Visible to the public Biblio

Filters: Author is Wang, Yan  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
C
Liu, Jian, Chen, Yingying, Dong, Yudi, Wang, Yan, Zhao, Tiannming, Yao, Yu-Dong.  2020.  Continuous User Verification via Respiratory Biometrics. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1—10.
The ever-growing security issues in various mobile applications and smart devices create an urgent demand for a reliable and convenient user verification method. Traditional verification methods request users to provide their secrets (e.g., entering passwords and collecting fingerprints). We envision that the essential trend of user verification is to free users from active participation in the verification process. Toward this end, we propose a continuous user verification system, which re-uses the widely deployed WiFi infrastructure to capture the unique physiological characteristics rooted in user's respiratory motions. Different from the existing continuous verification approaches, posing dependency on restricted scenarios/user behaviors (e.g., keystrokes and gaits), our system can be easily integrated into any WiFi infrastructure to provide non-intrusive continuous verification. Specifically, we extract the respiration-related signals from the channel state information (CSI) of WiFi. We then derive the user-specific respiratory features based on the waveform morphology analysis and fuzzy wavelet transformation of the respiration signals. Additionally, a deep learning based user verification scheme is developed to identify legitimate users accurately and detect the existence of spoofing attacks. Extensive experiments involving 20 participants demonstrate that the proposed system can robustly verify/identify users and detect spoofers under various types of attacks.
F
Ding, Xinyao, Wang, Yan.  2020.  False Data Injection Attack Detection Before Decoding in DF Cooperative Relay Network. 2020 Asia Conference on Computers and Communications (ACCC). :57—61.
False data injection (FDI) attacks could happen in decode-and-forward (DF) wireless cooperative relay networks. Although physical integrity check (PIC) can combat that by applying physical layer detection, the detector depends on the decoding results and low signal-to-noise ratio (SNR) further deteriorates the detecting results. In this paper, a physical layer detect-before-decode (DbD) method is proposed, which has low computational complexity with no sacrifice of false alarm and miss detection rates. One significant advantage of this method is the detector does not depend on the decoding results. In order to implement the proposed DbD method, a unified error sufficient statistic (UESS) containing the full information of FDI attacks is constructed. The proposed UESS simplifies the detector because it is applicable to all link conditions, which means there is no need to deal each link condition with a specialized sufficient statistic. Moreover, the source to destination outage probability (S2Dop) of the DF cooperative relay network utilizing the proposed DbD method is studied. Finally, numerical simulations verify the good performance of this DbD method.
Wang, Chen, Guo, Xiaonan, Wang, Yan, Chen, Yingying, Liu, Bo.  2016.  Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :189–200.

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user's fine-grained hand movements, which enable attackers to reproduce the trajectories of the user's hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user's hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.

G
Zhou, Wei, Yang, Weidong, Wang, Yan, Zhang, Hong.  2018.  Generalized Reconstruction-Based Contribution for Multiple Faults Diagnosis with Bayesian Decision. 2018 IEEE 7th Data Driven Control and Learning Systems Conference (DDCLS). :813–818.
In fault diagnosis of industrial process, there are usually more than one variable that are faulty. When multiple faults occur, the generalized reconstruction-based contribution can be helpful while traditional RBC may make mistakes. Due to the correlation between the variables, these faults usually propagate to other normal variables, which is called smearing effect. Thus, it is helpful to consider the pervious fault diagnosis results. In this paper, a data-driven fault diagnosis method which is based on generalized RBC and bayesian decision is presented. This method combines multi-dimensional RBC and bayesian decision. The proposed method improves the diagnosis capability of multiple and minor faults with greater noise. A numerical simulation example is given to show the effectiveness and superiority of the proposed method.
I
Wang, Chen, Liu, Jian, Guo, Xiaonan, Wang, Yan, Chen, Yingying.  2018.  Inferring Mobile Payment Passcodes Leveraging Wearable Devices. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :789–791.
Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs) are the first choice of most consumers to authorize the payment. This work demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, which examines to what extent the user's PIN during mobile payment could be revealed from a single wrist-worn wearable device under different input scenarios involving either two hands or a single hand. Extensive experiments with 15 volunteers demonstrate that an adversary is able to recover a user's PIN with high success rate within 5 tries under various input scenarios.
R
Wang, Yan, Zhang, Chao, Xiang, Xiaobo, Zhao, Zixuan, Li, Wenjie, Gong, Xiaorui, Liu, Bingchang, Chen, Kaixiang, Zou, Wei.  2018.  Revery: From Proof-of-Concept to Exploitable. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1914-1927.

