Dijiang Huang

Arizona State University, Phoenix, Arizona, United States

Are you Dijiang Huang?

Claim your profile

Publications (113)37.31 Total impact

  • Zhijie Wang · Dijiang Huang · Yan Zhu · Bing Li · Chun-Jen Chung ·
    [Show abstract] [Hide abstract]
    ABSTRACT: With the proliferation of mobile devices in recent years, there is a growing concern regarding secure data storage, secure computation, and fine-grained access control in data sharing for these resource-constrained devices in a cloud computing environment. In this work, we propose a new efficient framework named Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) with the support of negative attributes and wildcards. It embeds the comparable attribute ranges of all the attributes into the user's key, and incorporates the attribute constraints of all the attributes into one piece of ciphertext during the encryption process to enforce flexible access control policies with various range relationships. Accordingly, CCP-CABE achieves the efficiency because it generates constant-size keys and ciphertext regardless of the number of involved attributes, and it also keeps the computation cost constant on lightweight mobile devices. We further discuss how to extend CCP-CABE to fit a scenario with multiple attribute domains, such that the decryption proceeds from the least privileged attribute domain to the most privileged one to help protect the privacy of the access policy. We provide security analysis and performance evaluation to demonstrate their efficiency at the end.
    IEEE Transactions on Computers 12/2015; 64(12):1-1. DOI:10.1109/TC.2015.2401033 · 1.66 Impact Factor
  • Source
    Huijun Wu · Dijiang Huang · Yan Zhu ·
    [Show abstract] [Hide abstract]
    ABSTRACT: A distributed mobile cloud service model called “POEM” is presented to manage the mobile cloud resource and compose mobile cloud applications. POEM provides the following salient features: (a) it considers resource management not only between mobile devices and clouds, but also among mobile devices; (b) it utilizes the entire mobile cloud system as the mobile application running platform, and as a result, the mobile cloud application development is significantly simplified and enriched; and (c) it addresses the interoperability issues among mobile devices and cloud resource providers to allow mobile cloud applications running cross various cloud virtual machines and mobile devices. The proposed POEM solution is demonstrated by using OSGi and XMPP techniques. Our performance evaluations demonstrate that POEM provides a true elastic application running environment for mobile cloud computing.
    Mobile Networks and Applications 05/2015; 20(3). DOI:10.1007/s11036-015-0617-0 · 1.05 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The ubiquitous sensing-capable mobile devices have been fuelling the new paradigm of Mobile Crowd Sensing (MCS) to collect data about their surrounding environment. To ensure the timeliness and quality of the data samples in MCS, it is critical to select qualified participants to maintain sensing coverage ratios over important spatial areas (i.e., hotspots) during time periods of interest and meet various Quality of Service (QoS) requirements of sensing applications. In this paper, we examine the problems of sensing task assignment to minimize the overall cost and maximize the total utility in MCS while adhering to the QoS constraints and prove that they are NP-hard problems. Consequently, we present heuristic greedy approaches as the baseline solutions and further propose new hybrid approaches with the greedy algorithm and bees algorithm combined to address them. We demonstrate that the hybrid approaches significantly outperform the greedy approaches through extensive simulation and the analysis is given in the end.
  • Source
    Zhijie Wang · Dijiang Huang · Huijun Wu · Bing Li · Yuli Deng ·
    [Show abstract] [Hide abstract]
    ABSTRACT: The mobile marketing is growing exponentially worldwide due to the emerging high speed wireless Internet and the proliferation of smartphones with powerful processors. Consequently, the management of the massive volume of mobile identities has sparked a lot of interest in both industry and academia, as they turn out to be a heavy burden for many mobile application startups. The conventional federated identity management technologies have been developed to delegate the users' identity tasks across different security domains to reduce the burden over the identity service consumers (i.e., Relying Party). However, they also raises serious security and privacy issues, such as the vulnerability to Single Point of Failure (SPOF) and the privacy leakage with respect to users' historical access information. To address these issues, we architect a novel Distributed Privacy-preserving Mobile Access Control (DP-MAC) framework. This framework also leverages a dual-root trust model to prevent identity theft in case of mobile device loss. In the end, we give performance evaluation and prove its applicability by implementing our system in the Cloud Computing platform and android smartphones based on jPBC in real-world settings.
