Visible to the public Biblio

Filters: Author is Yu, S.  [Clear All Filters]
Conference Paper
Bao, L., Wu, S., Yu, S., Huang, J..  2020.  Client-side Security Assessment and Security Protection Scheme for Smart TV Network. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). :573—578.

TV networks are no longer just closed networks. They are increasingly carrying Internet services, integrating and interoperating with home IoT and the Internet. In addition, client devices are becoming intelligent. At the same time, they are facing more security risks. Security incidents such as attacks on TV systems are commonplace, and there are many incidents that cause negative effects. The security protection of TV networks mainly adopts security protection schemes similar to other networks, such as constructing a security perimeter; there are few security researches specifically carried out for client-side devices. This paper focuses on the mainstream architecture of the integration of HFC TV network and the Internet, and conducts a comprehensive security test and analysis for client-side devices including EOC cable bridge gateways and smart TV Set-Top-BoX. Results show that the TV network client devices have severe vulnerabilities such as command injection and system debugging interfaces. Attackers can obtain the system control of TV clients without authorization. In response to the results, we put forward systematic suggestions on the client security protection of smart TV networks in current days.

Liu, R., Wu, H., Pang, Y., Qian, H., Yu, S..  2016.  A highly reliable and tamper-resistant RRAM PUF: Design and experimental validation. 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :13–18.

This work presents a highly reliable and tamper-resistant design of Physical Unclonable Function (PUF) exploiting Resistive Random Access Memory (RRAM). The RRAM PUF properties such as uniqueness and reliability are experimentally measured on 1 kb HfO2 based RRAM arrays. Firstly, our experimental results show that selection of the split reference and offset of the split sense amplifier (S/A) significantly affect the uniqueness. More dummy cells are able to generate a more accurate split reference, and relaxing transistor's sizes of the split S/A can reduce the offset, thus achieving better uniqueness. The average inter-Hamming distance (HD) of 40 RRAM PUF instances is 42%. Secondly, we propose using the sum of the read-out currents of multiple RRAM cells for generating one response bit, which statistically minimizes the risk of early retention failure of a single cell. The measurement results show that with 8 cells per bit, 0% intra-HD can maintain more than 50 hours at 150 °C or equivalently 10 years at 69 °C by 1/kT extrapolation. Finally, we propose a layout obfuscation scheme where all the S/A are randomly embedded into the RRAM array to improve the RRAM PUF's resistance against invasive tampering. The RRAM cells are uniformly placed between M4 and M5 across the array. If the adversary attempts to invasively probe the output of the S/A, he has to remove the top-level interconnect and destroy the RRAM cells between the interconnect layers. Therefore, the RRAM PUF has the “self-destructive” feature. The hardware overhead of the proposed design strategies is benchmarked in 64 × 128 RRAM PUF array at 65 nm, while these proposed optimization strategies increase latency, energy and area over a naive implementation, they significantly improve the performance and security.

Nosouhi, M. R., Pham, V. V. H., Yu, S., Xiang, Y., Warren, M..  2017.  A Hybrid Location Privacy Protection Scheme in Big Data Environment. GLOBECOM 2017 - 2017 IEEE Global Communications Conference. :1–6.

Location privacy has become a significant challenge of big data. Particularly, by the advantage of big data handling tools availability, huge location data can be managed and processed easily by an adversary to obtain user private information from Location-Based Services (LBS). So far, many methods have been proposed to preserve user location privacy for these services. Among them, dummy-based methods have various advantages in terms of implementation and low computation costs. However, they suffer from the spatiotemporal correlation issue when users submit consecutive requests. To solve this problem, a practical hybrid location privacy protection scheme is presented in this paper. The proposed method filters out the correlated fake location data (dummies) before submissions. Therefore, the adversary can not identify the user's real location. Evaluations and experiments show that our proposed filtering technique significantly improves the performance of existing dummy-based methods and enables them to effectively protect the user's location privacy in the environment of big data.

Ansari, M. R., Yu, S., Yu, Q..  2015.  "IntelliCAN: Attack-resilient Controller Area Network (CAN) for secure automobiles". 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS). :233–236.

Controller Area Network (CAN) is the main bus network that connects electronic control units in automobiles. Although CAN protocols have been revised to improve the vehicle safety, the security weaknesses of CAN have not been fully addressed. Security threats on automobiles might be from external wireless communication or from internal malicious CAN nodes mounted on the CAN bus. Despite of various threat sources, the security weakness of CAN is the root of security problems. Due to the limited computation power and storage capacity on each CAN node, there is a lack of hardware-efficient protection methods for the CAN system without losing the compatibility to CAN protocols. To save the cost and maintain the compatibility, we propose to exploit the built-in CAN fault confinement mechanism to detect the masquerade attacks originated from the malicious CAN devices on the CAN bus. Simulation results show that our method achieves the attack misdetection rate at the order of 10-5 and reduces the encryption latency by up to 68% over the complete frame encryption method.

Zhang, J., Chen, J., Wu, D., Chen, B., Yu, S..  2019.  Poisoning Attack in Federated Learning using Generative Adversarial Nets. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :374—380.

Federated learning is a novel distributed learning framework, where the deep learning model is trained in a collaborative manner among thousands of participants. The shares between server and participants are only model parameters, which prevent the server from direct access to the private training data. However, we notice that the federated learning architecture is vulnerable to an active attack from insider participants, called poisoning attack, where the attacker can act as a benign participant in federated learning to upload the poisoned update to the server so that he can easily affect the performance of the global model. In this work, we study and evaluate a poisoning attack in federated learning system based on generative adversarial nets (GAN). That is, an attacker first acts as a benign participant and stealthily trains a GAN to mimic prototypical samples of the other participants' training set which does not belong to the attacker. Then these generated samples will be fully controlled by the attacker to generate the poisoning updates, and the global model will be compromised by the attacker with uploading the scaled poisoning updates to the server. In our evaluation, we show that the attacker in our construction can successfully generate samples of other benign participants using GAN and the global model performs more than 80% accuracy on both poisoning tasks and main tasks.