Wenjing Lou

Virginia Polytechnic Institute and State University, Блэксбург, Virginia, United States

Are you Wenjing Lou?

Claim your profile

Publications (180)152.57 Total impact

  • Yao Zheng · Bing Wang · Wenjing Lou · Y.Thomas Hou
    [Show abstract] [Hide abstract]
    ABSTRACT: We consider the privacy-preserving link prediction problem in decentralized online social networks (OSNs). We formulate the problem as a sparse logistic regression problem and solve it with a novel decentralized two-tier method using alternating direction method of multipliers (ADMM). This method enables end users to collaborate with their online service providers without jeopardizing their data privacy. The method also grants end users fine-grained privacy control to their personal data by supporting arbitrary public/private data split. Using real-world data, we show that our method enjoys various advantages including high prediction accuracy, balanced workload, and limited communication overhead. Additionally, we demonstrate that our method copes well with link reconstruction attack.
    No preview · Conference Paper · Sep 2015
  • [Show abstract] [Hide abstract]
    ABSTRACT: Interference has been the central challenge for wireless networks. In wireless networking, the prevailing paradigm to handle interference is avoidance. Over time, many interference avoidance techniques have been proposed following this paradigm. Recently, research advances at the physical layer are allowing us to explore a new direction in interference management. The new direction is to allow interference to occur and exploit the desired information from interference, rather than avoiding interference completely. This new direction allows much higher utilization of radio channel and spectrum, and opens the door for a whole new perspective on how interference should be managed in a wireless network. This article offers a timely overview of recent advances in this exciting area, with a focus on its application in wireless LAN. We envision that the deployment of these new techniques will lead to dramatic change in the wireless networking paradigm, with profound impact on the future research direction for the wireless networking community.
    No preview · Article · Sep 2015 · IEEE Network
  • [Show abstract] [Hide abstract]
    ABSTRACT: Wireless energy transfer (WET) is a new technology that can be used to charge the batteries of sensor nodes without wires. Although wireless, WET does require a charging station to be brought to within reasonable range of a sensor node so that a good energy transfer efficiency can be achieved. On the other hand, it has been well recognized that data collection with a mobile base station has significant advantages over a static one. Given that a mobile platform is required for WET, a natural approach is to employ the same mobile platform to carry the base station for data collection. In this paper, we study the interesting problem of co-locating a wireless charger (for WET) and a mobile base station on the same mobile platform—the wireless charging vehicle (WCV). The WCV travels along a pre-planned path inside the sensor network. Our goal is to minimize energy consumption of the entire system while ensuring that 1) each sensor node is charged in time so that it will never run out of energy, and 2) all data collected from the sensor nodes are relayed to the mobile base station. We develop a mathematical model for this problem (OPT-t), which is time-dependent. Instead of solving OPT-t directly, we show that it is sufficient to study a special subproblem (OPT-s) which only involves space-dependent variables. Subsequently, we develop a provably near-optimal solution to OPT-s. Our results offer a solution on how to use a single mobile platform to address both WET and data collection in sensor networks.
    No preview · Article · Aug 2015 · IEEE Journal on Selected Areas in Communications
  • [Show abstract] [Hide abstract]
    ABSTRACT: The dominate spectrum sharing paradigm of today is interference avoidance, where a secondary network can use the spectrum only when such a use is not interfering with the primary network. However, with the advances of physical-layer technologies, the mindset of this paradigm is being challenged. This paper explores a new paradigm called “transparent coexistence” for spectrum sharing between primary and secondary nodes in a multihop network environment. Under this paradigm, the secondary network is allowed to use the same spectrum simultaneously with the primary network as long as their activities are “transparent” (or “invisible”) to the primary network. Such transparency is accomplished through a systematic interference cancelation (IC) by the secondary nodes without any impact on the primary network. Although such a paradigm has been studied in the information theory (IT) and communications (COMM) communities, it is not well understood in the wireless networking community, particularly for multihop networks. This paper offers an in-depth study of this paradigm in a multihop network environment and addresses issues such as scheduling (both in frequency channels and time slots) and IC (to/from primary network and within the secondary network). Through a rigorous modeling and formulation, problem formulation, solution development, and simulation results, we show that transparent coexistence paradigm offers significant improvement in terms of spectrum access and throughput performance as compared to the current prevailing interference avoidance paradigm.
    No preview · Article · May 2015 · IEEE Journal on Selected Areas in Communications
  • [Show abstract] [Hide abstract]
    ABSTRACT: Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate check besides the data itself. We also present several new deduplication constructions supporting authorized duplicate check in a hybrid cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations.
    No preview · Article · May 2015 · IEEE Transactions on Parallel and Distributed Systems
  • Liang Liu · Xiaofeng Chen · Wenjing Lou
    [Show abstract] [Hide abstract]
    ABSTRACT: In this work, we have put forth two different protocols to address a concrete secure multi-party computational (MPC) problem related to a triangle, of which the coordinates of the three vertices are confidentially kept by the three participants, respectively. The three parties wish to collaboratively compute the area of this triangle while preserving their own coordinate privacy. As one of the merits, our protocols employ weaker assumptions of the existence of pseudorandom generators. In particular, unlike massive secure MPC protocols that rely a lot on oblivious transfer, ours utilize a new computing idea called “pseudorandom-then-rounding” method to avoid this burdensome obstacle. The two protocols are based on different theorems, while they both make use of the same underlying idea. At last, we provide a detailed proof for the first protocol by a series of security reductions of our newly defined games, which seems somewhat stronger than the previous simulation-based proofs and a proof sketch for the second one. Analysis and discussion about the reasons are provided as well to round off our work.
    No preview · Article · Apr 2015 · International Journal of Information Security
  • N. Zhang · K. Sun · W. Lou · Y.T. Hou · S. Jajodia
    [Show abstract] [Hide abstract]