  • Le Xu · Dijiang Huang · W.-T. Tsai ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Hands-on experiments are essential for computer network security education. Existing laboratory solutions usually require significant effort to build, configure, and maintain and often do not support reconfigurability, flexibility, and scalability. This paper presents a cloud-based virtual laboratory education platform called V-Lab that provides a contained experimental environment for hands-on experiments using virtualization technologies (such as Xen or KVM Cloud Platform) and OpenFlow switches. The system can be securely accessed through OpenVPN, and students can remotely control the virtual machines (VMs) and perform the experimental tasks. The V-Lab platform also offers an interactive Web GUI for resource management and a social site for knowledge sharing and contribution. By using a flexible and configurable design, V-Lab integrates pedagogical models into curriculum design and provides a progressive learning path with a series of experiments for network security education. Since summer 2011, V-Lab has served more than 1000 students from six courses across over 20 experiments. The evaluation demonstrates that the platform and curriculum have produced excellent results and helped students understand and build up computer security knowledge to solve real-world problems.
    IEEE Transactions on Education 08/2014; 57(3):145-150. DOI:10.1109/TE.2013.2282285 · 0.84 Impact Factor
  • Yuki Kawai · Yasuhiro Sato · Shingo Ata · Dijiang Huang · Deep Medhi · Ikuo Oka ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Software-Defined Networking (SDN) is a new approach to manage the whole network flexibly by decoupling the control plane and the forwarding plane. While forwarding elements can be managed by a unified control, complexity arisen from the network size and scalability regarding the increase of the control traffic are notable problems. To deal with events of network reconfiguration that occur asynchronously and change frequently with intervals shorter than hours, a controller has to continue to asynchronously update the configuration of the whole network. However, it is hard to maintain the consistency of the configuration of the whole network because it needs to manage a huge amount of network information and to deal with user requests that occur asynchronously. In this paper, we propose a database oriented management for asynchronous reconfiguration to achieve the consistency of configuration in SDN. We design a structure of the database to store network information and two functional components. Finally, we adopt our management system to an OpenFlow-based network, and validate that our system can manage and control an OpenFlow network via the database.
    NOMS 2014 - 2014 IEEE/IFIP Network Operations and Management Symposium; 05/2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: A flexible, scalable, and robust framework that enables fine-grained flow control under fixed or dynamic policies while addressing trustworthiness as a built-in network level functionality is a desirable goal of the future Internet. Furthermore, the level of trustworthiness may possibly be different from one network to another. It is also desirable to provide user-centric or service-centric routing capabilities to achieve service-oriented traffic controls as well as trust and policy management for security. Addressing these aspects, we present the SeRViTR (Secure and Resilient Virtual Trust Routing) framework. In particular, we discuss the goal and scope of SeRViTR, its implementation details, and a testbed that enables us to demonstrate SeRViTR. We have designed protocols and mechanisms for policy and trust management for SeRViTR and show a validation on the functional implementation of several SeRViTR components to illustrate virtual domains and trust level changes between virtual domains that are achieved under SeRViTR protocols. Going from implementation to testbed, we demonstrate SeRViTR in a virtual network provisioning infrastructure called the Geo-distributed Programmable Layer-2 Networking Environment(G-PLaNE) that connects three institutions spanning the US and Japan.
