Xukai Zou

Permanent URI for this collection

https://hdl.handle.net/1805/26681

Creating Secure and Private-Preserving Cyber Infrastructure

The project is the first attempt to build a secure, holistic, and resilient cybersecurity architecture for any computing systems so that different types of users can remotely access and share protected data/resource/workflow in a free, flexible, yet finely-controlled, manner. The developed secure infrastructure will provide multi-level comprehensive protection from user authentication to fine-tuned data access, to confidentiality, integrity, availability, and traceability. The developed secure architecture is based on cutting-edge and advanced security technologies most of which have been invented or designed by Professor Zou and his team of researchers. The secure architecture can be applied to any multi-user and dynamic data/resource sharing systems and cyber infrastructures such as scientific infrastructures, health care systems, power-grid infrastructures, law-enforcement and forensic systems, and secure smart-city and smart-home infrastructures to protect the systems or infrastructures from both internal and external attacks.

Professor Zou's translation of research into secure, online transactions and interactions is another excellent example of how IUPUI's faculty members are TRANSLATING their RESEARCH INTO PRACTICE.

Browse

Browsing Xukai Zou by Issue Date

Filter results by year or month
Now showing 1 - 10 of 25
  • Thumbnail Image
    Item
    Dependability and Security in Medical Information System
    (Springer Nature, 2007) Zou, Xukai; Dai, Yuan-Shun; Doebbeling, Bradley; Qi, Mingrui; Department of Computer and Information Science, School of Science
    Medical Information Systems (MIS) help medical practice and health care significantly. Security and dependability are two increasingly important factors for MIS nowadays. In one hand, people would be willing to step into the MIS age only when their privacy and integrity can be protected and guaranteed with MIS systems. On the other hand, only secure and reliable MIS systems would provide safe and solid medical and health care service to people. In this paper, we discuss some new security and reliability technologies which are necessary for and can be integrated with existing MISs and make the systems highly secure and dependable. We also present an implemented Middleware architecture which has been integrated with the existing VISTA/CPRS system in the U.S. Department of Veterans Affairs seamlessly and transparently.
  • Thumbnail Image
    Item
    A New Approach for Cancelable Iris Recognition
    (Office of the Vice Chancellor for Research, 2010-04-09) Yang, Kai; Yan, Sui; Zhou, Zhi; Du, Yingzi; Zou, Xukai; Orr, Scott
    The iris is a stable and reliable biometric for positive human identification. However, the traditional iris recognition scheme raises several privacy concerns. One’s iris pattern is permanently bound with him and cannot be changed. Hence, once it is stolen, this biometric is lost forever as well as all the applications where this biometric is used. Thus, new methods are desirable to secure the original pattern and ensure its revocability and alternatives when compromised. In this paper, we propose a novel scheme which incorporates iris features, noninvertible transformation and data encryption to achieve “cancelability” and at the same time increases iris recognition accuracy.
  • Thumbnail Image
    Item
    The Internet Based Electronic Voting Enabling Open and Fair Election
    (Office of the Vice Chancellor for Research, 2014-04-11) Zou, Xukai; Li, Huian; Sui, Yan; Peng, Wei; Li, Feng
    Voting is the pillar of modern democracies. However, examination of current voting systems (including E-voting techniques) shows a gap between casting secret ballots and tallying and verifying individual votes. This gap is caused by either disconnection between the vote-casting process and the vote-tallying process, or opaque transition (e.g. due to encryption) from vote- casting to vote-tallying and thus, damages voter assurance, i.e. failing to answer the question: “Will your vote count?” We proposed a groundbreaking E-voting protocol that fills this gap and provides a fully transparent election. In this new voting system, this transition is seamless, viewable, and verifiable. As a result, the above question can be answered assuredly: “Yes, my vote counts!” The new E-voting protocol is fundamentally different from all existing voting/E-voting protocols in terms of both concepts and the underlying mechanisms. It consists of three innovative Technical Designs: TD1: universal verifiable voting vector; TD2: forward and backward mutual lock voting; and TD3: in-process verification and enforcement. The new technique is the first fully transparent E-voting protocol which fills the aforementioned gap. The trust is split equally among all tallying authorities who are of conflict-of-interest and will technologically restrain from each other. As a result, the new technique enables open and fair elections, even for minor or weak political parties. It is able to mitigate errors and risk and detect fraud and attacks including collusion, with convincingly high probability 1 − 2−(m−log(m))n (n: #voters and m ≥ 2:#candidates). It removes many existing requirements such as trusted central tallying authorities, tailored hardware or software, and complex cryptographic primitives. In summary, the new e- voting technique delivers voter assurance and can transform the present voting booth based voting and election practice. Besides voting and elections, the new technique can also be adapted to other applications such as student class evaluation, rating and reputation systems.
