Lei Xu

• Doctor of Philosophy
• Nanjing University of Science and Technology

Federated edge learning (FEL) emerges as a novel distributed learning paradigm where multiple clients can jointly train a global model without collecting raw data. However, since adversaries can infer sensitive information from the global model and local updates, FEL remains vulnerable to various security challenges in the Internet of Things (IoT)....

Searchable symmetric encryption (SSE) supporting conjunctive queries has garnered significant attention over the past decade due to its practicality and wide applicability. While extensive research has addressed common leakages, such as the access pattern and search pattern, efforts to mitigate these vulnerabilities have primarily focused on struct...

Multi-party computation (MPC) has garnered growing research and industry attention, with many protocols adhering to the preprocessing model to prioritize online performance via offline-generated, data-independent correlated randomness (or correlation for short). However, existing studies have predominantly focused on the online phase, and the equal...

Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leakages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various wo...

The widespread application of Internet of Things technology in the medical field results in the generation of a large amount of healthcare data. Adequately learning valuable knowledge from the massive healthcare data brings a huge potential for improving the efficiency, quality, and safety of healthcare services. Online learning over the cloud offe...

In recent years, cross-device federated learning (FL), particularly in the context of Internet of Things (IoT) applications, has demonstrated its remarkable potential. Despite significant efforts, empirical evidence suggests that FL algorithms have yet to gain widespread practical adoption. The primary obstacle stems from the inherent bandwidth ove...

Dynamic searchable symmetric encryption (DSSE) enables a server to efficiently search and update over encrypted files. To minimize the leakage during updates, a security notion named forward and backward privacy is expected for newly proposed DSSE schemes. Those schemes are generally constructed in a way to break the linkability across search and u...

Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. Most existing systems that conceal leakage either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the...

Powered by the rapid progress of analytics techniques and the increasing availability of healthcare data, artificial intelligence (AI) is bringing a paradigm shift to healthcare applications. AI techniques offer considerable advantages for the evaluation and assimilation of large amounts of complex healthcare data. However, to effectively use AI to...

Multi-source multi-client (M/M) searchable encryption has drawn increasing attention as data sharing becomes prevalent in the digital economics era. It allows data from multiple sources to be securely outsourced to third parties and queried by authorized clients. In response to these demands, various schemes sprung up in the last few years. However...

Encrypted databases have garnered considerable attention for their ability to safeguard sensitive data outsourced to third parties. However, recent studies have revealed the vulnerability of encrypted databases to leakage-abuse attacks on their search module, prompting the development of countermeasures to address this issue. While most studies hav...

High-quality data are widely acknowledged to be instrumental in improving machine learning models. This creates the need for quality-aware data valuation (DV), whose goal is to quantify the contribution of the data during model training and thus identify high-quality and less high-quality ones. In this paper, we survey recent research efforts in qu...

Public-key encryption with keywords search (PEKS) can realize the retrieval of ciphertext data, which is a vital cryptographic primitive in the field of cloud storage. However, in practical applications, the secret keys of users are often exposed due to careless store or computer attacks, which causes privacy disclosure. Furthermore, considering th...

Smart healthcare, as an examplar domain, is empowered by the remarkable miniaturization of sensors and the proliferation of smart devices, which lead to the production of massive amounts of healthcare data. Smart healthcare in the future is expected as a health service system that uses wearable devices, IoT, and mobile internet to dynamically colle...

Public key encryption with keyword search (PEKS) technology is capable of achieving accurate ciphertext retrieval while protecting data privacy. However, curious or malicious semi-trusted cloud servers can cause privacy breaches, which then creates a trust problem for ciphertext management and searching. To address this problem, we propose a truste...

To cope with the local storage stress that has resulted from the increase in data volumes and to keep data privacy, users outsource their data to cloud servers after encrypting these data. Public key encryption with keyword search (PEKS) is a technique that can achieve the search function on encrypted data. However, most existing PEKS schemes are b...

In the area of information retrieval, in order to improve search accuracy and reduce communication overhead, there is an increasing tendency to adopt ranked search in engines. Ranked search allows cloud servers to search for the top k most relevant documents based on the relevance score between the query keywords and the documents. Recently, with t...

Public key encryption with keyword search (PEKS) has long been a promising way for secure data validation, which tells one whether the coming entry contains the designated keyword without decryption. Despite the visible confidentiality benefits, existing PEKS schemes suffer serious performance issues while deployed in real-world applications. Speci...

This paper proposes the first code-based quantum immune sequential aggregate signature (SAS) scheme and proves the security of the proposed scheme in the random oracle model. Aggregate signature (AS) schemes and sequential aggregate signature schemes allow a group of potential signers to sign different messages respectively, and all the signatures...

Multi-user searchable encryption (MUSE) schemes provide solutions for searching over ciphertexts shared by different users, but the significant overhead of communication and computation leads to high latency in the group sharing system. Moreover, most MUSE schemes support only single-keyword search, and are vulnerable to the internal keyword guessi...

