Visible to the public Biblio

Filters: Author is Chen, Xiaofeng  [Clear All Filters]
Conference Paper
Zhou, Man, Wang, Qian, Yang, Jingxiao, Li, Qi, Xiao, Feng, Wang, Zhibo, Chen, Xiaofeng.  2018.  PatternListener: Cracking Android Pattern Lock Using Acoustic Signals. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1775-1787.

Pattern lock has been widely used for authentication to protect user privacy on mobile devices (e.g., smartphones and tablets). Several attacks have been constructed to crack the lock. However, these approaches require the attackers to be either physically close to the target device or able to manipulate the network facilities (e.g., wifi hotspots) used by the victims. Therefore, the effectiveness of the attacks is highly sensitive to the setting of the environment where the users use the mobile devices. Also, these attacks are not scalable since they cannot easily infer patterns of a large number of users. Motivated by an observation that fingertip motions on the screen of a mobile device can be captured by analyzing surrounding acoustic signals on it, we propose PatternListener, a novel acoustic attack that cracks pattern lock by leveraging and analyzing imperceptible acoustic signals reflected by the fingertip. It leverages speakers and microphones of the victim's device to play imperceptible audio and record the acoustic signals reflected from the fingertip. In particular, it infers each unlock pattern by analyzing individual lines that are the trajectories of the fingertip and composed of the pattern. We propose several algorithms to construct signal segments for each line and infer possible candidates of each individual line according to the signal segments. Finally, we produce a tree to map all line candidates into grid patterns and thereby obtain the candidates of the entire unlock pattern. We implement a PatternListener prototype by using off-the-shelf smartphones and thoroughly evaluate it using 130 unique patterns. The real experimental results demonstrate that PatternListener can successfully exploit over 90% patterns in five attempts.

Journal Article
Shen, Jian, Gui, Ziyuan, Chen, Xiaofeng, Zhang, Jun, Xiang, Yang.  2020.  Lightweight and Certificateless Multi-Receiver Secure Data Transmission Protocol for Wireless Body Area Networks. IEEE Transactions on Dependable and Secure Computing. :1–1.
The rapid development of low-power integrated circuits, wireless communication, intelligent sensors and microelectronics has allowed the realization of wireless body area networks (WBANs), which can monitor patients' vital body parameters remotely in real time to offer timely treatment. These vital body parameters are related to patients' life and health; and these highly private data are subject to many security threats. To guarantee privacy, many secure communication protocols have been proposed. However, most of these protocols have a one-to-one structure in extra-body communication and cannot support multidisciplinary team (MDT). Hence, we propose a lightweight and certificateless multi-receiver secure data transmission protocol for WBANs to support MDT treatment in this paper. In particular, a novel multi-receiver certificateless generalized signcryption (MR-CLGSC) scheme is proposed that can adaptively use only one algorithm to implement one of three cryptographic primitives: signature, encryption or signcryption. Then, a multi-receiver secure data transmission protocol based on the MR-CLGSC scheme with many security properties, such as data integrity and confidentiality, non-repudiation, anonymity, forward and backward secrecy, unlinkability and data freshness, is designed. Both security analysis and performance analysis show that the proposed protocol for WBANs is secure, efficient and highly practical.
Conference Name: IEEE Transactions on Dependable and Secure Computing
Zeng, Ming, Zhang, Kai, Qian, Haifeng, Chen, Xiaofeng, Chen, Jie, Mu, Yi.  2019.  A Searchable Asymmetric Encryption Scheme with Support for Boolean Queries for Cloud Applications. The Computer Journal. 62:563–578.
Cloud computing is a new promising technology paradigm that can provide clients from the whole network with scalable storage resources and on-demand high-quality services. However, security concerns are raised when sensitive data are outsourced. Searchable encryption is a kind of cryptographic primitive that enables clients to selectively retrieve encrypted data, the existing schemes that support for sub-linear boolean queries are only considered in symmetric key setting, which makes a limitation for being widely deployed in many cloud applications. In order to address this issue, we propose a novel searchable asymmetric encryption scheme to support for sub-linear boolean query over encrypted data in a multi-client model that is extracted from an important observation that the outsourced database in cloud is continuously contributed and searched by multiple clients. For the purpose of introducing the scheme, we combine both the ideas of symmetric searchable encryption and public key searchable encryption and then design a novel secure inverted index. Furthermore, a detailed security analysis for our scheme is given under the simulation-based security definition. Finally, we conduct experiments for our construction on a real dataset (Enron) along with a performance analysis to show its practicality.