  • Thumbnail Image
    Item
    Revocable, Interoperable and User-Centric (Active) Authentication Across Cyberspace
    (Office of the Vice Chancellor for Research, 2014-04-11) Sui, Yan; Zou, Xukai; Du, Eliza Y.; Li, Feng
    This work addresses fundamental and challenging user authentication and universal identity issues and solves the problems of system usability, authentication data security, user privacy, irrevocability, interoperability, cross-matching attacks, and post-login authentication breaches associated with existing authentication systems. It developed a solid user-centric biometrics based authentication model, called Bio-Capsule (BC), and implemented an (active) authentication system. BC is the template derived from the (secure) fusion of a user’s biometrics and that of a Reference Subject (RS). RS is simply a physical object such as a doll or an artificial one, such as an image. It is users’ BCs, rather than original biometric templates, that are utilized for user authentication and identification. The implemented (active) authentication system will facilitate and safely protect individuals’ diffused cyber activities, which is particularly important nowadays, when people are immersed in cyberspace. User authentication is the first guard of any trustworthy computing system. Along with people’s immersion in the penetrated cyber space integrated with information, networked systems, applications and mobility, universal identity security& management and active authentication become of paramount importance for cyber security and user privacy. Each of three typical existing authentication methods, what you KNOW (Password/PIN), HAVE (SmartCard), and ARE (Fingerprint/Face/Iris) and their combinations, suffer from their own inherent problems. For example, biometrics is becoming a promising authentication/identification method because it binds an individual with his identity, is resistant to losses, and does not need to memorize/carry. However, biometrics introduces its own challenges. One serious problem with biometrics is that biometric templates are hard to be replaced once compromised. In addition, biometrics may disclose user’s sensitive information (such as race, gender, even health condition), thus creating user privacy concerns. In the recent years, there has been intensive research addressing biometric template security and replaceability, such as cancelable biometrics and Biometric Cryptosystems. Unfortunately, these approaches do not fully exploit biometric advantages (e.g., requiring a PIN), reduce authentication accuracy, and/or suffer from possible attacks. The proposed approach is the first elegant solution to effectively address irreplaceability, privacy-preserving, and interoperability of both login and after-login authentication. Our methodology preserves biometrics’ robustness and accuracy, without sacrificing system acceptability for the same user, and distinguishability between different users. Biometric features cannot be recovered from the user’s Biometric Capsule or Reference Subject, even when both are stolen. The proposed model can be applied at the signal, feature, or template levels, and facilitates integration with new biometric identification methods to further enhance authentication performance. Moreover, the proposed active, non-intrusive authentication is not only scalable, but also particularly suitable to emerging portable, mobile computing devices. In summary, the proposed approach is (i) usercentric, i.e., highly user friendly without additional burden on users, (ii) provably secure and resistant to attacks including cross-matching attacks, (iii) identity-bearing and privacy-preserving, (iv) replaceable, once Biometric Capsule is compromised, (v) scalable and highly adaptable, (vi) interoperable and single signing on across systems, and (vii) cost-effective and easy to use.
  • Thumbnail Image
    Item
    Enhancing and Implementing Fully Transparent Internet Voting
    (Office of the Vice Chancellor for Research, 2015-04-17) Butterfield, Kevin; Li, Huian; Zou, Xukai; Li, Feng
    Voting over the internet has been the focus of significant research with the potential to solve many problems. Current implementations typically suffer from a lack of transparency, where the connection between vote casting and result tallying is seen as a black box by voters. A new protocol was recently proposed that allows full transparency, never obfuscating any step of the process, and splits authority between mutually-constraining conflicting parties. Achieving such transparency brings with it challenging issues. In this paper we propose an efficient algorithm for generating unique, anonymous identifiers (voting locations) that is based on the Chinese Remainder Theorem, extend the functionality of an election to allow for races with multiple winners, and introduce a prototype of this voting system implemented as a multiplatform web application.
  • Thumbnail Image
    Item
    Temporal Coverage Based Content Distribution in Heterogeneous Smart Device Networks
    (IEEE, 2015-06) Peng, Wei; Li, Feng; Zou, Xukai; Department of Computer & Information Science, School of Science
