Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to disch...Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to discharge to smart grid.In order to provide reliable and efficient services,the operator of V2 G networks needs to monitor realtime status of every plug-in electric vehicle(PEV) and then evaluate current electricity storage capability.Anonymity,aggregation and dynamic management are three basic but crucial characteristics of which the services of V2 G networks should be.However,few of existing authentication schemes for V2 G networks could satisfy them simultaneously.In this paper,we propose a secure and efficient authentication scheme with privacy-preserving for V2 G networks.The scheme makes the charging/discharging station authenticate PEVs anonymously and manage them dynamically.Moreover,the monitoring data collected by the charging/discharging station could be sent to a local aggregator(LAG)in batch mode.In particular,time overheads during verification stage are independent with the number of involved PEVs,and there is no need to update the membership certificate and key pair before PEV logs out.展开更多
This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the sce...This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the scenario involving multiparty network data sharing with Trusted Third Party (TTP) is proposed. Simulations are then conducted using network data from different sources, and show that the measurement indicators defined in this paper can adequately quantify the privacy of the network. In particular, it can indicate the effect of the auxiliary information of the adversary on privacy.展开更多
With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission m...With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission model does not fully consider the information security issues caused by the uncontrollable internet environment.Network security communication solutions represented by encrypted virtual private networks(VPN)are facing multiple security threats.In fact,during the communication process,the user application needs to protect not only the content of the communication but also the behavior of the communication,such as the communication relationship,the communication protocol,and so on.Inspired by blockchain and software-defined networking technology,this paper proposes a resilient anonymous information sharing environment,RAISE.The RAISE system consists of user agents,a core switching network and a control cluster based on a consortium blockchain.User agents are responsible for segmenting,encrypting,and encapsulating user traffic.The core switching network forwards user traffic according to the rules issued by the controller,and the controller dynamically calculates the forwarding rules according to the security policy.Different from onion routing technology,RAISE adopts the controller to replace the onion routing model,which effectively overcomes the uncontrollability of nodes.The dispersed computing model is introduced to replace the TCP/IP pipeline transmission models,which overcomes the problems of anti-tracking and traffic hijacking that cannot be solved by VPNs.We propose a blockchain control plane framework,design the desired consensus algorithmand deploy a RAISE systemconsisting of 150 nodes in an internet environment.The experimental results show that the use of blockchain technology can effectively improve the reliability and security of the control plane.While maintaining high-performance network transmission,it further provides network communication security.展开更多
In order to address the shortcomings of traditional anonymity network anonymity evaluation methods,which only analyze from the perspective of the overall network and ignore the attributes of individual nodes,we propos...In order to address the shortcomings of traditional anonymity network anonymity evaluation methods,which only analyze from the perspective of the overall network and ignore the attributes of individual nodes,we proposes a dynamic anonymity model based on a self-built anonymous system that combines node attributes,network behavior,and program security monitoring.The anonymity of evaluation nodes is assessed based on stable intervals and behavior baselines defined according to their normal operating status.The anonymity of the network is evaluated using an improved normalized information entropy method that refines anonymity evaluation to the anonymity of each node and expands the dimensionality of evaluation features.This paper compares the effectiveness of our proposed method with static framework information entropy and single indicator methods by evaluating the degree of anonymity provided by a self-built Tor anonymous network under multiple operating scenarios including normal and under attack.Our approach utilizes dynamically changing network anonymity based on multiple anonymous attributes and better reflects the degree of anonymity in anonymous systems.展开更多
Recent advancements in deep learning(DL)have introduced new security challenges in the form of side-channel attacks.A prime example is the website fingerprinting attack(WFA),which targets anonymity networks like Tor,e...Recent advancements in deep learning(DL)have introduced new security challenges in the form of side-channel attacks.A prime example is the website fingerprinting attack(WFA),which targets anonymity networks like Tor,enabling attackers to unveil users’protected browsing activities from traffic data.While state-of-the-art WFAs have achieved remarkable results,they often rely on unrealistic single-website assumptions.In this paper,we undertake an exhaustive exploration of multi-tab website fingerprinting attacks(MTWFAs)in more realistic scenarios.We delve into MTWFAs and introduce MTWFA-SEG,a task involving the fine-grained packet-level classification within multi-tab Tor traffic.By employing deep learning models,we reveal their potential to threaten user privacy by discerning visited websites and browsing session timing.We design an improved fully convolutional model for MTWFA-SEG,which are enhanced by both network architecture advances and traffic data instincts.In the evaluations on interlocking browsing datasets,the proposed models achieve remarkable accuracy rates of over 68.6%,71.8%,and 76.1%in closed,imbalanced open,and balanced open-world settings,respectively.Furthermore,the proposed models exhibit substantial robustness across diverse train-test settings.We further validate our designs in a coarse-grained task,MTWFA-MultiLabel,where they not only achieve state-of-the-art performance but also demonstrate high robustness in challenging situations.展开更多
基金the Natural Science Foundation of China(61102056,61201132)Fundamental Research Funds for the Central Universities of China(K5051301013)the 111 Project of China(B08038)
文摘Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to discharge to smart grid.In order to provide reliable and efficient services,the operator of V2 G networks needs to monitor realtime status of every plug-in electric vehicle(PEV) and then evaluate current electricity storage capability.Anonymity,aggregation and dynamic management are three basic but crucial characteristics of which the services of V2 G networks should be.However,few of existing authentication schemes for V2 G networks could satisfy them simultaneously.In this paper,we propose a secure and efficient authentication scheme with privacy-preserving for V2 G networks.The scheme makes the charging/discharging station authenticate PEVs anonymously and manage them dynamically.Moreover,the monitoring data collected by the charging/discharging station could be sent to a local aggregator(LAG)in batch mode.In particular,time overheads during verification stage are independent with the number of involved PEVs,and there is no need to update the membership certificate and key pair before PEV logs out.