    Computer Networks 04/2014; 63. DOI:10.1016/j.bjp.2013.12.028 · 1.26 Impact Factor
  • Bing Li · Zhijie Wang · Dijiang Huang ·
    [Show abstract] [Hide abstract]
    ABSTRACT: In many secure application scenarios, establishing a temporary group without revealing group member information is difficult but desirable. Secure group communication can significantly reduce the computation and communication overhead. Traditional group key management schemes are based on a hierarchical tree. Any network entity who wants to set up a group needs to know the keys of the other group members, i.e., the group key establishment must be done before starting the group communication. As a result, the group needs the group formation beforehand. In this paper, we propose a secure grouping scheme providing anonymity for group members to outsiders. Our approach is based on Attribute Based Encryption (ABE) schemes. In our scheme, each network entity is assigned with a set of attributes. Each group is identified by a logical combination of attributes, i.e., the group access policies. The presented solution has an advantage that there is no need for any prior knowledge of other group members. Instead, the sender just needs to focus on the group access policies. Our scheme further preserves the group formation policies by using a gradual exposure method on attributes. Compared to existing hidden-policy schemes, our solution can greatly reduce the computation and communication overhead.
    GLOBECOM 2013 - 2013 IEEE Global Communications Conference; 12/2013
  • Bing Li · Dijiang Huang ·
    [Show abstract] [Hide abstract]
    ABSTRACT: In mobile ad hoc networks (MANETs), how to measure communication anonymity is a crucial issue. In our previous work [1], a theoretic approach based on evidence theory was proposed with detailed analysis. However, localization errors and scalability issues were not considered in the system assumption. In this paper, we further develop our work to incorporate localization errors in anonymity analysis. We propose the concept of super-nodes to model group based mobility. Time domain is sliced into intervals. In each interval, our proposed approach categorizes mobile nodes into clusters based on a novel metric that integrates geographical distances, historical distance records, and communication hops. We then provide the algorithm to generate super-nodes based on cluster formations from each interval. Evaluation results exhibit a satisfactory accuracy to recover group formation using super-nodes.
    MILCOM 2013 - 2013 IEEE Military Communications Conference; 11/2013
  • Source
    Huijun Wu · Dijiang Huang · Samia Bouzefrane ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Offloading is one major type of collaborations between mobile devices and clouds to achieve less execution time and less energy consumption. Offloading decisions for mobile cloud collaboration involve many decision factors. One of important decision factors is the network unavailability that has not been well studied. This paper presents an offloading decision model that takes network unavailability into consideration. Network with some unavailability can be modeled as an alternating renewal process. Then, application execution time and energy consumption in both ideal network and network with some unavailability are analyzed. Based on the presented theoretical model, an application partition algorithm and a decision module are presented to produce an offloading decision that is resistant to network unavailability. Simulation results demonstrate good performance of proposed scheme, where the proposed partition algorithm is analyzed in different application and cloud scenarios.
    9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing; 10/2013
  • Source
    Dijiang Huang · Tianyi Xing · Huijun Wu ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile devices are rapidly becoming the major service participants nowadays. However, traditional client-server based mobile service models are not able to meet the increasing demands from mobile users in terms of services diversity, user experience, security and privacy, and so on. Cloud computing enables mobile devices to offload complex operations of mobile applications, which are infeasible on mobile devices alone. In this article, we provide a comprehensive study to lay out existing mobile cloud computing service models and key achievements, and present a new user-centric mobile cloud computing service model to advance existing mobile cloud computing research.
    IEEE Network 09/2013; 27(5):6-11. DOI:10.1109/MNET.2013.6616109 · 2.54 Impact Factor
  • Yan Zhu · Di Ma · Dijiang Huang · Changjun Hu ·
    [Show abstract] [Hide abstract]
    ABSTRACT: The increasing spread of location-based services (LBSs) has led to a renewed research interest in the security of services. To ensure the credibility and availability of LBSs, there is a pressing requirement for addressing access control, authentication and privacy issues of LBSs in a synergistic way. In this paper, we propose an innovative location-based fine-grained access control mechanism for LBSs, enabling effective fine-grained access control, location-based authentication and privacy protection. Our proposed approach is based on the construction of a spatio-temporal predicate-based encryption by means of efficient secure integer comparison. Our experimental results not only validate the effectiveness of our scheme, but also demonstrate that the proposed integer comparison scheme performs better than previous bitwise comparison scheme.
