About
41
Publications
10,334
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,764
Citations
Introduction
My research covers various topics in cybersecurity with the focus on security and privacy in networked information systems and cyber-physical systems, including Cloud computing, Internet of Things, Blockchains, computer/mobile systems, and wireless network.
Current institution
Publications
Publications (41)
Search over encrypted data (SE) enables a client
to delegate his search task to a third-party server that hosts a
collection of encrypted documents while still guaranteeing some measure of query privacy. Software-based solutions using diverse
cryptographic primitives have been extensively explored, leading
to a rich set of secure search indexes and...
As the cost of human full genome sequencing continues to fall, we will soon witness a prodigious amount of human genomic data in the public cloud. To protect the confidentiality of the genetic information of individuals, the data has to be encrypted at rest. On the other hand, encryption severely hinders the use of this valuable information, such a...
Encrypted data search allows cloud to offer fundamental information retrieval service to its users in a privacy-preserving way. In most existing schemes, search result is returned by a semi-trusted server and usually considered authentic. However, in practice, the server may malfunction or even be malicious itself. Therefore, users need a result ve...
Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the sec...
With the increasing popularity of cloud computing, huge amount of documents are outsourced to the cloud for reduced management cost and ease of access. Although en-cryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions over encrypted data a challenging problem. In this p...
The Execute-Order-Validate blockchain enhances performance by allowing parallel transaction execution, yet it also introduces transaction conflicts that can cause state inconsistencies in the ledger. Previous research has focused on resolving conflicts under the assumption of the “good” intent of the senders. In this paper, we explore an unstudied...
Despite the promising performance of deep reinforcement learning (DRL) agents in many challenging scenarios, the black-box nature of these agents greatly limits their applications in critical domains. Prior research has proposed several explanation techniques to understand the deep learning-based policies in RL. Most existing methods explain why an...
At-home screening systems for obstructive sleep apnea (OSA) can bring convenience to remote chronic disease management. However, the unsupervised home environment is subject to spoofing and unintentional interference from the household member. To improve robustness, this work presents SIENNA, an insider-resistant breathing-based authentication/pair...
Mining processes of Bitcoin and similar cryptocurrencies are currently incentivized with voluntary transaction fees and fixed block rewards which will halve gradually to zero. In the setting where optional and arbitrary transaction fee becomes the prominent/remaining incentive, Carlsten et al. [CCS 2016] find that an undercutting attack can become...
Detecting malware by analyzing raw bytes of programs using deep neural networks, also referred to as end-to-end malware detection, is considered as a new promising approach to simplify feature selection in static analysis while still provide accurate detection. Unfortunately, recent studies show that evasion attacks can modify raw bytes of malware...
Website fingerprinting can reveal which sensitive website a user visits over encrypted network traffic. Obfuscating encrypted traffic, e.g., adding dummy packets, is considered as a primary approach to defend against website fingerprinting. However , existing defenses relying on traffic obfuscation are either ineffective or introduce significant ov...
Local differential privacy (LDP) protects individual data contributors against privacy-probing data aggregation and analytics. Recent work has shown that LDP for some specific data types is vulnerable to data poisoning attacks, which enable the attacker to alter analytical results by injecting carefully-crafted bogus data. In this work, we focus on...
The equation-solving model extraction attack is an intuitively simple but devastating attack to steal confidential information of regression models through a sufficient number of queries. Complete mitigation is difficult. Thus, the development of countermeasures is focused on degrading the attack effectiveness as much as possible without losing the...
Privacy concerns of using sensitive biometric data as credentials arise with the wide adoption of user-friendly face authentication. To protect the facial features of users, two important functions, i.e.,
revocability
and
reusability
, are anticipated to be realized in a privacy-preserving face authentication design. Revocability requires an ef...
The increasingly sophisticated at-home screening systems for obstructive sleep apnea (OSA), integrated with both contactless and contact-based sensing modalities, bring convenience and reliability to remote chronic disease management. However, the device pairing processes between system components are vulnerable to wireless exploitation from a non-...
State channel network is the most popular layer-2 solution to theissues of scalability, high transaction fees, and low transaction throughput of public Blockchain networks. However, the existing works have limitations that curb the wide adoption of the technology, such as the expensive creation and closure of channels, strict synchronization betwee...
Public intelligent services enabled by machine learning algorithms are vulnerable to model extraction attacks that can steal confidential information of the learning models through public queries. Though there are some protection options such as differential privacy (DP) and monitoring, which are considered promising techniques to mitigate this att...