Automatic exploit generation is an open challenge. Existing solutions usually explore in depth the crashing paths, i.e., paths taken by proof-of-concept (POC) inputs triggering vulnerabilities, and generate exploits when exploitable states are found along the paths. However, exploitable states do not always exist in crashing paths. Moreover, existing solutions heavily rely on symbolic execution and are not scalable in path exploration and exploit generation. In addition, few solutions could exploit heap-based vulnerabilities. In this paper, we propose a new solution revery to search for exploitable states in paths diverging from crashing paths, and generate control-flow hijacking exploits for heap-based vulnerabilities. It adopts three novel techniques:(1) a digraph to characterize a vulnerability's memory layout and its contributor instructions;(2) a fuzz solution to explore diverging paths, which have similar memory layouts as the crashing paths, in order to search more exploitable states and generate corresponding diverging inputs;(3) a stitch solution to stitch crashing paths and diverging paths together, and synthesize EXP inputs able to trigger both vulnerabilities and exploitable states. We have developed a prototype of revery based on the binary analysis engine angr, and evaluated it on a set of 19 real world CTF (capture the flag) challenges. Experiment results showed that it could generate exploits for 9 (47%) of them, and generate EXP inputs able to trigger exploitable states for another 5 (26%) of them.

W
Wang, Chen, Liu, Jian, Guo, Xiaonan, Wang, Yan, Chen, Yingying.  2019.  WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables. IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. :2071–2079.
Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs or patterns) are the first choice of most consumers to authorize the payment. This paper demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, WristSpy, which examines to what extent the user's PIN/pattern during the mobile payment could be revealed from a single wrist-worn wearable device under different passcode input scenarios involving either two hands or a single hand. In particular, WristSpy has the capability to accurately reconstruct fine-grained hand movement trajectories and infer PINs/patterns when mobile and wearable devices are on two hands through building a Euclidean distance-based model and developing a training-free parallel PIN/pattern inference algorithm. When both devices are on the same single hand, a highly challenging case, WristSpy extracts multi-dimensional features by capturing the dynamics of minute hand vibrations and performs machine-learning based classification to identify PIN entries. Extensive experiments with 15 volunteers and 1600 passcode inputs demonstrate that an adversary is able to recover a user's PIN/pattern with up to 92% success rate within 5 tries under various input scenarios.
Y
Zhao, Tianming, Wang, Yan, Liu, Jian, Chen, Yingying.  2018.  Your Heart Won'T Lie: PPG-based Continuous Authentication on Wrist-worn Wearable Devices. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :783–785.
This paper presents a photoplethysmography (PPG)-based continuous user authentication (CA) system, which especially leverages the PPG sensors in wrist-worn wearable devices to identify users. We explore the uniqueness of the human cardiac system captured by the PPG sensing technology. Existing CA systems require either the dedicated sensing hardware or specific gestures, whereas our system does not require any users' interactions but only the wearable device, which has already been pervasively equipped with PPG sensors. Notably, we design a robust motion artifacts (MA) removal method to mitigate the impact of MA from wrist movements. Additionally, we explore the characteristic fiducial features from PPG measurements to efficiently distinguish the human cardiac system. Furthermore, we develop a cardiac-based classifier for user identification using the Gradient Boosting Tree (GBT). Experiments with the prototype of the wrist-worn PPG sensing platform and 10 participants in different scenarios demonstrate that our system can effectively remove MA and achieve a high average authentication success rate over \$90%\$.