    ABSTRACT: With the growing complexity of computing systems, memory based forensic techniques are becoming instrumental in digital investigations. Digital forensic examiners can unravel what happened on a system by acquiring and inspecting in-memory data. Meanwhile, attackers have developed numerous anti-forensic mechanisms to defeat existing memory forensic techniques by manipulation of system software such as OS kernel. To counter anti-forensic techniques, some recent researches suggest that memory acquisition process can be trusted if the acquisition module has not been tampered with and all the operations are performed without relying on any untrusted software including the operating system. However, in this paper, we show that it is possible for malware to bypass the current state-of-art trusted memory acquisition module by manipulating the physical address space layout, which is shared between physical memory and I/O devices on x86 platforms. This fundamental design on x86 platform enables an attacker to build an OS agnostic anti-forensic system. Base on this finding, we propose Hidden in I/O Space (HIveS) which manipulates CPU registers to alter such physical address layout. The system uses a novel I/O Shadowing technique to lock a memory region named HIveS memory into I/O address space, so all operation requests to the HIveS memory will be redirected to the I/O bus instead of the memory controller. To access the HIveS memory, the attacker unlocks the memory by mapping it back into the memory address space. Two novel techniques, Blackbox Write and TLB Camouflage, are developed to further protect the unlocked HIveS memory against memory forensics while allowing attackers to access it. A HIveS prototype for both Windows and Linux running on x86 platform. Lastly, we propose potential countermeasures to detect and mitigate HIveS.
    No preview · Article · Apr 2015
  • Source
    Bing Wang · Yao Zheng · Wenjing Lou · Y. Thomas Hou
    [Show abstract] [Hide abstract]
    ABSTRACT: Cloud computing has become the real trend of enterprise IT service model that offers cost-effective and scalable processing. Meanwhile, Software-Defined Networking (SDN) is gaining popularity in enterprise networks for flexibility in network management service and reduced operational cost. There seems a trend for the two technologies to go hand-in-hand in providing an enterprise’s IT services. However, the new challenges brought by the marriage of cloud computing and SDN, particularly the implications on enterprise network security, have not been well understood. This paper sets to address this important problem.
    Full-text · Article · Mar 2015 · Computer Networks
  • Li Yang · Jianfeng Ma · Wenjing Lou · Qi Jiang
    [Show abstract] [Hide abstract]
    ABSTRACT: Direct Anonymous Attestation (DAA) is a complex cryptographic protocol for remote attestation and provides both signer authentication and privacy. It was adopted by the Trusted Computing Group (TCG) as a technical standard. However, the DAA scheme in TCG specifications is designed for the single trusted domain attestation, and cannot be deployed in different trusted domain directly. It limits its application range in mobile networks, cloud computing, Internet of Things networks when users and authentication servers belong to different domains. Based on delegation of the trusted relationship, a new cross trusted domain direct anonymous attestation scheme is proposed in this paper. The proxy signature is used for trusted relationship delegation among different domains, and the DAA method is used for the computation platform authentication when a trusted platform accessing different trusted domains. Then the authentication protocol is designed and analyzed under Canetti–Krawczyk (CK) model for the platform remote attestation. The further analysis shows that our proposal can resist platform masquerade attacks and replay attacks, and the authentication protocol is provably secure. The security of the DAA remote attestation system is enhanced by the session key agreement. Finally, a prototype implementation and some experiments are given, the results show that the proposed scheme is effective and suitable for cross domain applications.
    No preview · Article · Feb 2015 · Computer Networks
  • Jin Li · Jingwei Li · Xiaofeng Chen · Chunfu Jia · Wenjing Lou
    [Show abstract] [Hide abstract]
    ABSTRACT: Identity-Based Encryption (IBE) which simplifies the public key and certificate management at Public Key Infrastructure (PKI) is an important alternative to public key encryption. However, one of the main efficiency drawbacks of IBE is the overhead computation at Private Key Generator (PKG) during user revocation. Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate. In this paper, aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting. Our scheme offloads most of the key generation related operations during key-issuing and key-update processes to a Key Update Cloud Service Provider, leaving only a constant number of simple operations for PKG and users to perform locally. This goal is achieved by utilizing a novel collusion-resistant technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound the identity component and the time component. Furthermore, we propose another construction which is provable secure under the recently formulized Refereed Delegation of Computation model. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.
    No preview · Article · Feb 2015 · IEEE Transactions on Computers
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this letter, we describe highly effective known-plaintext attacks against physical layer security schemes. We substantially reduce the amount of required known-plaintext symbols and lower the symbol error rate (SER) for the attacker. In particular, we analyze the security of orthogonal blinding schemes that disturb an eavesdropper's signal reception using artificial noise transmission. We improve the attack efficacy using fast converging optimization algorithms and combining the measurements of neighboring subchannels in a multicarrier system. We implement the enhanced attack algorithms by solving unregularized and regularized least squares problems. By means of simulation, we show that the performance of the new attack algorithms supersedes the normalized least mean square approach discussed in the work of Schulz et al., e.g., by lowering the eavesdropper's SER by 82% while using 95% less known plaintext.
    No preview · Article · Feb 2015 · IEEE Wireless Communication Letters
  • [Show abstract] [Hide abstract]
    ABSTRACT: Transparent coexistence, also known as underlay, offers much more efficient spectrum sharing than traditional interweave coexistence paradigm. In a previous work, the transparent coexistence for a multi-hop secondary networks is studied. In this paper, we design a distributed solution to achieve this paradigm. In our design, we show how to increase the number of data streams iteratively while meeting constraints in the MIMO interference cancelation (IC) model and achieving transparent coexistence. All steps in our distributed algorithm can be accomplished based on local information exchange among the neighboring nodes. Our simulation results show that the performance of our distributed algorithm is highly competitive when compared to an upper bound solution for the centralized problem.
    No preview · Article · Jan 2015

