Di Ma

University of Michigan-Dearborn | UM-Dearborn · Department of Computer & Information Science

Though representing a promising approach for personalization, targeting, and recommendation, aggregation of user profiles from multiple social networks will inevitably incur a serious privacy leakage issue. In this paper, we propose a Novel Heterogeneous De-anonymization Scheme (NHDS) aiming at de-anonymizing heterogeneous social networks. NHDS fir...

Privacy inference through meta-data (e.g. IP, Host) analysis of Wi-Fi traffic poses a potentially more serious threat to user privacy. Firstly, it provides a more efficient and scalable approach to infer users' sensitive information without checking the content of Wi-Fi traffic. Secondly, meta-data based demographics inference can work on both unen...

To enjoy various utility and services, people are active in multiple social networks nowadays. With tons of data generated on platforms, multiple accounts of the same user in different social networks can be used to de-anonymize the user in a large scale. The aggregation of user profiles poses a threat to user privacy. With a concern of privacy lea...

Cooperative adaptive cruise control (CACC) or platooning recently becomes promising as vehicles can learn of nearby vehicles? intentions and dynamics through wireless vehicle to vehicle (V2V) communication and advanced on-board sensing technologies. Violation of cybersecurity often results in serious safety issues as been demonstrated in recent stu...

Global investment and recent advancements in vehicle automation are making autonomous and cooperative automated driving (AD) a reality. Not only will automated vehicles incorporate more electronics and connectivity than ever before, but also, notably, they will transfer control and responsibility of monitoring the environment from a human driver to...

Malware is a burgeoning threat for smartphones and continuing advancing. Traditional defenses to malware, however, are not suitable for smartphones due to their resource intensive nature. This necessitates the design of novel mechanisms that can take into account the specifics of the smartphone malware and smartphones themselves. In this paper, we...

Recently, mobile services of ephemeral communications, such as Snap chat, are becoming increasingly popular because of their "burn after reading" functionality. However, recent events show that these services do not achieve the claimed functionality supporting truly self-destructing messages. In this paper, we address the problem of privacy protect...

In this paper we present an identity-set-based broadcast encryption scheme with three working modes: positive membership (Select-mode), all member (All-mode), and negative membership (Cut-mode) over the user identity set, simultaneously. The core of our scheme is the implementation of cryptographic representation of subset by using two aggregation...

Radio frequency identification (RFID) systems are becoming increasingly ubiquitous in both public and private domains. However, because of the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise because of the tag's promi...

As an emerging advanced short-range communication technology, near field communication (NFC) is undergoing a fast rate of expansion with many promising benefits including low power, small size, and peer-to-peer communication, without incurring complex network configuration overhead. However, current NFC technologies suffer from one practical limita...

In this paper, we propose a new hard problem, called bilateral inhomogeneous small integer solution (Bi-ISIS), which can be seen as an extension of the small integer solution problem on lattices. The main idea is that, instead of choosing a rectangle matrix, we choose a square matrix with small rank to generate Bi-ISIS problem without affecting the...

Many random functions, like Hash, MAC, PRG, have been used in various network applications for different security choices. However, they are either fast but insecure or cryptographic secure but slow. To integrate them together, in this paper we present a new family of square random functions, including SqHash, SqMAC and SqPRG, based on a specially...

We propose a new construction of identity-based encryption without key escrow over the tradition RSA cryptosystems. The security of our scheme follows from the decisional Diffie-Hellman assumption and the difficulty of Modular inversion hidden number problem with error (MIHNPwE), which can be seen as a generalization of the modular inversion hidden...

Short-range wireless communication technologies have been used in many security-sensitive smartphone applications and services such as contactless micro payment and device pairing. Typically, the data confidentiality of the existing short-range communication systems relies on so-called “key-exchange then encryption” mechanism, which is inefficient,...

Even though role-based access control (RBAC) can tremendously help us to minimize the complexity in administering users, it still needs to realize the notion of roles at the resource level. In this paper, we propose a practical cryptographic RBAC model, called role-key hierarchy model, to support various security features, including signature, iden...

Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking, or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without...

The increasing spread of location-based services (LBSs) has led to a renewed research interest in location-based security, especially location-based access control. It also raises a lot of concern on potential privacy violation due to the possibility of identifying the user who requests a given service based on her/his location information at the t...

The increasing spread of location-based services (LBSs) has led to a renewed research interest in the security of services. To ensure the credibility and availability of LBSs, there is a pressing requirement for addressing access control, authentication and privacy issues of LBSs in a synergistic way. In this paper, we propose an innovative locatio...

We propose a new construction of identity-based encryption without key escrow over the tradition cryptosystems. The security of our scheme follows from the decisional Diffie-Hellman assumption and the difficulty of a new problem --- modular inversion hidden number problem with error (MIHNPwE). The latter can be seen as a generalization of the modul...

According to one embodiment of the present invention, a method for tracking the usage of digital content is provided. The method includes tracking the usage of at least one digital content by having a provider computer system prepare the content in an encoded format and allowing the provider computer system to distribute the content to a user compu...