Public intelligent services enabled by machine learning algorithms are vulnerable to model extraction attacks that can steal confidential information of the learning models through public queries. Though there are some protection options such as differential privacy (DP) and monitoring, which are considered promising techniques to mitigate this att...
A fixed block reward and voluntary transaction fees are two sources of economic incentives for mining in Bitcoin and other cryptocurrencies. For Bitcoin, the block reward halves every 210,000 blocks and it is supposed to vanish gradually. The remaining incentive of transaction fees is optional and arbitrary, and an undercutting attack becomes a pot...
This paper investigates the privacy leakage of smart speakers under an encrypted traffic analysis attack, referred to as voice command fingerprinting. In this attack, an adversary can eavesdrop both outgoing and incoming encrypted voice traffic of a smart speaker, and infers which voice command a user says over encrypted traffic. We first built an...
Public intelligent services enabled by machine learning algorithms are vulnerable to model extraction attacks that can steal confidential information of the learning models through public queries. Differential privacy (DP) has been considered a promising technique to mitigate this attack. However, we find that the vulnerability persists when regres...
While the security of the cloud remains a concern, a common practice is to encrypt data before outsourcing them for utilization. One key challenging issue is how to efficiently perform queries over the ciphertext. Conventional crypto-based solutions, e.g. partially/fully homomorphic encryption and searchable encryption, suffer from low performance,...
As an important application of the Internet-of-Things, many remote monitoring systems adopt a device-to-cloud network paradigm. In a remote patient monitoring (RPM) case, various resource-constrained devices are used to measure the health conditions of a target patient in a distant non-clinical environment and the collected data are sent to the clo...
Revocability and reusability are important properties in an authentication scheme in reality. The former requires that the user credential stored in the authentication server be easily replaced if it is compromised while the latter allows the credentials of the same user to appear independent in cross-domain applications. However, the invariable bi...
As an important application of the Internet-of-Things, many remote monitoring systems adopt a device-to-cloud network paradigm. In a remote patient monitoring (RPM) case, various resource-constrained devices are used to measure the health conditions of a target patient in a distant non-clinical environment and the collected data are sent to the clo...
We, in this work, investigate the problem of designing
a secure chunk-based deduplication scheme in the enterprise
backup storage setting. Most of the existing works focus on
realizing file-level encrypted data deduplication or key/metadata
management. Little attention is drawn to the practical chunklevel
deduplication system. In particular, we ide...
In this paper, we investigate the problem of integrity auditing for cloud deduplication storage. Specifically, in addition to the outsourced data confidentiality, we also aim to ensure the integrity of the deduplicated cloud storage. With the existing works based on Provable Data Possession (PDP)/Proof of Retrievability (PoR), we are either require...
Uploading data streams to a resource-rich cloud server for inner product evaluation, an essential building block in many popular stream applications (e.g., statistical monitoring), is appealing to many companies and individuals. On the other hand, verifying the result of the remote computation plays a crucial role in addressing the issue of trust....
![Fig. 1 Architecture of encrypted data search problem (From [10])](profile/Wenhai-Sun-2/publication/287122201/figure/fig1/AS:614167287431172@1523440300363/Architecture-of-encrypted-data-search-problem-From-10_Q320.jpg)
![Fig. 3 Framework of MTS (From [39])](profile/Wenhai-Sun-2/publication/287122201/figure/fig2/AS:614167287459845@1523440300410/Framework-of-MTS-From-39_Q320.jpg)
![Fig. 4 Overview of secure index scheme (From [39])](profile/Wenhai-Sun-2/publication/287122201/figure/fig3/AS:614167287435276@1523440300456/Overview-of-secure-index-scheme-From-39_Q320.jpg)
![Fig. 7 Illustration of MD-algorithm on MDB-tree (From [39])](profile/Wenhai-Sun-2/publication/287122201/figure/fig4/AS:614167287435289@1523440300721/llustration-of-MD-algorithm-on-MDB-tree-From-39_Q320.jpg)
Search over encrypted data is a technique of great interest in the cloud computing era, because many believe that sensitive data has to be encrypted before outsourcing to the cloud servers in order to ensure user data privacy. Devising an efficient and secure search scheme over encrypted data involves techniques from multiple domains - information...
Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the sec...
With the growing popularity of cloud computing, huge amount of documents are outsourced to the cloud for reduced management cost and ease of access. Although encryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions over encrypted data a challenging problem. In this paper...
