Location-Based Services (LBSs) are one of the most frequently used mobile applications in the modern society. Geo-Indistinguishability (Geo-Ind) is a promising privacy protection model for LBSs since it can provide formal security guarantees for location privacy. However, Geo-Ind undermines the statistical location distribution of users on the LBS server because of perturbed locations, thereby disabling the server to provide distribution-based services (e.g., traffic congestion maps). To overcome this issue, we give a privacy definition, called DistPreserv, to enable the LBS server to acquire valid location distributions while providing users with strict location protection. Then we propose a privacy-preserving LBS scheme to benefit both users and the server, in which a location perturbation mechanism is designed to achieve the given definition under the guide of the incentive compatibility, and a retrieval area determination method is presented to ensure query accuracy of users by using the dynamic programming on the two-dimensional map plane. Finally, we theoretically prove that the designed mechanism can achieve the definition of DistPreserv and the property of incentive compatibility. Experimental explorations using a real-world dataset indicate that our proposal prominently improves the availability of users' location distributions by over 90%, while providing high precision and recall of queries.

With increasingly popular GPS-equipped mobile devices (e.g., smartphones, tablets, laptops), massive spatio-textual data has been outsourced to cloud servers for storage and analysis such as spatial keyword search. However, existing privacy-preserving spatial keyword query schemes only support coarse-grained non-temporal access control in single user sharing scenario, which does not scale well in time-related scenes such as message valid period. To solve the above issues, we propose Privacy-preserving Boolean Range Query with Temporal access control in mobile computing (PBRQ-T). Specifically, we first achieve PBRQ with linear search complexity using the adapted Gray code, Bloom filter, and Katz-Sahai-Waters encryption. Then, we provide fine-grained and temporal access control in PBRQ based on the forward/backward derivation function and attribute-based encryption, where PBRQ is executed only when the spatio-textual data is accessible. Finally, an enhanced PBRQ-T (i.e., PBRQ-T+) with faster-than-linear search complexity is proposed by constructing a Quadtree index structure. Our formal security analysis shows that data privacy and index privacy can be guaranteed during the query process. Our extensive experiments using a real-world dataset demonstrate the efficiency and feasibility of our schemes.

Most of the existing global positioning system (GPS) spoofing detection schemes are vulnerable to the generative GPS spoofing attack, or require additional auxiliary equipment and extensive signal processing capabilities, leading to defects such as low real-time performance and large communication overhead which are not available for the unmanned aerial vehicle (UAV, also known as drone) system. Therefore, we propose a novel solution which employs information fusion based on the GPS receiver and inertial measurement unit. We use a real-time model of tracking and calculating to derive the current position of the drones which are then contrasted with the position information received by the receiver to verify whether the presence or absence of spoofing attack. Subsequent experimental work shows that, the proposed method can accurately detect the spoof within 8 seconds, with a detection rate (DR) of 98.6%. Compared with the existing schemes, the performance of real-time detecting is improved while the DR is ensured. Even in our worst-case, we detect the spoof within 28 seconds after the UAV system starts its mission.

Location-based routing is a widely adopted message transmission mechanism in Vehicular Ad Hoc Networks (VANETs). While the existing location-based routing schemes of VANETs ignore the location privacy protection of vehicles, leading that the drivers to be tracked, and further threaten the safety of their life and property. To address the above issue, we propose an All-Round and Highly Privacy-Preserving Location-Based Routing for VANETs (called ARPLR). Specifically, ARPLR first proposes a road side unit assisted location management with location privacy protection that prevents the destination vehicle's location from being leaked by the arbitrary query. Then, a message routing based on location ciphertext with highly privacy protection is designed by order revealing encryption, in which a multi-hop routing between the source and destination vehicle is established only by comparing the encrypted locations between intermediate vehicles. Security analysis shows that, ARPLR can not only effectively provide location privacy protection for the intermediate and the destination vehicles in the whole routing process, but also ensure end-to-end secure communication between the source and destination vehicles. Extensive experiments based on real-road map indicate that, compared with two state-of-the-art solutions, the average transmission delay of ARPLR is respectively reduced by about 18% and 60%, meanwhile the average packet delivery rate also increases about 30% and 2%, respectively.