We consider the problem of providing integrity of aggregate result in the presence of an untrusted data aggregator who may introduce errors into data fusion, causing the final aggregate result to far deviate from the true result determined by participating values. We proposes a construction that allows a group of participants to periodically upload...

This paper addresses how to construct a RBAC-compatible attribute-based encryption (ABE) for secure cloud storage, which provides a user-friendly and easy-to-manage security mechanism without user intervention. Similar to role hierarchy in RBAC, attribute lattice introduced into ABE is used to define a seniority relation among all values of an attr...

In this paper, we introduce a lightweight permission enforcement approach - Tap-Wave-Rub (TWR) - for smartphone malware prevention. TWR is based on simple human gestures that are very quick and intuitive but less likely to be exhibited in users' daily activities. Presence or absence of such gestures, prior to accessing an application, can effective...

Numerous cryptographic techniques have been developed to be used on mobile devices for various security and privacy protections. However, these cryptographic primitives, working under different mathematical assumptions, tend to become more and more complex and intricate, which makes it increasingly more difficult for proper implementation and manag...

Wireless sensor networks (WSNs) appeal to a wide range of applications that involve the monitoring of various physical phenomena. However, WSNs are subject to many threats. In particular, lack of pervasive tamper-resistant hardware results in sensors being easy targets for compromise. Having compromised a sensor, the adversary learns all the sensor...

In certain applications, it is important for a remote server to securely determine whether or not two mobile devices are in close physical proximity. In particular, in the context of an NFC transaction, the bank server can validate the transaction if both the NFC phone and reader are precisely at the same location thereby preventing a form of a dev...

A hybrid cloud is a cloud computing environment in which an organization provides and manages some internal resources and has others provided externally. However, this new environment could bring irretrievable losses to the clients due to a lack of integrity verification mechanism for distributed data outsourcing. To support scalable service and da...

The ability to efficiently retrieve data in their encrypted form is important for the cloud to become a truly secure and practical data sharing platform. Although this field has attracted tremendous research attention in the past a few years, most existing solutions do not support efficient searches with complex query conditions. Also, there has be...

In this paper, we report on a new approach for enhancing security and privacy in certain RFID applications whereby location or location-related information (such as speed) can serve as a legitimate access context. Examples of these applications include access cards, toll cards, credit cards and other payment tokens. We show that location awareness...

Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without n...

Recent technological advancements enrich many RFID tags with sensing capabilities. This new generation of RFID devices - supporting sensing, computation, and RFID communication - can facilitate numerous promising applications for ubiquitous sensing and computation. They also suggest new ways of providing security and privacy for RFID systems by uti...

The development of RFID systems in sensitive applications like e-passport, e-health, credit cards, and personal devices, makes it necessary to consider the related security and privacy issues in great detail. Among other security characteristic of an RFID authentication protocol, untraceability and synchronization are the most important attributes....

Establishing trust while preserving privacy is a challenging research problem. In this paper we introduce lambda -congenial secret groups which allow users to recognize trusted partners based on common attributes while preserving their anonymity and privacy. Such protocols are different from authentication protocols, since the latter are based on i...

RFID Electronic Toll Collection (ETC) systems have been deployed worldwide to improve toll collection efficiency, reduce road congestion, increase road safety and traveler sat- isfiability. However, the use of such systems raises a number of security and privacy issues due to unauthorized reading and relay attacks. Unfortunately, currently deployed...

Content usage statistics from superdistribution users have great commercial values since they can be used for any number of purposes including marketing, accounting, and/or fraud prevention. However tracking content usage under the superdistribution model poses a great challenge since most content users have no explicit pre-established relationship...

Wireless communication is continuing to make inroads into many facets of society and is gradually becoming more and more ubiquitous. While in the past wireless communication (as well as mobility) was largely limited to the first and last transmission hops, today's wireless networks are starting to offer purely wireless, often mobile, and even oppor...

Both individuals and corporations increasingly rely on email to exchange important and, often sensitive, information. With the advent of ubiquitous computing and miniaturization of end-devices, many users leave email on remote servers, thus facilitating anywhere/anytime access from any networked device. Since private and sensitive information is of...

Some wireless sensor networks preclude the constant presence of a centralized data collection point, that is, a sink. In such a disconnected or unattended setting, nodes must accumulate sensed data until it can be off loaded to an itinerant sink. Furthermore, if the operating environment is hostile, there is a very real danger of node and data comp...

The need for secure logging is well-understood by the security professionals, including both researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this article, we begin by examining the state of the art in secure logging and identify some p...

VANET based information systems have considerable promise for improving traffic safety, reducing congestion and increasing environmental efficiency of transportation systems. However, the potential of these systems will not be realized until the issue of network security is fully resolved. In this paper, we introduce a security scheme called Tempor...

Unattended wireless sensor networks (UWSNs) operating in hostile environments face the risk of compromise. Unable to off-load collected data to a sink or some other trusted external entity, sensors must protect themselves by attempting to mitigate potential compromise and safeguarding their data. In this paper, we focus on techniques that allow una...