  • No preview · Article · Jan 2015 · IEEE Transactions on Mobile Computing
  • [Show abstract] [Hide abstract]
    ABSTRACT: Interference alignment (IA) is a powerful technique to handle interference in wireless networks. Since its inception, IA has become a central research theme in the wireless communications community. Due to its intrinsic nature of being a physical layer technique, IA has been mainly studied for point-to-point or single-hop scenario. There is a lack of research of IA from a networking perspective in the context of multi-hop wireless networks. The goal of this paper is to make such an advance by bringing IA technique to multi-hop MIMO networks. We develop an IA model consisting of a set of constraints at a transmitter and a receiver that can be used to determine IA for a subset of interfering streams. We further prove the feasibility of this IA model by showing that a DoF vector can be supported free of interference at the physical layer as long as it satisfies the constraints in our IA model. Based on the proposed IA model, we develop an IA design space for a multi-hop MIMO network. To study how IA performs in a multi-hop MIMO network, we compare the performance of a network throughput optimization problem based on our developed IA design space against the same problem when IA is not employed. Simulation results show that the use of IA can significantly decrease the DoF consumption for IC, thereby improving network throughput.
    No preview · Article · Jan 2015 · IEEE Transactions on Mobile Computing
  • [Show abstract] [Hide abstract]
    ABSTRACT: With the rapid development in availability of cloud services, the techniques for securely outsourcing the prohibitively expensive computations to untrusted servers are getting more and more attentions in the scientific community. In this paper, we investigate secure outsourcing for large-scale systems of linear equations, which are the most popular problems in various engineering disciplines. For the first time, we utilize the sparse matrix to propose a new secure outsourcing algorithm of large-scale linear equations in the fully malicious model. Compared with the state-of-the-art algorithm, the proposed algorithm only requires (optimal) one round communication (while the algorithm requires $L$ rounds of interactions between the client and cloud server, where $L$ denotes the number of iteration in iterative methods). Furthermore, the client in our algorithm can detect the misbehavior of cloud server with the (optimal) probability 1. Therefore, our proposed algorithm is superior in both efficiency and checkability. We also provide the experimental evaluation that demonstrates the efficiency and effectiveness of our algorithm.
    No preview · Article · Jan 2015 · IEEE Transactions on Information Forensics and Security
  • Xiaoqi Qin · Xu Yuan · Yi Shi · Y. Hou · Wenjing Lou · Scott Midkiff

