Browsing by Author "Li, He"

Now showing 1 - 3 of 3
  • Thumbnail Image
    Cumulative Message Authentication Codes for Resource-Constrained IoT Networks
    Li, He; Kumar, Vireshwar; Park, Jung-Min (Jerry); Yang, Yaling (IEEE, 2021-08-01)
    In resource-constrained Internet-of-Things networks, the use of conventional message authentication codes (MACs) to provide message authentication and integrity is not possible due to the large size of the MAC output. A straightforward yet naive solution to this problem is to employ a truncated MAC which undesirably sacrifices cryptographic strength in exchange for reduced communication overhead. In this article, we address this problem by proposing a novel approach for message authentication called cumulative MAC (CuMAC), which consists of two distinctive procedures: 1) aggregation and 2) accumulation. In aggregation, a sender generates compact authentication tags from segments of multiple MACs by using a systematic encoding procedure. In accumulation, a receiver accumulates the cryptographic strength of the underlying MAC by collecting and verifying the authentication tags. Embodied with these two procedures, CuMAC enables the receiver to achieve an advantageous tradeoff between the cryptographic strength and the latency in the processing of the authentication tags. Furthermore, for some latency-sensitive messages where this tradeoff may be unacceptable, we propose a variant of CuMAC that we refer to as CuMAC with speculation (CuMAC/S). In addition to the aggregation and accumulation procedures, CuMAC/S enables the sender and receiver to employ a speculation procedure for predicting future message values and precomputing the corresponding MAC segments. For the messages which can be reliably speculated, CuMAC/S significantly reduces the MAC verification latency without compromising the cryptographic strength. We have carried out a comprehensive evaluation of CuMAC and CuMAC/S through simulation and a prototype implementation on a real car.
  • Thumbnail Image
    Privacy and Authentication in Emerging Network Applications
    Li, He (Virginia Tech, 2021-01-07)
    In this dissertation, we studied and addressed the privacy-preserving and authentication techniques for some network applications, where existing internet security solutions cannot address them straightforwardly due to different trust and attack models and possibly constrained resources. For example, in a centralized dynamic spectrum access (DSA) system, the spectrum resource licensees called incumbent users (IUs), have strong operational privacy requirements for the DSA service provider called spectrum access system (SAS), and hence SAS is required to perform spectrum computation without knowing IUs' operational information. This means SAS can at most be considered as a semi-trusted party which is honest but curious, and common anonymization and end-to-end encryption cannot address this issue, and dedicated solutions are required. Another example is that in an intra-vehicle Controller Area Network (CAN), the transmitter can only embed 64 bits of message and its authentication tag into on message frame, which makes it difficult to achieve message authentication in real-time with sufficient cryptographic strength. The focus of this dissertation is to fill the gap of existing solutions with stronger security notion and practicability. On the topic of privacy-preserving DSA systems, we firstly explored existing solutions and proposed a comparative study. We additionally proposed a new metric for evaluation and showed the advantages and disadvantages of existing solutions. We secondly studied the IU location privacy in 3.5GHz band ESC-based DSA system and proposed a novel scheme called PriDSA. PriDSA addresses malicious colluding SAS attack model through leveraging different and relatively lightweight cryptography primitive with novel design, granting stronger security notion and improved efficiency as well. We thirdly studied the operational privacy of both IU and secondary users (SUs) in a general centralized SAS based DSA system and proposed a novel framework called PeDSS. Through our novel design that integrates differential privacy with secure multi-party computation protocol, PeDSS exhibits great communication and computation overhead compared to existing solutions. On the topic of lightweight message authentication in resource-constrained networks, we firstly explored message authentication schemes with high cryptographic strength and low communication-overhead and proposed a novel scheme called CuMAC. CuMAC provides a flexible trade-off between authentication delay and cryptographic strength, through the embodiment of a novel concept that we refer to as accumulation of cryptographic strength. We secondly explored the possibility of achieving both high cryptographic strength and low authentication delay and proposed a variant of CuMAC called CuMAC/S. By employing the novel idea of message speculation, CuMAC/S achieves enables the accumulation of cryptographic strength while incurring minimal delay when the message speculation accuracy is high.
  • Thumbnail Image
    Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation
    Rahaman, Sazzadur; Cheng, Long; Yao, Danfeng (Daphne); Li, He; Park, Jung-Min (Jerry) (De Gruyter Open, 2017)
    Group signature schemes enable anonymous-yetaccountable communications. Such a capability is extremely useful for applications, such as smartphone-based crowdsensing and citizen science. However, the performance of modern group signature schemes is still inadequate to manage large dynamic groups. In this paper, we design the first provably secure verifier-local revocation (VLR) - based group signature scheme that supports sublinear revocation, named Sublinear Revocation with Backward unlinkability and Exculpability (SRBE). To achieve this performance gain, SRBE introduces time bound pseudonyms for the signer. By introducing lowcost short-lived pseudonyms with sublinear revocation checking, SRBE drastically improves the efficiency of the groupsignature primitive. The backward-unlinkable anonymity of SRBE guarantees that even after the revocation of a signer, her previously generated signatures remain unlinkable across epochs. This behavior favors the dynamic nature of real-world crowdsensing settings. We prove its security and discuss parameters that influence its scalability. Using SRBE, we also implement a prototype named GROUPSENSE for anonymousyet- accountable crowdsensing, where our experimental findings confirm GROUPSENSE’s scalability. We point out the open problems remaining in this space.