基金supported by the National Key Basic Research Program of China (973 Program) under Grant No. 2009CB320505the Fundamental Research Funds for the Central Universities under Grant No. 2011RC0508+2 种基金the National Natural Science Foundation of China under Grant No. 61003282China Next Generation Internet Project "Research and Trial on Evolving Next Generation Network Intelligence Capability Enhancement"the National Science and Technology Major Project "Research about Architecture of Mobile Internet" under Grant No. 2011ZX03002-001-01
文摘This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the scenario involving multiparty network data sharing with Trusted Third Party (TTP) is proposed. Simulations are then conducted using network data from different sources, and show that the measurement indicators defined in this paper can adequately quantify the privacy of the network. In particular, it can indicate the effect of the auxiliary information of the adversary on privacy.
基金This work was supported by the National Natural Science Foundation of China(Grant No.61976064).
文摘With the widespread application of cloud computing and network virtualization technologies,more and more enterprise applications are directly deployed in the cloud.However,the traditional TCP/IP network transmission model does not fully consider the information security issues caused by the uncontrollable internet environment.Network security communication solutions represented by encrypted virtual private networks(VPN)are facing multiple security threats.In fact,during the communication process,the user application needs to protect not only the content of the communication but also the behavior of the communication,such as the communication relationship,the communication protocol,and so on.Inspired by blockchain and software-defined networking technology,this paper proposes a resilient anonymous information sharing environment,RAISE.The RAISE system consists of user agents,a core switching network and a control cluster based on a consortium blockchain.User agents are responsible for segmenting,encrypting,and encapsulating user traffic.The core switching network forwards user traffic according to the rules issued by the controller,and the controller dynamically calculates the forwarding rules according to the security policy.Different from onion routing technology,RAISE adopts the controller to replace the onion routing model,which effectively overcomes the uncontrollability of nodes.The dispersed computing model is introduced to replace the TCP/IP pipeline transmission models,which overcomes the problems of anti-tracking and traffic hijacking that cannot be solved by VPNs.We propose a blockchain control plane framework,design the desired consensus algorithmand deploy a RAISE systemconsisting of 150 nodes in an internet environment.The experimental results show that the use of blockchain technology can effectively improve the reliability and security of the control plane.While maintaining high-performance network transmission,it further provides network communication security.
基金supported by the Tianjin Education Commission Research Program Project No.2019KJ024.
文摘In order to address the shortcomings of traditional anonymity network anonymity evaluation methods,which only analyze from the perspective of the overall network and ignore the attributes of individual nodes,we proposes a dynamic anonymity model based on a self-built anonymous system that combines node attributes,network behavior,and program security monitoring.The anonymity of evaluation nodes is assessed based on stable intervals and behavior baselines defined according to their normal operating status.The anonymity of the network is evaluated using an improved normalized information entropy method that refines anonymity evaluation to the anonymity of each node and expands the dimensionality of evaluation features.This paper compares the effectiveness of our proposed method with static framework information entropy and single indicator methods by evaluating the degree of anonymity provided by a self-built Tor anonymous network under multiple operating scenarios including normal and under attack.Our approach utilizes dynamically changing network anonymity based on multiple anonymous attributes and better reflects the degree of anonymity in anonymous systems.
基金supported partially by the National Natural Science Foundation of China(Nos.62172378,61572448,and 61827810)by the National Key Research and Development Program of China(No.2020YFB1707701).
文摘Recent advancements in deep learning(DL)have introduced new security challenges in the form of side-channel attacks.A prime example is the website fingerprinting attack(WFA),which targets anonymity networks like Tor,enabling attackers to unveil users’protected browsing activities from traffic data.While state-of-the-art WFAs have achieved remarkable results,they often rely on unrealistic single-website assumptions.In this paper,we undertake an exhaustive exploration of multi-tab website fingerprinting attacks(MTWFAs)in more realistic scenarios.We delve into MTWFAs and introduce MTWFA-SEG,a task involving the fine-grained packet-level classification within multi-tab Tor traffic.By employing deep learning models,we reveal their potential to threaten user privacy by discerning visited websites and browsing session timing.We design an improved fully convolutional model for MTWFA-SEG,which are enhanced by both network architecture advances and traffic data instincts.In the evaluations on interlocking browsing datasets,the proposed models achieve remarkable accuracy rates of over 68.6%,71.8%,and 76.1%in closed,imbalanced open,and balanced open-world settings,respectively.Furthermore,the proposed models exhibit substantial robustness across diverse train-test settings.We further validate our designs in a coarse-grained task,MTWFA-MultiLabel,where they not only achieve state-of-the-art performance but also demonstrate high robustness in challenging situations.