随着大数据、人工智能、物联网、云计算的发展和普及,车联网作为未来智能汽车和智能交通的核心,已受到世界各国重视,成为衡量国家工业和科技实力的重要标志。然而,近年来车联网信息安全事件频发,严重威胁到了用户的隐私甚至生命财产安全,阻碍了车联网的健康发展与应用。本文聚焦于车联网两类典型应用服务–通信服务和外包服务,首先分析了车辆用户在这两类服务中面临的安全威胁和对应的安全保护需求,然后对其中的若干安全及隐私保护关键技术展开研究,并提出了对应的解决方案。具体地,在通信服务中针对群组通信和路由通信场景,分别提出了基于区块链的互愈式群组密钥管理方案和位置隐私增强的位置匿名路由方案,以实现安全通信服务。在安全外包服务中针对云服务半可信和恶意两种不同的场景,分别提出了低信息泄露的安全外包范围查询方案和可验证的安全外包范围查询方案,以确保外包服务安全。通过上述的研究,解决了车联网在通信和外包两类典型服务中面临的安全威胁,为国家实现车联网战略部署提供基础保障。本文所取得的主要研究成果如下:1.针对现有车联网安全群组通信服务中,存在通信链路不稳定导致群组密钥更新消息易丢失的问题,本文提出了基于区块链的互愈式群组密钥管理方案。具体地,首先引入区块链技术,通过重新定义其存储结构和链式关系设计了一种仅密钥管理中心具备写入权的车联网集群私有区块链,实现了车辆群组密钥分发、存储及车辆节点动态信任关系的建立。然后在此基础上,针对两种不同的攻击者模型,分别设计了基础版和增强版群组密钥互愈协议,实现车辆在其邻居车辆帮助下安全地恢复丢失的群组密钥。安全性分析和实验表明,所提方案在有限计算和通信开销下,可以确保车辆安全、高效地获取丢失群组密钥,提供安全的群组通信服务。2.针对现有车联网安全路由通信服务中,存在目的车辆和中间车辆位置隐私泄露的问题。本文从位置路由建立的两个阶段考虑,提出了位置隐私增强的位置匿名路由方案。具体地,在车辆位置管理阶段,设计了具备隐私保护的路侧单元辅助位置管理方法,防止目的车辆位置被任意查询泄露。在消息路由阶段,基于防篡改设备和顺序可见加密技术,设计了基于位置密文的匿名路由方法。实现了消息路由过程中间车辆和目标车辆的位置隐私保护。安全性分析和实验表明,所提方案不仅可以保护相关车辆的位置隐私,还能确保端到端通信安全。同时,在传输时延和丢包率上均优于同类方案。3.针对现有车联网在云服务半可信的安全外包范围查询服务中,存在隐私保护弱、查询性能低,难以满足车联网外包查询服务中隐私保护和时效性需求的问题,本文提出了低信息泄露的安全外包范围查询方案。具体地,为了保护数据隐私,设计了一种范围匹配编码,其在隐藏被查询数据顺序关系的同时,还避免了额外信息的泄露,如最显著不同比特或分块的索引。同时,为了保护查询隐私,设计了一种基于非确定性保序扰动和填充的查询令牌生成方法,以隐藏查询模式。最后,基于异或过滤器和多重哈希函数设计了高效的范围查询算法。安全性分析和实验表明,相比于目前最先进的方案,所提方案增强了数据隐私和查询隐私保护,同时也显著地提升了查询性能,降低了外包数据存储开销,能更好地应用于车联网中外包范围查询服务。4.针对现有车联网在云服务恶意的安全外包范围查询服务中,存在假阳性和查询效率难权衡,大量脏数据难检测,无法满足车联网外包查询服务中时效性和可靠性需求的问题,本文提出了可验证的安全外包范围查询方案。具体地,首先采用布谷鸟过滤器和Prefix编码技术,设计一种支持后验假阳性率消除的密态范围比较算法,有效地权衡了假阳性率和查询效率问题。然后,在此基础上,采用加密多集累加器和前缀索引树设计了高效且可验证的外包范围查询方案。安全性分析和实验结果表明,在正确性检验上,所提方案可有效检测云服务器是否进行慵懒查询;在查询效率上,相比与同类最先进方案,均有所提升。

