Dijiang Huang

Arizona State University, Tempe, Arizona, United States

Are you Dijiang Huang?

Claim your profile

Publications (119)43.14 Total impact

  • Yin Zhang · Min Chen · Dijiang Huang · Di Wu · Yong Li
    [Show abstract] [Hide abstract]
    ABSTRACT: Nowadays, crowd-sourced review websites provide decision support for various aspects of daily life, including shopping, local services, healthcare, etc. However, one of the most important challenges for existing healthcare review websites is the lack of personalized and professionalized guidelines for users to choose medical services. In this paper, we develop a novel healthcare recommendation system called iDoctor, which is based on hybrid matrix factorization methods. iDoctor differs from previous work in the following aspects: 1) emotional offset of user reviews can be unveiled by sentiment analysis and be utilized to revise original user ratings; 2) user preference and doctor feature are extracted by Latent Dirichlet Allocation and incorporated into conventional matrix factorization. We compare iDoctor with previous healthcare recommendation methods using real datasets. The experimental results show that iDoctor provides a higher predication rating and increases the accuracy of healthcare recommendation significantly.
    No preview · Article · Jan 2016 · Future Generation Computer Systems
  • Zhijie Wang · Dijiang Huang · Yan Zhu · Bing Li · Chun-Jen Chung
    [Show abstract] [Hide abstract]
    ABSTRACT: With the proliferation of mobile devices in recent years, there is a growing concern regarding secure data storage, secure computation, and fine-grained access control in data sharing for these resource-constrained devices in a cloud computing environment. In this work, we propose a new efficient framework named Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) with the support of negative attributes and wildcards. It embeds the comparable attribute ranges of all the attributes into the user's key, and incorporates the attribute constraints of all the attributes into one piece of ciphertext during the encryption process to enforce flexible access control policies with various range relationships. Accordingly, CCP-CABE achieves the efficiency because it generates constant-size keys and ciphertext regardless of the number of involved attributes, and it also keeps the computation cost constant on lightweight mobile devices. We further discuss how to extend CCP-CABE to fit a scenario with multiple attribute domains, such that the decryption proceeds from the least privileged attribute domain to the most privileged one to help protect the privacy of the access policy. We provide security analysis and performance evaluation to demonstrate their efficiency at the end.
    No preview · Article · Dec 2015 · IEEE Transactions on Computers
  • Yan Zhu · Dijiang Huang · C.-J. Hu · Xin Wang
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper addresses how to construct an RBAC-compatible secure cloud storage service with a user-friendly and easy-to-manage attribute-based access control (ABAC) mechanism. Similar to role hierarchies in RBAC, attribute hierarchies (considered as partial ordering relations) are introduced into attribute-based encryption (ABE) in order to define a seniority relation among all values of an attribute, whereby a user holding senior attribute values acquires permissions of his/her juniors. Based on these notations, we present a new ABE scheme called attribute-based encryption with attribute hierarchies (ABE-AH) to provide an efficient approach to implement comparison operations between attribute values on a poset derived from an attribute lattice. By using bilinear groups of a composite order, we present a practical construction of ABE-AH based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation approach that can significantly reduce the size of private-keys and ciphertexts. To demonstrate how to use the presented solution, we illustrate how to provide richer expressive access policies to facilitate flexible access control for data access services in clouds.
    No preview · Article · Jul 2015 · IEEE Transactions on Services Computing
  • Source
    Huijun Wu · Dijiang Huang · Yan Zhu
    [Show abstract] [Hide abstract]
    ABSTRACT: A distributed mobile cloud service model called “POEM” is presented to manage the mobile cloud resource and compose mobile cloud applications. POEM provides the following salient features: (a) it considers resource management not only between mobile devices and clouds, but also among mobile devices; (b) it utilizes the entire mobile cloud system as the mobile application running platform, and as a result, the mobile cloud application development is significantly simplified and enriched; and (c) it addresses the interoperability issues among mobile devices and cloud resource providers to allow mobile cloud applications running cross various cloud virtual machines and mobile devices. The proposed POEM solution is demonstrated by using OSGi and XMPP techniques. Our performance evaluations demonstrate that POEM provides a true elastic application running environment for mobile cloud computing.
    Full-text · Article · May 2015 · Mobile Networks and Applications
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The ubiquitous sensing-capable mobile devices have been fuelling the new paradigm of Mobile Crowd Sensing (MCS) to collect data about their surrounding environment. To ensure the timeliness and quality of the data samples in MCS, it is critical to select qualified participants to maintain sensing coverage ratios over important spatial areas (i.e., hotspots) during time periods of interest and meet various Quality of Service (QoS) requirements of sensing applications. In this paper, we examine the problems of sensing task assignment to minimize the overall cost and maximize the total utility in MCS while adhering to the QoS constraints and prove that they are NP-hard problems. Consequently, we present heuristic greedy approaches as the baseline solutions and further propose new hybrid approaches with the greedy algorithm and bees algorithm combined to address them. We demonstrate that the hybrid approaches significantly outperform the greedy approaches through extensive simulation and the analysis is given in the end.
    Full-text · Article · Feb 2015
  • Source
    Zhijie Wang · Dijiang Huang · Huijun Wu · Bing Li · Yuli Deng
    [Show abstract] [Hide abstract]
    ABSTRACT: The mobile marketing is growing exponentially worldwide due to the emerging high speed wireless Internet and the proliferation of smartphones with powerful processors. Consequently, the management of the massive volume of mobile identities has sparked a lot of interest in both industry and academia, as they turn out to be a heavy burden for many mobile application startups. The conventional federated identity management technologies have been developed to delegate the users' identity tasks across different security domains to reduce the burden over the identity service consumers (i.e., Relying Party). However, they also raises serious security and privacy issues, such as the vulnerability to Single Point of Failure (SPOF) and the privacy leakage with respect to users' historical access information. To address these issues, we architect a novel Distributed Privacy-preserving Mobile Access Control (DP-MAC) framework. This framework also leverages a dual-root trust model to prevent identity theft in case of mobile device loss. In the end, we give performance evaluation and prove its applicability by implementing our system in the Cloud Computing platform and android smartphones based on jPBC in real-world settings.
    Full-text · Article · Feb 2015
  • Source
    Huijun Wu · Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: Offloading decisions for computation-intensive applications in mobile cloud computing may involve many decision factors. Important decision factors such as offloading node reliability and privacy protection have not been well studied. Moreover, existing offloading models mainly focus on the one-to-one offloading relation. To address the multi-factor and multi-site offloading mobile cloud application scenarios, we present a multifactor multi-site risk-based offloading model that abstracts the offloading impact factors as for offloading benefit and offloading risk. The offloading decision is made based on a comprehensive offloading risk evaluation. This presented model is generic and extendible. Four offloading impact factors are presented to show the construction and operation of the presented offloading model, which can be easily extended to incorporate more factors to make offloading decision more comprehensive. The overall offloading benefits and risks are aggregated based on the mobile cloud users' preference. The performance evaluation presents the practicality of the presented solution.
    Full-text · Article · Jan 2015
  • Tianyi Xing · Zhengyang Xiong · Dijiang Huang · Deep Medhi

