Dijiang Huang

Arizona State University, Phoenix, Arizona, United States

Are you Dijiang Huang?

Claim your profile

Publications (84)18.5 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: A flexible, scalable, and robust framework that enables fine-grained flow control under fixed or dynamic policies while addressing trustworthiness as a built-in network level functionality is a desirable goal of the future Internet. Furthermore, the level of trustworthiness may possibly be different from one network to another. It is also desirable to provide user-centric or service-centric routing capabilities to achieve service-oriented traffic controls as well as trust and policy management for security. Addressing these aspects, we present the SeRViTR (Secure and Resilient Virtual Trust Routing) framework. In particular, we discuss the goal and scope of SeRViTR, its implementation details, and a testbed that enables us to demonstrate SeRViTR. We have designed protocols and mechanisms for policy and trust management for SeRViTR and show a validation on the functional implementation of several SeRViTR components to illustrate virtual domains and trust level changes between virtual domains that are achieved under SeRViTR protocols. Going from implementation to testbed, we demonstrate SeRViTR in a virtual network provisioning infrastructure called the Geo-distributed Programmable Layer-2 Networking Environment(G-PLaNE) that connects three institutions spanning the US and Japan.
    Computer Networks. 01/2014;
  • [Show abstract] [Hide abstract]
    ABSTRACT: Mobile cloud computing (MCC) enables mobile devices to outsource their computing, storage and other tasks onto the cloud to achieve more capacities and higher performance. One of the most critical research issues is how the cloud can efficiently handle the possible overwhelming requests from mobile users when the cloud resource is limited. In this paper, a novel MCC adaptive resource allocation model is proposed to achieve the optimal resource allocation in terms of the maximal overall system reward by considering both cloud and mobile devices. To achieve this goal, we model the adaptive resource allocation as a semi-Markov decision process (SMDP) to capture the dynamic arrivals and departures of resource requests. Extensive simulations are conducted to demonstrate that our proposed model can achieve higher system reward and lower service blocking probability compared to traditional approaches based on greedy resource allocation algorithm. Performance comparisons with various MCC resource allocation schemes are also provided.
    International Journal of Distributed Sensor Networks 04/2013; 2013. · 0.92 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: A secure network is considered to be an important goal of the Future Internet; one way which can be embodied is by having flexible and robust routing functionality with built-in security and trustworthy mechanisms. However, there is a fundamental and important challenge how to determine the trustworthiness to every traffic flow to realize trustable communications. In this paper, we propose a framework to manage the trustworthiness automatically based on the policy by administrator, hysteresis of the traffic, and/or behavior of end users. We describe the role and function on to manage policy and trustworthiness and illustrate the implementation of SeRViTR, which is a trust routing framework, with communication experiment.
    Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    IEEE Transactions on Dependable and Secure Computing 01/2013; 99(PrePrints):1. · 1.06 Impact Factor
  • Dijiang Huang, Tianyi Xing, Huijun Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile devices are rapidly becoming the major service participants nowadays. However, traditional client-server based mobile service models are not able to meet the increasing demands from mobile users in terms of services diversity, user experience, security and privacy, and so on. Cloud computing enables mobile devices to offload complex operations of mobile applications, which are infeasible on mobile devices alone. In this article, we provide a comprehensive study to lay out existing mobile cloud computing service models and key achievements, and present a new user-centric mobile cloud computing service model to advance existing mobile cloud computing research.
    IEEE Network 01/2013; 27(5):6-11. · 2.85 Impact Factor
  • Le Xu, Li Li, V. Nagarajan, Dijiang Huang, Wei-Tek Tsai
    [Show abstract] [Hide abstract]
    ABSTRACT: Security has become a major concern for mobile devices when mobile users browsing malicious websites. Existed security solutions may rely on human factors to achieve a good result against phishing websites and SSL Strip-based Man-In-The-Middle (MITM) attack. This paper presents a secure web referral service, which is called Secure Search Engine (SSE) for mobile devices. The system uses mobile cloud-based virtual computing and provides each user a Virtual Machine (VM) as a personal security proxy where all Web traffics are redirected through it. Within the VM, the SSE uses web crawling technology with a set of checking services to validate IP addresses and certificate chains. A Phishing Filter is also used to check given URLs with an optimized execution time. The system also uses private and anonymously shared caches to protect user privacy and improve performance. The evaluation results show that SSE is non-intrusive and consumes no power or computation on the client device, while producing less false positive and false negative than existing web browser-based anti-phishing solutions.