    The present work studies content distribution in heterogeneous smart device networks, in which all smartphones/ tablets can communicate through proximity channels such as Bluetooth/NFC/Wi-Fi Direct when they are in proximity, but only some devices have the cellular data communication capability. In the context of recent applications of content distribution in smart device networks such as mobile offloading and enterprise network defense prioritization, we propose a temporal coverage based scheme that exploits nodes' encounter regularity and content's delivery delay tolerance to reduce content delivery costs. Using kernel-density estimation (KDE) on the readily available proximity encounter records, we propose a network structural property, T-covering set, and a corresponding localized algorithm that distributedly elects a T-covering set from the underlying network. Using real Bluetooth encounter traces, we demonstrate that temporal coverage based content distribution using T-covering set can significantly reduce content delivery cost with minimal delay and no sacrifice in coverage.
  • Thumbnail Image
    Item
    Enhancing and Implementing Fully Transparent Internet Voting
    (IEEE, 2015-08) Butterfield, Kevin; Li, Huian; Zou, Xukai; Li, Feng; Department of Computer & Information Science, School of Science
    Voting over the internet has been the focus of significant research with the potential to solve many problems. Current implementations typically suffer from a lack of transparency, where the connection between vote casting and result tallying is seen as a black box by voters. A new protocol was recently proposed that allows full transparency, never obfuscating any step of the process, and splits authority between mutually-constraining conflicting parties. Achieving such transparency brings with it challenging issues. In this paper we propose an efficient algorithm for generating unique, anonymous identifiers (voting locations) that is based on the Chinese Remainder Theorem, we extend the functionality of an election to allow for races with multiple winners, and we introduce a prototype of this voting system implemented as a multiplatform web application.
  • Thumbnail Image
    Item
    Survey of Return-Oriented Programming Defense Mechanisms
    (Wiley, 2016-07) Ruan, Yefeng; Kalyanasundaram, Sivapriya; Zou, Xukai; Department of Computer & Information Science, School of Science
    A prominent software security violation-buffer overflow attack has taken various forms and poses serious threats until today. One such vulnerability is return-oriented programming attack. An return-oriented programming attack circumvents the dynamic execution prevention, which is employed in modern operating systems to prevent execution of data segments, and attempts to execute unintended instructions by overwriting the stack exploiting the buffer overflow vulnerability. Numerous defense mechanisms have been proposed in the past few years to mitigate/prevent the attack – compile time methods that add checking logic to the program code before compilation, dynamic methods that monitor the control-flow integrity during execution and randomization methods that aim at randomizing instruction locations. This paper discusses (i) these different static, dynamic, and randomization techniques proposed recently and (ii) compares the techniques based on their effectiveness and performances.
  • Thumbnail Image
    Item
    A Cancellable and Privacy-Preserving Facial Biometric Authentication Scheme
    (IEEE, 2017) Phillips, Tyler; Zou, Xukai; Li, Feng; Computer and Information Science, School of Science
    In recent years, biometric, or "who you are," authentication has grown rapidly in acceptance and use. Biometric authentication offers users the convenience of not having to carry a password, PIN, smartcard, etc. Instead, users will use their inherent biometric traits for authentication and, as a result, risk their biometric information being stolen. The security of users' biometric information is of critical importance within a biometric authentication scheme as compromised data can reveal sensitive information: race, gender, illness, etc. A cancellable biometric scheme, the "BioCapsule" scheme, proposed by researchers from Indiana University Purdue University Indianapolis, aims to mask users' biometric information and preserve users' privacy. The BioCapsule scheme can be easily embedded into existing biometric authentication systems, and it has been shown to preserve user-privacy, be resistant to several types of attacks, and have minimal effects on biometric authentication system accuracy. In this research we present a facial authentication system which employs several cutting-edge techniques. We tested our proposed system on several face databases, both with and without the BioCapsule scheme being embedded into our system. By comparing our results, we quantify the effects the BioCapsule scheme, and its security benefits, have on the accuracy of our facial authentication system.
  • Thumbnail Image
    Item
    Receipt-Freeness and Coercion Resistance in Remote E-Voting Systems
    (Inderscience, 2017) Ruan, Yefeng; Zou, Xukai; Computer and Information Science, School of Science
    Abstract: Remote electronic voting (E-voting) is a more convenient and efficient methodology when compared with traditional voting systems. It allows voters to vote for candidates remotely, however, remote E-voting systems have not yet been widely deployed in practical elections due to several potential security issues, such as vote-privacy, robustness and verifiability. Attackers' targets can be either voting machines or voters. In this paper, we mainly focus on three important security properties related to voters: receipt-freeness, vote-selling resistance, and voter-coercion resistance. In such scenarios, voters are willing or forced to cooperate with attackers. We provide a survey of existing remote E-voting systems, to see whether or not they are able to satisfy these three properties to avoid corresponding attacks. Furthermore, we identify and summarise what mechanisms they use in order to satisfy these three security properties.