    No preview · Conference Paper · Nov 2014
  • Bing Li · Dijiang Huang · Zhijie Wang
    [Show abstract] [Hide abstract]
    ABSTRACT: Anonymous communication is important and desirable in a wide range of networking systems to guarantee secure and private communications. This feature is especially important in mobile ad hoc networks (MANETs) where the communication channel is publicly open and the sessions are vulnerable to passive attacks. The fact that MANETs are mostly used in crucial environments such as military usage and disaster rescue emphasizes this importance. In our previous work [1], [2], a theoretic approach and its evaluation methods were developed to model the anonymity performance. The corresponding methods for handling localization errors and scalability issues were also proposed. However, an effective approach to handle the fuzzy information acquired from the network needs to be further developed. To this end, we develop a comprehensive evidence based method to handle the information that a monitoring system can acquire in realistic model and the corresponding analysis approach to process the various evidences from multiple sources. The purpose of this work is to evaluate how much information regarding the anonymous communication is leaked into the wireless channel. The evaluation of the proposed method shows a satisfactory performance in terms of accuracy in reconstructing the anonymous communication patterns in real-world scenarios.
    No preview · Conference Paper · Oct 2014
  • Article: V-Lab
    Le Xu · Dijiang Huang · Wei-Tek Tsai · Robert K. Atkinson