    No preview · Article · Jan 2015 · IEEE Transactions on Wireless Communications
  • Xiaofeng Chen · Jin Li · Jian Weng · Jianfeng Ma · Wenjing Lou

    No preview · Article · Jan 2015 · IEEE Transactions on Computers
  • Yao Zheng · Ming Li · Wenjing Lou · Thomas Hou

    No preview · Article · Jan 2015 · IEEE Transactions on Dependable and Secure Computing
  • N. Zhang · W. Lou · X. Jiang · Y.T. Hou
    [Show abstract] [Hide abstract]
    ABSTRACT: The security and privacy of user data has become a major concern in the cloud computing era. Cryptographic solutions based on secure computation outsourcing have been extensively studied in order to protect the security and privacy of user data. However, these solutions either suffer from forbiddingly high computation overhead or are only applicable to certain special classes of computations. In this paper, we tackle the challenge of secure computation outsourcing using an entirely different approach-the idea is to have a secure execution environment in the cloud such that user data can be processed in plain text format without compromising its confidentiality. We propose a TrUsted Data-intensive ExeCution (TUDEC) environment optimized for data applications in the cloud. TUDEC is a new system architecture, designed to provide a secure environment for arbitrary data computations in the cloud server. Using a very small trusted computing base including only firmware and hardware, TUDEC is able to provide user VM with isolation against both the legacy host and neighboring VMs. Such isolation is unique in that it provides protection against any software-based attacks. By direct interrupt delivery, interrupt rerouting and IOMMU configuration lock, TUDEC enables close to bare metal computation and I/O performance without sacrificing any security guaranteed. We built a prototype and showed the high efficiency of TUDEC. In particular, when the server is heavily loaded, the TCP bandwidth of the guest VM in TUDEC is significantly better than the current state of art secure execution environment design.
    No preview · Article · Dec 2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Recent advances in information theory (IT) have shown great promises of interference alignment (IA) for cellular networks. However, due to a number of assumptions, these IT results cannot be directly applied to address practical problems. The goal of this paper is to fill in this gap by studying IA for cellular networks with more practical settings. We propose an IA scheme that includes constraints at each user and each base station (BS) for the uplink communication of a cellular network. We prove the feasibility of the IA scheme by constructing the encoding and decoding vectors for each data stream so that it can be transported free of interference. Based on this IA scheme, we study an uplink user throughput maximization problem and show the throughput improvement of the IA scheme over two other schemes.
    No preview · Article · Dec 2014

Publication Stats

6k Citations
152.57 Total Impact Points

Institutions

  • 2009-2015
    • Virginia Polytechnic Institute and State University
      • Department of Computer Science
      Блэксбург, Virginia, United States
  • 2004-2012
    • Worcester Polytechnic Institute
      • Department of Electrical and Computer Engineering
      Worcester, Massachusetts, United States
  • 2008
    • Illinois Institute of Technology
      • Department of Electrical & Computer Engineering
      Chicago, IL, United States
  • 2001-2005
    • University of Florida
      • Department of Electrical and Computer Engineering
      Gainesville, FL, United States