    Service Oriented System Engineering (SOSE), 2013 IEEE 7th International Symposium on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Security has been one of the top concerns in clouds. It is challenging to construct a secure networking environment in clouds because the cloud is usually a hybrid networking system containing both physical and virtually overlaid networks. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been widely deployed to manipulate cloud security, with the latter providing additional prevention capabilities. This paper investigates into an OpenFlow and Snort based IPS called "SnortFlow", in which it enables the cloud system to detect intrusions and deploy countermeasures by reconfiguring the cloud networking system on-the-fly. The evaluation results demonstrate the feasibility of SnortFlow and provide the guidance for the future work.
    Research and Educational Experiment Workshop (GREE), 2013 Second GENI; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Network virtualization is a promising solution that can prevent network ossification by allowing multiple heterogeneous virtual networks (VNs) to cohabit on a shared substrate network. It provides flexibility and promotes diversity. A key issue that ...
    Journal of Network and Systems Management 12/2012; 20(4). · 0.43 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A secure network is considered to be an important goal of the Future Internet; one way this can be embodied is by having flexible and robust routing functionalities with intrinsic security mechanisms. It is also desirable to provide user-centric or service-centric routing capabilities to achieve service-oriented traffic controls as well as trust and policy management for security. Based on these potential needs, a flexible, scalable, and robust routing framework that enables fine-grained flow control under fixed or dynamic policies called the Virtual Trusted Routing and Provisioning Domain (VTRouPD)[11] has been recently proposed. In this paper, we present a framework called the Secure and Resilient Virtual Trust Routing (SeRViTR) framework, which is a proof-of-concept model of VTRouPD at the implementation level. SeRViTR has particular entities that are designed for policy management and trust management between different VTRouPDs to enable a secure Internet. We define the roles of each entity within the SeRViTR framework as well as the messages exchanged between them. We also discuss how policy management and trust negotiation can be achieved. Moreover, we present validation on the functional implementation of several SeRViTR components to illustrate how to create virtual domains and change of trust levels between virtual domains.
    01/2012;
  • [Show abstract] [Hide abstract]
    ABSTRACT: With Internet environment is getting optimized and users preferring mobile communications, Cloud Service Providers (CSP) aim to provide services to users depending on their geographic locations with higher service availability and faster access speed. Mobile cloud computing falls into this category, where mobile users can move around and request cloud services at any given geographic locations. To build such a geographic-based mobile cloud services, an effective mobile cloud resource allocation and service request scheduling scheme is highly desired. To this end, the presented service request scheduling scheme takes a comprehensive approach by considering system parameters from both CSP and mobile users such as computation, energy, connectivity, service payment, mobile users' satisfaction, etc. Finally, the performance evaluation of the proposed scheduling scheme is evaluated through simulations where the results show that the presented scheme achieves better system overall gain compared to traditional over-provisioning approaches.
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on; 01/2012
  • Tianyi Xing, Dijiang Huang, S. Ata, D. Medhi
    [Show abstract] [Hide abstract]
    ABSTRACT: In a cloud computing environment, users prefer to migrate their locally processing workloads onto the cloud where more resources with better performance can be expected. ProtoGENI [1] and PlanetLab [17] have further improved the current Internet-based resource outsourcing by allowing end users to construct a virtual network system through virtualization and programmable networking technologies. However, to the best of our knowledge, there is no such general service or resource provisioning platform designated for mobile devices. In this paper, we present a new design and implementation of MobiCloud that is a geo-distributed mobile cloud computing platform. The discussions of the system components, infrastructure, management, implementation flow, and service scenarios are followed by an example on how to experience the MobiCloud system.