    No preview · Article · Sep 2014 · International Journal of Cyber Behavior
  • Le Xu · Dijiang Huang · W.-T. Tsai
    [Show abstract] [Hide abstract]
    ABSTRACT: Hands-on experiments are essential for computer network security education. Existing laboratory solutions usually require significant effort to build, configure, and maintain and often do not support reconfigurability, flexibility, and scalability. This paper presents a cloud-based virtual laboratory education platform called V-Lab that provides a contained experimental environment for hands-on experiments using virtualization technologies (such as Xen or KVM Cloud Platform) and OpenFlow switches. The system can be securely accessed through OpenVPN, and students can remotely control the virtual machines (VMs) and perform the experimental tasks. The V-Lab platform also offers an interactive Web GUI for resource management and a social site for knowledge sharing and contribution. By using a flexible and configurable design, V-Lab integrates pedagogical models into curriculum design and provides a progressive learning path with a series of experiments for network security education. Since summer 2011, V-Lab has served more than 1000 students from six courses across over 20 experiments. The evaluation demonstrates that the platform and curriculum have produced excellent results and helped students understand and build up computer security knowledge to solve real-world problems.
    No preview · Article · Aug 2014 · IEEE Transactions on Education
  • Yuki Kawai · Yasuhiro Sato · Shingo Ata · Dijiang Huang · Deep Medhi · Ikuo Oka
    [Show abstract] [Hide abstract]
    ABSTRACT: Software-Defined Networking (SDN) is a new approach to manage the whole network flexibly by decoupling the control plane and the forwarding plane. While forwarding elements can be managed by a unified control, complexity arisen from the network size and scalability regarding the increase of the control traffic are notable problems. To deal with events of network reconfiguration that occur asynchronously and change frequently with intervals shorter than hours, a controller has to continue to asynchronously update the configuration of the whole network. However, it is hard to maintain the consistency of the configuration of the whole network because it needs to manage a huge amount of network information and to deal with user requests that occur asynchronously. In this paper, we propose a database oriented management for asynchronous reconfiguration to achieve the consistency of configuration in SDN. We design a structure of the database to store network information and two functional components. Finally, we adopt our management system to an OpenFlow-based network, and validate that our system can manage and control an OpenFlow network via the database.
    No preview · Conference Paper · May 2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: A flexible, scalable, and robust framework that enables fine-grained flow control under fixed or dynamic policies while addressing trustworthiness as a built-in network level functionality is a desirable goal of the future Internet. Furthermore, the level of trustworthiness may possibly be different from one network to another. It is also desirable to provide user-centric or service-centric routing capabilities to achieve service-oriented traffic controls as well as trust and policy management for security. Addressing these aspects, we present the SeRViTR (Secure and Resilient Virtual Trust Routing) framework. In particular, we discuss the goal and scope of SeRViTR, its implementation details, and a testbed that enables us to demonstrate SeRViTR. We have designed protocols and mechanisms for policy and trust management for SeRViTR and show a validation on the functional implementation of several SeRViTR components to illustrate virtual domains and trust level changes between virtual domains that are achieved under SeRViTR protocols. Going from implementation to testbed, we demonstrate SeRViTR in a virtual network provisioning infrastructure called the Geo-distributed Programmable Layer-2 Networking Environment(G-PLaNE) that connects three institutions spanning the US and Japan.
    No preview · Article · Apr 2014 · Computer Networks
  • Bing Li · Zhijie Wang · Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: In many secure application scenarios, establishing a temporary group without revealing group member information is difficult but desirable. Secure group communication can significantly reduce the computation and communication overhead. Traditional group key management schemes are based on a hierarchical tree. Any network entity who wants to set up a group needs to know the keys of the other group members, i.e., the group key establishment must be done before starting the group communication. As a result, the group needs the group formation beforehand. In this paper, we propose a secure grouping scheme providing anonymity for group members to outsiders. Our approach is based on Attribute Based Encryption (ABE) schemes. In our scheme, each network entity is assigned with a set of attributes. Each group is identified by a logical combination of attributes, i.e., the group access policies. The presented solution has an advantage that there is no need for any prior knowledge of other group members. Instead, the sender just needs to focus on the group access policies. Our scheme further preserves the group formation policies by using a gradual exposure method on attributes. Compared to existing hidden-policy schemes, our solution can greatly reduce the computation and communication overhead.
    No preview · Conference Paper · Dec 2013
