Xukai Zou

Permanent URI for this collection

Creating Secure and Private-Preserving Cyber Infrastructure

The project is the first attempt to build a secure, holistic, and resilient cybersecurity architecture for any computing systems so that different types of users can remotely access and share protected data/resource/workflow in a free, flexible, yet finely-controlled, manner. The developed secure infrastructure will provide multi-level comprehensive protection from user authentication to fine-tuned data access, to confidentiality, integrity, availability, and traceability. The developed secure architecture is based on cutting-edge and advanced security technologies most of which have been invented or designed by Professor Zou and his team of researchers. The secure architecture can be applied to any multi-user and dynamic data/resource sharing systems and cyber infrastructures such as scientific infrastructures, health care systems, power-grid infrastructures, law-enforcement and forensic systems, and secure smart-city and smart-home infrastructures to protect the systems or infrastructures from both internal and external attacks.

Professor Zou's translation of research into secure, online transactions and interactions is another excellent example of how IUPUI's faculty members are TRANSLATING their RESEARCH INTO PRACTICE.


Recent Submissions

Now showing 1 - 10 of 24
  • Item
    Electronic Voting Technology Inspired Interactive Teaching and Learning Pedagogy and Curriculum Development for Cybersecurity Education
    (Springer, 2021-07) Hosler, Ryan; Zou, Xukai; Bishop, Matt; Computer and Information Science, School of Science
    Cybersecurity is becoming increasingly important to individuals and society alike. However, due to its theoretical and practical complexity, keeping students interested in the foundations of cybersecurity is a challenge. One way to excite such interest is to tie it to current events, for example elections. Elections are important to both individuals and society, and typically dominate much of the news before and during the election. We are developing a curriculum based on elections and, in particular, an electronic voting protocol. Basing the curriculum on an electronic voting framework allows one to teach critical cybersecurity concepts such as authentication, privacy, secrecy, access control, encryption, and the role of non-technical factors such as policies and laws in cybersecurity, which must include societal and human factors. Student-centered interactions and projects allow them to apply the concepts, thereby reinforcing their learning.
  • Item
    Hardware Speculation Vulnerabilities and Mitigations
    (IEEE, 2021-10) Swearingen, Nathan; Hosler, Ryan; Zou, Xukai; Computer and Information Science, School of Science
    This paper will discuss speculation vulnerabilities, which arise from hardware speculation, an optimization technique. Unlike many other types of vulnerabilities, these are very difficult to patch completely, and there are techniques developed to mitigate them. We will look at many of the variants of this type of vulnerability. We will look at the techniques mitigating those vulnerabilities and the effectiveness and scope of each. Finally, we will compare and evaluate different vulnerabilities and mitigation techniques and recommend how various mitigation techniques apply to different situations.
  • Item
    Learning Discriminative Features for Adversarial Robustness
    (IEEE Xplore, 2022-04) Hosler, Ryan; Phillips, Tyler; Yu, Xiaoyuan; Sundar, Agnideven; Zou, Xukai; Li, Feng; Computer and Information Science, School of Science
    Deep Learning models have shown incredible image classification capabilities that extend beyond humans. However, they remain susceptible to image perturbations that a human could not perceive. A slightly modified input, known as an Adversarial Example, will result in drastically different model behavior. The use of Adversarial Machine Learning to generate Adversarial Examples remains a security threat in the field of Deep Learning. Hence, defending against such attacks is a studied field of Deep Learning Security. In this paper, we present the Adversarial Robustness of discriminative loss functions. Such loss functions specialize in either inter-class or intra-class compactness. Therefore, generating an Adversarial Example should be more difficult since the decision barrier between different classes will be more significant. We conducted White-Box and Black-Box attacks on Deep Learning models trained with different discriminative loss functions to test this. Moreover, each discriminative loss function will be optimized with and without Adversarial Robustness in mind. From our experimentation, we found White-Box attacks to be effective against all models, even those trained for Adversarial Robustness, with varying degrees of effectiveness. However, state-of-the-art Deep Learning models, such as Arcface, will show significant Adversarial Robustness against Black-Box attacks while paired with adversarial defense methods. Moreover, by exploring Black-Box attacks, we demonstrate the transferability of Adversarial Examples while using surrogate models optimized with different discriminative loss functions.
  • Item
    Energy-Efficient Device Selection in Federated Edge Learning
    (IEEE, 2021-07) Peng, Cheng; Hu, Qin; Chen, Jianan; Kang, Kyubyung; Li, Feng; Zou, Xukai; Computer and Information Science, School of Science
    Due to the increasing demand from mobile devices for the real-time response of cloud computing services, federated edge learning (FEL) emerges as a new computing paradigm, which utilizes edge devices to achieve efficient machine learning while protecting their data privacy. Implementing efficient FEL suffers from the challenges of devices’ limited computing and communication resources, as well as unevenly distributed datasets, which inspires several existing research focusing on device selection to optimize time consumption and data diversity. However, these studies fail to consider the energy consumption of edge devices given their limited power supply, which can seriously affect the cost-efficiency of FEL with unexpected device dropouts. To fill this gap, we propose a device selection model capturing both energy consumption and data diversity optimization, under the constraints of time consumption and training data amount. Then we solve the optimization problem by reformulating the original model and designing a novel algorithm, named E2DS, to reduce the time complexity greatly. By comparing with two classical FEL schemes, we validate the superiority of our proposed device selection mechanism for FEL with extensive experimental results.
