Security and Privacy: Related Funding, Research Overview, Selected Papers, Keynote on Privacy

    Related Funding:

  1. CMMI 1436786: Collaboratve Research: Coordinated Real-Time Trafc Management based on Dynamic Informaton Propagation and Aggregaton under Connected Vehicle Systems, a three-year grant from the National Science Foundation. Lili Du, and Xiang-Yang Li, $240,000. As part of this project we study how information can be collected and will be propagated in a large scale vehicular networks. We also investigate how user privacy is protected when participated in this process.
  2. HK RGC: A Microeconomic Approach for Digital Rights Management in P2P Networks, XiaoWen Chu, and Xiang-Yang Li. RGC HKBU 210406, from 01-09-2006 to 28-02-2009, HK$356,000.

    Course Created and Taught at IIT:

  1. CS549: Cryptography and Network Security

    Research Overview:

    Increasing attentions are paid to security and privacy implications in almost every field relating the human-generated data with the advent of state of the art data analysis such as data mining or machine learning techniques. Due to different forms of the outsourcing, various user-generated digital data has formed the current big data ecosystem as well as the cloud computing environment, and the current systems involve multitudes of sensitive information from which rich personal secrets can be inferred. To utilize the current networking system with its own benefits and address the underlying security and privacy implications, Li’s research group has focused on the following different security or privacy related areas:
    Privacy-preserving computation Data or computation outsourcing is becoming popular due to multitudes of advantages of the cloud computing based networking model, such as the on-demand charging and flexible resource allocation, which all contribute to lower cost per unit of computing or storage. Although much more powerful computation and storage ability can be achieved at a lower cost if cloud-based services are used, the majority of the industry is reluctant to do so because the computation and data outsourced to the cloud servers may contain different forms of confidential information. In order to enable a safer outsourcing, a huge body of research is presented, such as secure multi-party computation, homomorphic encryption, access control schemes, cipher encryption, functional encryption, and so on. However, most of them become impractical in the big data context where the intensive cryptographic operations are not acceptable. Li’s research group has researched on various formats of privacy-preserving computation involving multiple parties, where each party wants to receive certain information based on others’ confidential data. The research group’s goal is to design efficient yet secure solutions to the privacy-preserving computation problems in the big data contexts for the upcoming future. The impact of this research is prominent in that a practical privacy-preserving computation will allow people to more readily participate in the data/computation outsourcing, which will become even more popular in the future big data era, and they will enjoy the advantages of the outsourcing-based services more safely.
    Verifiable computation Credibility of the services is often related to the aforementioned outsourcing because the outsourced data/computation is handled by third parties who are usually outside the trusted area. On one hand, malicious service participants may provide fake information to gain illegal benefits (e.g., reporting fake bids in the auction). On the other hand, the service provider may try to deviate from the contract to gain monetary benefits (e.g., deleting scarcely accessed files). In any case, whether the services can be trusted by end users greatly impacts the user participation and consequently the growth of the business. To increase the credibility, Li’s research group studies the verifiable computation, data integrity, access control, trusted computing and so on, and their research targets at providing a framework which can ensure the credibility of the services on top of the confidentiality of the user data. This research benefits the end users by ensuring them the service will be delivered exactly according to the service specification, and this will ultimately benefit the service providers by the users’ readily participation.
    Protection of Location, Image, and Video Privacy Taking and sharing photos have become easier with the proliferation of devices with cameras, high-bandwidth mobile networks, and photo-service providers (PSP), such as social networking sites, photo-sharing applications and portals. The latest reports show that approximately 1:4 million photos are uploaded to Flickr every day, and the number reaches an astonishing 40 million for Instagram. The trend is accelerating with emerging wearable devices such as Google Glass and Memoto, and Kinect in the home. In the case of Google Glass, pictures are shared in real time on Google+ and, depending on user settings, automatically spread through the user’s social network, without human in the loop. The ease of taking and sharing photos, along with new features on PSPs for face recognition, automatic tagging, and linking to one’s online profiles, have triggered an outcry of concerns about privacy from the public.
    In this research, we propose a paradigm to return privacy control to people being photographed. Here, we make an analogy to digital information on the web. We view people as the owners of their information, images, behaviors, speech, etc. as contents.
    One of our proposed solutions, published at ACM SenSys 2014. the Privacy Expressing and Respecting Protocol (PERP) is more of an architecture gateway. It is non-interactive solution. It consists of two parts: 1) a privacy expression tag, (called Privacy.Tag, or Tag for short) and 2) a privacy respecting sharing protocol (PRSP, or Protocol). The goal of PERP is to promote a healthy photo sharing ecosystem so that people can feel at ease around wearable camera devices, and reduce the burden for PSPs to process requests from subjects to implement “right to be forgotten” aftermath.
    In our second solution we design, develop, and evaluate a protocol, called InvisibleMe, that enables a user to flexibly express her privacy requirement and empowers the photo service provider (or image taker) to exert the privacy protection policy. Leveraging the visual distinguishability of people in the field-of-view and the dimension-order-independent property of vector similarity measurement, InvisibleMe achieves high accuracy and low overhead.
    Our third collection of contributions is a protocol that serves as a major foundation step towards easily deployable privacy preserving photo storage, sharing and search service, taking advantage of the availability of cloud servers who possess powerful computing and storage abilities

    Mobile Authentication With increasingly many users using mobile devices, more attentions are paid and will be paid to the authentication issues. Companies are gradually introducing BYOD policy to improve the working environment, and more confidential works are processed by personal devices. Many financial institutes provide mobile apps to let their clients conduct transactions remotely and conveniently, and indeed various financial transactions (e.g., online banking and stock trading) are conducted via mobile apps these days. Besides, in the near future, various sensitive information will become accessible from personal mobile devices, and they are in greater danger because of the mobility and portability: devices may be stolen, lost, or temporarily accessed illegally while unattended. To protect device holder’s privacy, Li’s research group has worked on a more intellectual solution than a simple authentication based on PIN or passwords. The goal is to continuously and obliviously detect the suspicious device operator who is not likely the authorized user without incurring unreasonable delay or power consumption. This study will bring a new reliable authentication mechanism to mobile platforms, and this will deliver much stronger protection on users’ privacy as well as their assets.