  • Bing Li · Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: In mobile ad hoc networks (MANETs), how to measure communication anonymity is a crucial issue. In our previous work [1], a theoretic approach based on evidence theory was proposed with detailed analysis. However, localization errors and scalability issues were not considered in the system assumption. In this paper, we further develop our work to incorporate localization errors in anonymity analysis. We propose the concept of super-nodes to model group based mobility. Time domain is sliced into intervals. In each interval, our proposed approach categorizes mobile nodes into clusters based on a novel metric that integrates geographical distances, historical distance records, and communication hops. We then provide the algorithm to generate super-nodes based on cluster formations from each interval. Evaluation results exhibit a satisfactory accuracy to recover group formation using super-nodes.
    No preview · Conference Paper · Nov 2013
  • Source
    Huijun Wu · Dijiang Huang · Samia Bouzefrane
    [Show abstract] [Hide abstract]
    ABSTRACT: Offloading is one major type of collaborations between mobile devices and clouds to achieve less execution time and less energy consumption. Offloading decisions for mobile cloud collaboration involve many decision factors. One of important decision factors is the network unavailability that has not been well studied. This paper presents an offloading decision model that takes network unavailability into consideration. Network with some unavailability can be modeled as an alternating renewal process. Then, application execution time and energy consumption in both ideal network and network with some unavailability are analyzed. Based on the presented theoretical model, an application partition algorithm and a decision module are presented to produce an offloading decision that is resistant to network unavailability. Simulation results demonstrate good performance of proposed scheme, where the proposed partition algorithm is analyzed in different application and cloud scenarios.
    Full-text · Conference Paper · Oct 2013
  • Source
    Dijiang Huang · Tianyi Xing · Huijun Wu
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile devices are rapidly becoming the major service participants nowadays. However, traditional client-server based mobile service models are not able to meet the increasing demands from mobile users in terms of services diversity, user experience, security and privacy, and so on. Cloud computing enables mobile devices to offload complex operations of mobile applications, which are infeasible on mobile devices alone. In this article, we provide a comprehensive study to lay out existing mobile cloud computing service models and key achievements, and present a new user-centric mobile cloud computing service model to advance existing mobile cloud computing research.
    Full-text · Article · Sep 2013 · IEEE Network
  • Yan Zhu · Di Ma · Dijiang Huang · Changjun Hu
    [Show abstract] [Hide abstract]
    ABSTRACT: The increasing spread of location-based services (LBSs) has led to a renewed research interest in the security of services. To ensure the credibility and availability of LBSs, there is a pressing requirement for addressing access control, authentication and privacy issues of LBSs in a synergistic way. In this paper, we propose an innovative location-based fine-grained access control mechanism for LBSs, enabling effective fine-grained access control, location-based authentication and privacy protection. Our proposed approach is based on the construction of a spatio-temporal predicate-based encryption by means of efficient secure integer comparison. Our experimental results not only validate the effectiveness of our scheme, but also demonstrate that the proposed integer comparison scheme performs better than previous bitwise comparison scheme.
    No preview · Conference Paper · Aug 2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.
    Full-text · Article · Jul 2013 · IEEE Transactions on Dependable and Secure Computing
  • Yan Zhu · Di Ma · Chang-Jun Hu · Dijiang Huang
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper addresses how to construct a RBAC-compatible attribute-based encryption (ABE) for secure cloud storage, which provides a user-friendly and easy-to-manage security mechanism without user intervention. Similar to role hierarchy in RBAC, attribute lattice introduced into ABE is used to define a seniority relation among all values of an attribute, whereby a user holding the senior attribute values acquires permissions of their juniors. Based on these notations, we present a new ABE scheme called Attribute-Based Encryption with Attribute Lattice (ABE-AL) that provides an efficient approach to implement comparison operations between attribute values on a poset derived from attribute lattice. By using bilinear groups of composite order, we propose a practical construction of ABE-AL based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation solution, which can significantly reduce the size of privatekeys and ciphertexts. Furthermore, our solution provides a richer expressive power of access policies to facilitate flexible access control for ABE scheme.
    No preview · Conference Paper · May 2013

Publication Stats

1k Citations
43.14 Total Impact Points


  • 2006-2015
    • Arizona State University
      • School of Computing, Informatics, and Decision Systems Engineering
      Tempe, Arizona, United States
  • 2003-2014
    • University of Missouri - Kansas City
      • Department of Computer Science and Electrical Engineering
      Kansas City, Missouri, United States