Browsing by Author "Yu, Jiguo"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    CommandFence: A Novel Digital-Twin-Based Preventive Framework for Securing Smart Home Systems
    (IEEE, 2023-05) Xiao, Yinhao; Jia, Yizhen; Hu, Qin; Cheng, Xiuzhen; Gong, Bei; Yu, Jiguo; Computer and Information Science, School of Science
    Smart home systems are both technologically and economically advancing rapidly. As people become gradually inalienable to smart home infrastructures, their security conditions are getting more and more closely tied to everyone's privacy and safety. In this paper, we consider smart apps, either malicious ones with evil intentions or benign ones with logic errors, that can cause property loss or even physical sufferings to the user when being executed in a smart home environment and interacting with human activities and environmental changes. Unfortunately, current preventive measures rely on permission-based access control, failing to provide ideal protections against such threats due to the nature of their rigid designs. In this paper, we propose CommandFence, a novel digital-twin-based security framework that adopts a fundamentally new concept of protecting the smart home system by letting any sequence of app commands to be executed in a virtual smart home system, in which a deep-q network (DQN) is used to predict if the sequence could lead to a risky consequence. CommandFence is composed of an Interposition Layer to interpose app commands and an Emulation Layer to figure out whether they can cause any risky smart home state if correlating with possible human activities and environmental changes. We fully implemented our CommandFence implementation and tested against 553 official SmartApps on the Samsung SmartThings platform and successfully identified 34 potentially dangerous ones, with 31 of them reported to be problematic Author: Please provide index terms/keywords for your article. To download the IEEE Taxonomy go to http://www.ieee.org/documents/taxonomy_v101.pdf ?> the first time to our best knowledge. Moreover, We tested our CommandFence on the 10 malicious SmartApps created by Jia et al. 2017, and successfully identified 7 of them as risky, with the missed ones actually only causing smartphone information leak (not harmful to the smart home system). We also tested CommandFence against the 17 benign SmartApps with logic errors developed by Celik et al. 2017, and achieved a 100% accuracy. Our experimental studies indicate that adopting CommandFence incurs a neglectable overhead of 0.1675 seconds.
  • Thumbnail Image
    Item
    Privacy-Aware Data Trading
    (IEEE Xplore, 2021-07) Wang, Shengling; Shi, Lina; Hu, Qin; Zhang, Junshan; Cheng, Xiuzhen; Yu, Jiguo; Computer and Information Science, School of Science
    The growing threat of personal data breach in data trading pinpoints an urgent need to develop countermeasures for preserving individual privacy. The state-of-the-art work either endows the data collector with the responsibility of data privacy or reports only a privacy-preserving version of the data. The basic assumption of the former approach that the data collector is trustworthy does not always hold true in reality, whereas the latter approach reduces the value of data. In this paper, we investigate the privacy leakage issue from the root source. Specifically, we take a fresh look to reverse the inferior position of the data provider by making her dominate the game with the collector to solve the dilemma in data trading. To that aim, we propose the noisy-sequentially zero-determinant (NSZD) strategies by tailoring the classical zero-determinant strategies, originally designed for the simultaneous-move game, to adapt to the noisy sequential game. NSZD strategies can empower the data provider to unilaterally set the expected payoff of the data collector or enforce a positive relationship between her and the data collector's expected payoffs. Both strategies can stimulate a rational data collector to behave honestly, boosting a healthy data trading market. Numerical simulations are used to examine the impacts of key parameters and the feasible region where the data provider can be an NSZD player. Finally, we prove that the data collector cannot employ NSZD to further dominate the data market for deteriorating privacy leakage.