Searchable encryption(SE) allows users to efficiently retrieve data over encrypted cloud data, but most existing SE schemes only support exact keyword search, resulting in false results due to minor typos or format inconsistencies of queried keywords. The fuzzy keyword search can avoid this limitation, but still incurs low search accuracy and efficiency. Besides, most of fuzzy keyword search schemes do not consider malicious cloud servers which may execute a fraction of search operations or forge some results due to various interest incentives such as saving computation or storage resources. To solve these problems, we propose an efficient and Verifiable Ranked Fuzzy Multi-keyword Search scheme, called VRFMS. VRFMS uses locality-sensitive hashing and bloom filter to implement fuzzy keyword search, and employs Term Frequency-Inverse Document Frequency(TF-IDF) to sort the relevant results. Aiming to further improve the search accuracy, we design an improved bi-gram keyword transformation method. Furthermore, the homomorphic MAC technique and a random challenge technique are utilized to verify the correctness and completeness of returned results, respectively. Formal security analysis and empirical experiments demonstrate that VRFMS is secure and efficient in practical applications, respectively.

Despite the existence of data privacy regulations, such as the general data protection regulation (GDPR), data leaks in the Internet of Things (IoT) still occur and cause significant harm due to the noncompliance of data users. To address this issue, a notable solution involves recording the process in an open, immutable blockchain and utilizing the trusted execution environment (TEE) for reliable compliance verification. Although substantial progress has been made in designing compliance schemes in recent years, current approaches suffer from various limitations, including compliance incompleteness, regulation faultiness, and privacy leak. This article introduces PACTA, an IoT data privacy regulation compliance scheme that leverages TEE and blockchain technology. In the protocol, PACTA efficiently handles both dynamic and static consent of data owners and utilizes TEE for compliance analysis of requests and processes. By storing encrypted critical data, the blockchain facilitates privacy-preserving audits of the entire compliance process. Additionally, we have designed a challenge-response protocol to address the silent behavior of the TEE. We demonstrate that PACTA effectively enforces regulation compliance while safeguarding privacy. We thoroughly evaluate our implementation's efficiency and effectiveness using Ethereum and Intel SGX platforms.

With the arrival of the 5G era, wireless communication technologies and services are rapidly exhausting the limited spectrum resources. Spectrum auctions came into being, which can effectively utilize spectrum resources. Because of the complexity of the electronic spectrum auction network environment, the security of spectrum auction can not be guaranteed. Most scholars focus on researching the security of the single-sided auctions, while ignoring the practical scenario of a secure double spectrum auction where participants are composed of multiple sellers and buyers. Researchers begin to design the secure double spectrum auction mechanisms, in which two semi-honest agents are introduced to finish the spectrum auction rules. But these two agents may collude with each other or be bribed by buyers and sellers, which may create security risks, therefore, a secure double spectrum auction is proposed in this paper. Unlike traditional secure double spectrum auctions, the spectrum auction server with Software Guard Extensions (SGX) component is used in this paper, which is an Ethereum blockchain platform that performs spectrum auctions. A secure double spectrum protocol is also designed, using SGX technology and cryptographic tools such as Paillier cryptosystem, stealth address technology and one-time ring signatures to well protect the private information of spectrum auctions. In addition, the smart contracts provided by the Ethereum blockchain platform are executed to assist offline verification, and to verify important spectrum auction information to ensure the fairness and impartiality of spectrum auctions. Finally, security analysis and performance evaluation of our protocol are discussed. © 2022 Chongqing University of Posts and Telecommunications

Implementing the necessary countermeasures to detect the growing and highly destructive family of malware is an urgent obligation. The proliferation and diversity of malware make these problems more challenging. For beginners, it is arduous to attain crucial features for multi-class family classification and extract valuable information from the obtained features. Another issue is that building a classification model that effectively absorbs multi-class samples and adapts to various features is challenging. This work indicates a precise identification method for Android application families (ANDF) to tackle these issues. It perceptively analyzes the features that multi-class families can utilize to identify members and further excavates the relationship between implicit information and the severity of those distinctions. A more appropriate classification model is developed for the heterogeneous file formats, and a more beneficial feature with a diverse array of heterogeneous information is chosen as the replacement representation of the sample. It is capable of upgrading learning ability and mastering the multi-modal traits of the family malware. The application of ANDF to real data sets yields effective classification results. It is capable of 0.9800 in f1-macro and has a classification accuracy of 98.61%. It performs, respectively, 0.0088 points better than the two-feature comparison classification model and 0.0872 points better than the single-feature comparison classification model. The kappa coefficient can also exceed 0.9830, which is at least 0.1044 higher than other contrasting classifiers and is 0.0105 greater than that of the contrasted model containing two features, which is 0.1046 larger than the classifier with a contrasting single feature.