    Proceedings of the second ACM SIGCOMM workshop on Mobile cloud computing; 08/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    IEEE Transactions on Dependable and Secure Computing 07/2013; 99(4-PrePrints):1. DOI:10.1109/TDSC.2013.8 · 1.35 Impact Factor
  • Yan Zhu · Di Ma · Chang-Jun Hu · Dijiang Huang ·
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper addresses how to construct a RBAC-compatible attribute-based encryption (ABE) for secure cloud storage, which provides a user-friendly and easy-to-manage security mechanism without user intervention. Similar to role hierarchy in RBAC, attribute lattice introduced into ABE is used to define a seniority relation among all values of an attribute, whereby a user holding the senior attribute values acquires permissions of their juniors. Based on these notations, we present a new ABE scheme called Attribute-Based Encryption with Attribute Lattice (ABE-AL) that provides an efficient approach to implement comparison operations between attribute values on a poset derived from attribute lattice. By using bilinear groups of composite order, we propose a practical construction of ABE-AL based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation solution, which can significantly reduce the size of privatekeys and ciphertexts. Furthermore, our solution provides a richer expressive power of access policies to facilitate flexible access control for ABE scheme.
    Proceedings of the 2013 international workshop on Security in cloud computing; 05/2013
  • Source
    Hongbin Liang · Tianyi Xing · Lin X. Cai · Dijiang Huang · Daiyuan Peng · Yan Liu ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile cloud computing (MCC) enables mobile devices to outsource their computing, storage and other tasks onto the cloud to achieve more capacities and higher performance. One of the most critical research issues is how the cloud can efficiently handle the possible overwhelming requests from mobile users when the cloud resource is limited. In this paper, a novel MCC adaptive resource allocation model is proposed to achieve the optimal resource allocation in terms of the maximal overall system reward by considering both cloud and mobile devices. To achieve this goal, we model the adaptive resource allocation as a semi-Markov decision process (SMDP) to capture the dynamic arrivals and departures of resource requests. Extensive simulations are conducted to demonstrate that our proposed model can achieve higher system reward and lower service blocking probability compared to traditional approaches based on greedy resource allocation algorithm. Performance comparisons with various MCC resource allocation schemes are also provided.
    International Journal of Distributed Sensor Networks 04/2013; 2013. DOI:10.1155/2013/181426 · 0.67 Impact Factor
  • Source
    Li Li · Dijiang Huang · Zhidong Shen · Samia Bouzefrane ·
    [Show abstract] [Hide abstract]
    ABSTRACT: With rapid growth of mobile devices and the emergency of mobile cloud services, it is a trend to use mobile devices for mobile-centric applications, and expand the mobile capabilities and provide needed security by mobile cloud services. However, due to the mobility of the device and the semitrust of the mobile cloud, how to build trust in the mobile applications is a big concern. In this paper, we propose a dual-root trust online transaction model that provides a dualroot trust model including both the user's mobile device and a delegation mobile cloud. We design a dual-root trust protocol by leveraging a modified CP-ABE cryptography and the trust execution environment embedded in a mobile device to provide device-specific transaction confirmations for online transactions initiated by the mobile user. The performance evaluation of the protocol demonstrates that it is a lightweight scheme for mobile devices since most cryptographic functions are delegated from users to the mobile cloud.