Public key encryption with keyword search (PEKS) technology achieves accurate ciphertext retrieval while protecting data privacy. However, curious or malicious semi-trusted cloud servers can cause privacy breaches, which bring a trusted problem of ciphertext management and searching. To address this problem, we present trusted certificateless authe...

The Internet is the most complex machine humankind has ever built, and how to defense it from intrusions is even more complex. With the ever increasing of new intrusions, intrusion detection task rely on Artificial Intelligence more and more. Interpretability and transparency of the machine learning model is the foundation of trust in AI-driven int...

In Machine Learning, the emergence of \textit{the right to be forgotten} gave birth to a paradigm named \textit{machine unlearning}, which enables data holders to proactively erase their data from a trained model. Existing machine unlearning techniques focus on centralized training, where access to all holders' training data is a must for the serve...

To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. Firstly, we derive a feasible tracking technique for industry best practice. We show that...

In Machine Learning (ML), the emergence of the right to be forgotten gave birth to a paradigm named machine unlearning, which enables data holders to proactively erase their data from a trained model. Existing machine unlearning techniques largely focus on centralized training, where access to all holders' training data is a must for the server to...

Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implication...

Edge computing brings data computation and storage closer to the mobile device to save response time for decision making. After being processed at the edge, commonly, the data will be uploaded to the cloud for further enriched analysis. For privacy concerns, local devices may encrypt the collected data before sending it to the cloud server. However...

The rapid growth of storage overhead on public blockchains has urged the use of light clients that only store a small fraction of blockchain data and rely on other bootstrapped full nodes for data retrievals. Unfortunately, current blockchain light client designs are far from satisfactory. Firstly, outsourcing retrieval requests could raise severe...

div> Detecting Zero-Day intrusions has been the goal of Cybersecurity, especially intrusion detection for a long time. Machine learning is believed to be the promising methodology to solve that problem, numerous models have been proposed but a practical solution is still yet to come, mainly due to the limitation caused by the out-of-date open dat...

div> Detecting Zero-Day intrusions has been the goal of Cybersecurity, especially intrusion detection for a long time. Machine learning is believed to be the promising methodology to solve that problem, numerous models have been proposed but a practical solution is still yet to come, mainly due to the limitation caused by the out-of-date open dat...

Internet of Things (IoT), which provides the solution of connecting things and devices, has increasingly developed as vital tools to realize intelligent life. Generally, source-limited IoT sensors outsource their data to the cloud, which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the prof...

Due to its capabilities of searches and updates over the encrypted database, the dynamic searchable symmetric encryption (DSSE) has received considerable attention recently. To resist leakage abuse attacks, a secure DSSE scheme usually requires forward and backward privacy. However, the existing forward and backward private DSSE schemes either only...

Dynamic searchable symmetric encryption (DSSE) allows addition and deletion operation on an encrypted database. Recently, several attack works (such as IKK) show that existing SSE definition which leaks access pattern and search pattern cannot capture the adversary in the real world. These works underline the necessity for forward privacy. To achie...

Searchable encryption enables users to search the encrypted data outsourced in a third party. Recently, to serve a wide scenario of data sharing application, multi-user searchable encryption (MUSE) is proposed to realize the encrypted data search for multiple users. In this paper, we concentrate on addressing the authorized keyword search problem f...

Searchable symmetric encryption (SSE) for multi-owner model draws much attention as it enables data users to perform searches over encrypted cloud data outsourced by data owners. However, implementing secure and precise query, efficient search and flexible dynamic system maintenance at the same time in SSE remains a challenge. To address this, this...

With the rapid development of cloud computing, searchable encryption for multiple data owners model (multi-owner model) draws much attention as it enables data users to perform searches on encrypted cloud data outsourced by multiple data owners. However, there are still some issues yet to be solved nowadays, such as precise query, fast query, "curs...

Multi-Writer Searchable Encryption, also known as public-key encryption with keyword search(PEKS), serves a wide spectrum of data sharing applications. It allows users to search over encrypted data encrypted via different keys. However, most of the existing PEKS schemes are built on classic security assumptions, which are proven to be untenable to...

E-medical record is an emerging health information exchange model based on cloud computing. As cloud computing allows companies and individuals to outsource their data and computation, the medical data is always stored at a third party such as cloud, which brings a variety of risks, such as data leakage to the untrusted cloud server, unauthorized a...

Searchable encryption plays a vital role in keeping data privacy of current cloud storage. Considering the security threat of trapdoor exposure, Emura et al. introduced a formal definition of keywords revocable public key encryption with keywords search (KR-PEKS) which satisfies trapdoor exposure resistance (TER) and trapdoor re-generability. Howev...

E-medical records are sensitive and should be stored in a medical database in encrypted form. However, simply encrypting these records will eliminate data utility and interoperability of the existing medical database system because encrypted records are no longer searchable. Moreover, multiple authorities could be involved in controlling and sharin...

This paper mainly presents a secure and efficient e-Medical Record System via searchable encryption scheme from asymmetric pairings, which could provide privacy data search and encrypt function for patients and doctors in public platform. The core technique of this system is an extension public key encryption system with keyword search, which the s...