Abstract Unattended Wireless Sensor Networks (UWSNs) are composed,of many small resource-constrained devices and operate autonomously, gathering data which is periodically collected by a visiting sink. Unattended mode of operation, deployment in hostile environments and value (or critical- ity) of collected data are some of the factors that complic...

The need for secure logging is well-understood by the security researchers and practitioners. The ability to efficiently verify all (or some) log entries is important to any application employing secure logging techniques. In this paper, we begin by examining the state-of-the-art in secure logging and identify some problems inherent to systems base...

A forward secure sequential aggregate (FssAgg) signature scheme allows a signer to iteratively combine signatures gen- erated in difierent time intervals { and with difierent keys { into a single constant-size signature. Such a signature ofiers forward security, storage/communication e-ciency, as well as overall integrity of the signed messages. Fs...

Unattended wireless sensor networks (UWSNs) operating in hostile environments face the risk of compromise. Unable to off-load collected data to a sink or some other trusted external entity, sensors must protect themselves by attempting to mitigate potential compromise and safeguarding their data. In this paper, we focus on techniques that allow una...

JPEG 2000 is an international standard for still image compression in the 21st century. Part 8 of the standard, named JPSEC, is concerned with all the security aspects, in particular to access control and authentication. This paper presents a novel ac- cess control scheme for JPEG 2000 image code-streams. The pro- posed scheme is secure against col...

Wireless sensors are employed in a wide range of applications. One common feature of many sensor settings is the need to communicate sensed data to some collection point or sink. This communication can be direct (to a mobile collector) or indirect-via other sensors towards a remote sink. In either case, a sensor might not be able to communicate to...

In many sensor network applications, it is critical for the base station to know the delivery (or execution) status of its broadcast messages (or commands). One straightforward way to do so is to let every sensor node send an authenticated acknowledgement (ACK) to the BS directly. However this naive solution is highly communication inefficient and...

Wireless sensors are employed in a wide range of applications. One common feature of most sensor settings is the need to communicate sensed data to some collection point or sink. This communication can be direct (to a mobile collector) or indirect - via other sensors towards a remote sink. In either case, a sensor might not be able to communicate t...

We propose a communication-efficient authentication scheme to authenticate query results disseminated by untrusted data publishing servers. In our scheme, signatures of multiple tuples in the result set are aggregated into one and thus the communication overhead incurred by the signature keeps constant. Next attr-MHTs (tuple based Merkle Hash Tree)...

We propose a communication-efficient authentication scheme to authenticate query results disseminated by untrusted data publishing servers. In our scheme, signatures of multiple tuples in the result set are aggregated into one and thus the communication overhead incurred by the signature keeps constant. Next attr-MHTs (tuple based Merkle Hash Tree)...

An important aspect of JPEG2000 is its “compress once, decompress many ways” property [1], i.e., it allows users with different preferences, privileges or capabilities to extract various sub-images all from a single compressed image code-stream. In this paper, we present a flexible and scalable scheme to authenticate JPEG2000 images disseminated by...

JPEG2000 is an emerging international standard for still image compression and is becoming the solution of choice for many digital imaging fields and applications. Part 8 of the standard, named JPSEC, is concerned with all the security aspects of JPEG2000 image code-streams, with emphasis presently on access control and authentication. An important...

The current packet based stream authentication schemes provide eective and ecient authentication over a group of packets transmitted on erasure channels. However, by fixing the packets in trans- mission, any packet manipulation will cause authentication failure. In p2p content delivery network where a proxy-in-the-middle is able to store, forward,...

Recently, there is an increase in the number of group commu- nication applications which support multiple service groups of different access privileges. Traditional access control schemes for group applica- tions assume that all the group members have the same access privi- lege and mostly focus on how to reduce rekeying messages upon user joining...

End-to-end security mechanisms, like SSL, may seriously limit the capability of in-network processing that is the most critical function in sensor networks. Supporting in-network processing can significantly improve the performance of extremely resource-constrained sensor networks featuring many-to-one traffic patterns. How to protect the traffic a...

The JPEG2000 syntax requires that any two consecutive bytes in the encrypted packet body should not be larger than 0xFF8F. This stringent requirement has plagued researchers for a few years and no satisfactory solution has been proposed. In this paper, we successfully developed efficient, secure and format-compliant encryption schemes for JPEG 2000...

This paper presents an authentication scheme and an access control scheme for JPEG2000 image codestreams based on hash chains. Both schemes are fully compatible with the core part of JPEG2000 standard. The authentication scheme allows users to verify the authenticity of sub-images progressively extracted from a single codestream protected with a si...

This paper presents an object-based stream authentication scheme for practical end-to-end applications on present network infras- tructure and protocols. In this proposal, a stream is divided into objects that are delivered sequentially. Each object consists of a unique identifier, content and operations. At the sender side, a locked object identif...

In this thesis, new approaches and applications of volume modeling and Rapid Prototyping (RP) in medicine are investigated. An experimental volume modeling system is developed. StereoLithography (STL) models generated from this modeling system are fabricated by DTM Corporation's Sinterstation 2500 system. The complexity of certain medical models su...