    Wireless Communications and Networking Conference (WCNC), 2013 IEEE; 04/2013
  • Source
    Fatiha Houacine · Samia Bouzefrane · Li Li · Dijiang Huang ·
    [Show abstract] [Hide abstract]
    ABSTRACT: In this article, a new mobile Cloud service model is presented. It offers a dynamic and efficient remote access to information services and resources for mobile devices. Mobile Cloud computing has been evolved as a distributed service model, where individual mobile users are Cloud service providers. Compared to traditional Internet-centric Cloud service models, the complexity of mobile service management in a dynamic and distributed service environment is increased dramatically. To address this challenge, we propose to establish an OSGi-based mobile Cloud service model — MCC-OSGi — that uses OSGi Bundles as the basic mobile Cloud service building components. The proposed solution supports OSGi bundles running on both mobile devices and Cloud-side virtual machine OS platforms, and the bundles can be transferred and run on different platforms without compatibility issues. The presented solution is achieved: 1) by incorporating OSGi into Android software development platform, 2) by setting up a Remote-OSGi on the Cloud and on mobile devices, and 3) by defining three service architecture models. The presented solution is validated through a demonstrative application with relevant performance measurements.
    Autonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International Symposium on; 03/2013
  • Source
    Tianyi Xing · Dijiang Huang · Le Xu · Chun-Jen Chung · Pankaj Khatkar ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Security has been one of the top concerns in clouds. It is challenging to construct a secure networking environment in clouds because the cloud is usually a hybrid networking system containing both physical and virtually overlaid networks. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been widely deployed to manipulate cloud security, with the latter providing additional prevention capabilities. This paper investigates into an OpenFlow and Snort based IPS called "SnortFlow", in which it enables the cloud system to detect intrusions and deploy countermeasures by reconfiguring the cloud networking system on-the-fly. The evaluation results demonstrate the feasibility of SnortFlow and provide the guidance for the future work.
    Research and Educational Experiment Workshop (GREE), 2013 Second GENI; 01/2013
  • A. Wada · Y. Sato · Xuan Liu · Tianyi Xing · S. Ata · D. Medhi · Dijiang Huang · I. Oka ·
    [Show abstract] [Hide abstract]
    ABSTRACT: A secure network is considered to be an important goal of the Future Internet; one way which can be embodied is by having flexible and robust routing functionality with built-in security and trustworthy mechanisms. However, there is a fundamental and important challenge how to determine the trustworthiness to every traffic flow to realize trustable communications. In this paper, we propose a framework to manage the trustworthiness automatically based on the policy by administrator, hysteresis of the traffic, and/or behavior of end users. We describe the role and function on to manage policy and trustworthiness and illustrate the implementation of SeRViTR, which is a trust routing framework, with communication experiment.
    Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on; 01/2013
  • Chun-Jen Chung · Jingsong Cui · Pankaj Khatkar · Dijiang Huang ·
    [Show abstract] [Hide abstract]
    ABSTRACT: Cloud is gaining momentum but its true potential is hampered by the security concerns it has raised. Having vulnerable virtual machines in a virtualized environment is one such concern. Vulnerable virtual machines are an easy target and existence of such weak nodes in a network jeopardizes its entire security structure. Resource sharing nature of cloud favors the attacker, in that, compromised machines can be used to launch further devastating attacks. First line of defense in such case is to prevent vulnerabilities of a cloud network from being compromised and if not, to prevent propagation of the attack. To create this line of defense, we propose a hybrid intrusion detection framework to detect vulnerabilities, attacks, and their carriers, i.e. malicious processes in the virtual network and virtual machines. This framework is built on attack graph based analytical models, VMM-based malicious process detection, and reconfigurable virtual network-based countermeasures. The proposed framework leverages Software Defined Networking to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve the attack detection and mitigate the attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing; 01/2013

Publication Stats

1k Citations
37.31 Total Impact Points


  • 2006-2014
    • Arizona State University
      • School of Computing, Informatics, and Decision Systems Engineering
      Phoenix, Arizona, United States
  • 2003-2014
    • University of Missouri - Kansas City
      • Department of Computer Science and Electrical Engineering
      Kansas City, Missouri, United States