techniques fall short in cognitive radio networks (CRNs) due to the much larger number of channels to be monitored, and the secondary users' channel availability uncertainty imposed by primary user activities. To better serve CRNs, we propose a systematic passive monitoring framework for traffic collection using a limited number of sniffers in WiFi like CRNs. We jointly consider primary user activity and secondary user channel access pattern to optimize the traffic capturing strategy. In particular, we exploit a non-parametric density estimation method to learn and predict secondary users' access pattern in an online fashion, which rapidly adapts to the users' dynamic behaviors and supports accurate estimation of merged access patterns from multiple users. We also design near-optimal monitoring algorithms that maximize two levels of quality-of-monitoring goals respectively, based on the predicted channel access patterns. The simulations and experiments show that our proposed framework outperforms the existing schemes significantly.
    INFOCOM, 2013 Proceedings IEEE; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper explores the so-called “transparent coexistence” paradigm for spectrum sharing between primary and secondary nodes in a multi-hop network environment. Although such paradigm has been studied in the information theory and communications communities, it is not well understood in the wireless networking community, particularly for multihop networks. Under this paradigm, a secondary network is allowed to use the same spectrum simultaneously with the primary network as long as their activities are “transparent” (or “invisible”) to the primary network. Such transparency can be accomplished through a systematic interference cancellation (IC) by the secondary nodes without any impact on the primary network. This paper offers an in-depth study of this paradigm in a multi-hop network environment and addresses issues such as channel selection, IC to/from primary network, and IC within the secondary network. Through a rigorous modeling and formulation, we develop an optimization problem under this paradigm with the objective of maximizing secondary user's throughput. Through simulation results, we show that such paradigm offers significant improvement to a multi-hop network in terms of spectrum efficiency and throughput performance as compared to the prevailing interference-avoidance paradigm.
    Sensor, Mesh and Ad Hoc Communications and Networks (SECON), 2013 10th Annual IEEE Communications Society Conference on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: The cost of energy consumption is an important concern for network operators. In this paper, we study an energy-related problem that focuses on network-wide energy consumption. In the first part of this work, we study how to maximize throughput under a network-wide energy constraint. We formulate this problem as a mixed-integer nonlinear program (MINLP). This formulation differs from prior efforts as it considers a non-zero device power, which complicates the problem. We propose a novel piece-wise linear approximation to transform the nonlinear constraints into linear constraints. We prove that the solution developed under this approach is near-optimal with a guaranteed performance bound. In the second part, we generalize the problem in the first part via a multicriteria optimization framework, which simultaneously optimizes throughput and total network energy. We show how weakly Pareto-optimal solutions can characterize an optimal throughput-energy curve. We offer some interesting properties of the optimal throughput-energy curves, which are useful to both network operators and end-users. Our results fill in some important gaps in the current understanding on optimizing total network energy.
    IEEE Transactions on Wireless Communications 01/2013; 12(3):1255-1267. · 2.42 Impact Factor

Publication Stats

2k Citations
92.70 Total Impact Points

Institutions

  • 2009–2014
    • Virginia Polytechnic Institute and State University
      • Department of Computer Science
      Blacksburg, Virginia, United States
  • 2007–2012
    • Illinois Institute of Technology
      • Department of Electrical & Computer Engineering
      Chicago, Illinois, United States
  • 2011
    • University of Arkansas at Little Rock
      • Department of Computer Science
      Little Rock, Arkansas, United States
  • 2004–2011
    • Worcester Polytechnic Institute
      • Department of Electrical and Computer Engineering
      Worcester, Massachusetts, United States
  • 2010
    • University of California, Davis
      • Department of Computer Science
      Davis, CA, United States
  • 2006
    • New Jersey Institute of Technology
      • Department of Electrical and Computer Engineering
      Newark, NJ, United States
  • 2001–2006
    • University of Florida
      • Department of Electrical and Computer Engineering
      Gainesville, FL, United States