    Network and service management (cnsm), 2012 8th international conference and 2012 workshop on systems virtualiztion management (svm); 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Mobile cloud computing is a promising technique that shifts the data and computing service modules from individual devices to a geographically distributed cloud service architecture. A general mobile cloud computing system is comprised of multiple cloud domains, and each domain manages a portion of the cloud system resources, such as the Central Processing Unit, memory and storage, etc. How to efficiently manage the cloud resources across multiple cloud domains is critical for providing continuous mobile cloud services. In this paper, we propose a service decision making system for interdomain service transfer to balance the computation loads among multiple cloud domains. Our system focuses on maximizing the rewards for both the cloud system and the users by minimizing the number of service rejections that degrade the user satisfaction level significantly. To this end, we formulate the service request decision making process as a semi-Markov decision process. The optimal service transfer decisions are obtained by jointly considering the system incomes and expenses. Extensive simulation results show that the proposed decision making system can significantly improve the system rewards and decrease service disruptions compared with the greedy approach.
    IEEE Transactions on Vehicular Technology 01/2012; 61(5):2222-2232. · 2.06 Impact Factor
  • Yang Qin, Dijiang Huang, Xinwen Zhang
    [Show abstract] [Hide abstract]
    ABSTRACT: Establishing reliable routing among highly mobile vehicles is a challenging problem in vehicular networks. Towards this issue, we present VehiCloud, a novel cloud computing architecture that leverages emerging cloud computing technologies to deal with unreliable inter-vehicle communications and extend the restricted computational capabilities of mobile devices. A way-point information framework (WIF) is devised within the VehiCloud architecture, aiming to provide routing service for vehicular network, where each vehicle serves as a mobile service node and predicts its future locations by generating way point messages, which describe the trajectory of the vehicle's movement. A decision module in VehiCloud collects vehicles' way points and makes routing decisions for inter-vehicle communication. Selected paths of the routing are globally optimized in terms of message delivery ratio by respecting the constraints of end-to-end delay and communication cost. Our implementation of VehiCloud and real-road experiments demonstrate that it is practical and efficient to address fundamental routing problems for vehicular networks.
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on; 01/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: With Cloud Computing technology occupying the majority of future Internet research and development work, research on deploying and extending existing capabilities onto a newly emerging infrastructure becomes more significant. For example, extending the virtual network provisioning capability onto a Geo-distributed programmable layer-2 networking environment (G-PLaNE) is a novel attempt and is different from in a single domain system. In this paper, we aim to illustrate how to construct the virtual networking environment upon our self-designed resource provisioning system consisting of multiple clusters through G-PLaNE. Experimenters and researchers are able to develop and explore their own mechanisms in our platform. Furthermore, a concrete example named Secure and Resilient Virtual Trust Routing (SeRViTR) is given to illustrate how this can be constructed over G-PLaNE.
    Communications (ICC), 2012 IEEE International Conference on; 01/2012
  • Source
    Dijiang Huang, S. Misra, M. Verma, Guoliang Xue
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a new privacy preservation scheme, named pseudonymous authentication-based conditional privacy (PACP), which allows vehicles in a vehicular ad hoc network (VANET) to use pseudonyms instead of their true identity to obtain provably good privacy. In our scheme, vehicles interact with roadside units to help them generate pseudonyms for anonymous communication. In our setup, the pseudonyms are only known to the vehicles but have no other entities in the network. In addition, our scheme provides an efficient revocation mechanism that allows vehicles to be identified and revoked from the network if needed. Thus, we provide conditional privacy to the vehicles in the system, that is, the vehicles will be anonymous in the network until they are revoked, at which point, they cease to be anonymous.
    IEEE Transactions on Intelligent Transportation Systems 10/2011; · 3.06 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile cloud is a machine-to-machine service model, where a mobile device can use the cloud for searching, data mining, and multimedia processing. To protect the processed data, security services, i.e., encryption, decryption, authentications, etc., are performed in the cloud. In general, we can classify cloud security services in two categories: Critical Security (CS) service and Normal Security (NS) service. CS service provides strong security protection such as using longer key size, strict security access policies, isolations for protecting data, and so on. The CS service usually occupies more cloud computing resources, however it generates more rewards to the cloud provider since the CS service users need to pay more for using the CS service. With the increase of the number of CS and NS service users, it is important to allocate the cloud resource to maximize the system rewards with the considerations of the cloud resource consumption and incomes generated from cloud users. To address this issue, we propose a Security Service Admission Model (SSAM) based on Semi-Markov Decision Process to model the system reward for the cloud provider. We, first, define system states by a tuple represented by the numbers of cloud users and their associated security service categories, and current event type (i.e., arrival or departure).We then derive the system steady-state probability and service request blocking probability by using the proposed SSAM. Numerical results show that the obtained theoretic probabilities are consistent with our simulation results.
    Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on; 05/2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In mobile cloud computing, mobile devices can rely on cloud computing and information storage resource to perform computationally intensive operations such as searching, data mining, and multimedia processing. In addition to providing traditional computation services, mobile cloud also enhances the operation of traditional ad hoc network by treating mobile devices as service nodes, e.g., sensing services. The sensed information, such as location coordinates, health related information, should be processed and stored in a secure fashion to protect user's privacy in the cloud. To this end, we present a new mobile cloud data processing framework through trust management and private data isolation. Finally, an implementation pilot for improving teenagers' driving safety, which is called FocusDrive, is presented to demonstrate the solution.
    Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on; 05/2011
  • Source
    Dijiang Huang, S. Ata, D. Medhi
    [Show abstract] [Hide abstract]
    ABSTRACT: Secure virtualization is the enabling technique to protect both network providers and user services. Particularly, secure routing in the virtualized service domains is one of the key research areas that has not been explored in literature. In this paper, we present a new secure routing framework to address both network-centric and user-centric networking service models for the future Internet. We aim to provide a flexible network routing framework that has the capability to route traffic with different service requirements and constraints. In other words, it could be highly desirable that two types of network traffic should be isolated either physically or logically and trustworthy services should be avoided to share the bandwidth with normal traffic that may be prone to security attacks. To achieve this capability, we present how to establish a virtual trust routing framework to handle both network-centric routing and user-centric routing simultaneously by using attribute-based cryptography that can provide information-level protection for virtual routing domain isolation. Our performance evaluation on prioritized services through virtual routing domains and cryptography performance analysis demonstrates the viability of the proposed solution.
    Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE; 01/2011
  • Source
    Zhibin Zhou, Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: In a mobile cloud computing system, lightweight wireless communication devices extend cloud services into the sensing domain. A common mobile cloud secure data service is to inquiry the data from sensing devices. The data can be collected from multiple requesters, which may drain out the power of sensing devices quickly. Thus, an efficient data access control model is desired. To this end, we present a comprehensive security data inquiry framework for mobile cloud computing. Our solution focuses on the following two research directions: First, we present a novel Privacy Preserving Cipher Policy Attribute-Based Encryption (PP-CP-ABE) to protect sensing data. Using PP-CP-ABE, light-weight devices can securely outsource heavy encryption and decryption operations to cloud service providers, without revealing the data content. Second, we propose an Attribute Based Data Storage (ABDS) system as a cryptographic group-based access control mechanism. Our performance assessments demonstrate the security strength and efficiency of the presented solution in terms of computation, communication, and storage.
    IACR Cryptology ePrint Archive. 01/2011; 2011:185.
  • Yang Qin, Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: Traffic analysis is considered the most powerful strategy of disclosing the hidden communication relations in an anonymous communication system. Statistical traffic analysis attacks are even more subtle in that the attackers are usually eavesdroppers who do not modify the network's behaviors. Moreover, the attackers even do not need to look into the traffic content, which may be encrypted, in order to analyze the statistical characteristics. Such attacks have been thoroughly investigated for static wireline networks. However, none of these mechanisms can be directly applied to mobile ad hoc networks (MANETs) due to the inability to deal with mobility, the ad hoc infrastructure and the broadcasting nature of wireless transmissions. Recent research conducted on statistical traffic analysis attacks targeting MANETs is restricted to disclosing the end-to-end traffic distribution. In this paper, we present the least squares disclosure attack (LSDA), targeting a popular MANET routing strategy, that is, the position based routing (PBR, a.k.a geographic routing). LSDA utilizes the traffic distribution disclosed by existing solutions, and de-anonymizes the network communication on a per-flow basis by identifying the source and destination of each end-to-end flow. In LSDA, traffic disclosure is modeled as an efficiently solvable least squares problem subject to linear constraints. The empirical study demonstrates that, the proposed solution can de-anonymize the network flows in high accuracy.
    Proceedings of IEEE International Conference on Communications, ICC 2011, Kyoto, Japan, 5-9 June, 2011; 01/2011