  • Item
    Usability and Security of Different Authentication Methods for an Electronic Health Records System
    (arXiv, 2021) Purkayastha, Saptarshi; Goyal, Shreya; Oluwalade, Bolu; Phillips, Tyler; Wu, Huanmei; Zou, Xukai; BioHealth Informatics, School of Informatics and Computing
    We conducted a survey of 67 graduate students enrolled in the Privacy and Security in Healthcare course at Indiana University Purdue University Indianapolis. This was done to measure user preference and their understanding of usability and security of three different Electronic Health Records authentication methods: single authentication method (username and password), Single sign-on with Central Authentication Service (CAS) authentication method, and a bio-capsule facial authentication method. This research aims to explore the relationship between security and usability, and measure the effect of perceived security on usability in these three aforementioned authentication methods. We developed a formative-formative Partial Least Square Structural Equation Modeling (PLS-SEM) model to measure the relationship between the latent variables of Usability, and Security. The measurement model was developed using five observed variables (measures). - Efficiency and Effectiveness, Satisfaction, Preference, Concerns, and Confidence. The results obtained highlight the importance and impact of these measures on the latent variables and the relationship among the latent variables. From the PLS-SEM analysis, it was found that security has a positive impact on usability for Single sign-on and bio-capsule facial authentication methods. We conclude that the facial authentication method was the most secure and usable among the three authentication methods. Further, descriptive analysis was done to draw out the interesting findings from the survey regarding the observed variables.
  • Item
    AuthN-AuthZ: Integrated, User-Friendly and Privacy-Preserving Authentication and Authorization
    (IEEE, 2020-10) Phillips, Tyler; Yu, Xiaoyuan; Haakenson, Brandon; Goyal, Shreya; Zou, Xukai; Purkayastha, Saptarshi; Wu, Huanmei; BioHealth Informatics, School of Informatics and Computing
    In this paper, we propose a novel, privacy-preserving, and integrated authentication and authorization scheme (dubbed as AuthN-AuthZ). The proposed scheme can address both the usability and privacy issues often posed by authentication through use of privacy-preserving Biometric-Capsule-based authentication. Each Biometric-Capsule encapsulates a user's biometric template as well as their role within a hierarchical Role-based Access Control model. As a result, AuthN-AuthZ provides novel efficiency by performing both authentication and authorization simultaneously in a single operation. To the best of our knowledge, our scheme's integrated AuthN-AuthZ operation is the first of its kind. The proposed scheme is flexible in design and allows for the secure use of robust deep learning techniques, such as the recently proposed and current state-of-the-art facial feature representation method, ArcFace. We conduct extensive experiments to demonstrate the robust performance of the proposed scheme and its AuthN-AuthZ operation.
  • Item
    Understanding Shilling Attacks and Their Detection Traits: A Comprehensive Survey
    (IEEE, 2020-09) Palanisamy Sundar, Agnideven; Li, Feng; Zou, Xukai; Gao, Tianchong; Russomanno, Evan D.; Computer and Information Science, School of Science
    The internet is the home for huge volumes of useful data that is constantly being created making it difficult for users to find information relevant to them. Recommendation System is a special type of information filtering system adapted by online vendors to provide recommendations to their customers based on their requirements. Collaborative filtering is one of the most widely used recommendation systems; unfortunately, it is prone to shilling/profile injection attacks. Such attacks alter the recommendation process to promote or demote a particular product. Over the years, multiple attack models and detection techniques have been developed to mitigate the problem. This paper aims to be a comprehensive survey of the shilling attack models, detection attributes, and detection algorithms. Additionally, we unravel and classify the intrinsic traits of the injected profiles that are exploited by the detection algorithms, which has not been explored in previous works. We also briefly discuss recent works in the development of robust algorithms that alleviate the impact of shilling attacks, attacks on multi-criteria systems, and intrinsic feedback based collaborative filtering methods.
  • Item
    Multi-Armed-Bandit-based Shilling Attack on Collaborative Filtering Recommender Systems
    (IEEE, 2020-12) Palanisamy Sundar, Agnideven; Li, Feng; Zou, Xukai; Hu, Qin; Gao, Tianchong; Computer and Information Science, School of Science
    Collaborative Filtering (CF) is a popular recommendation system that makes recommendations based on similar users' preferences. Though it is widely used, CF is prone to Shilling/Profile Injection attacks, where fake profiles are injected into the CF system to alter its outcome. Most of the existing shilling attacks do not work on online systems and cannot be efficiently implemented in real-world applications. In this paper, we introduce an efficient Multi-Armed-Bandit-based reinforcement learning method to practically execute online shilling attacks. Our method works by reducing the uncertainty associated with the item selection process and finds the most optimal items to enhance attack reach. Such practical online attacks open new avenues for research in building more robust recommender systems. We treat the recommender system as a black box, making our method effective irrespective of the type of CF used. Finally, we also experimentally test our approach against popular state-of-the-art shilling attacks.
  • Item
    User-Friendly Design of Cryptographically-Enforced Hierarchical Role-based Access Control Models
    (IEEE, 2020-08) Yu, Xiaoyuan; Haakenson, Brandon; Phillips, Tyler; Zou, Xukai; Computer and Information Science, School of Science
    Data access control is a critical issue for any organization generating, recording or leveraging sensitive information. The popular Role-based Access Control (RBAC) model is well- suited for large organizations with various groups of personnel, each needing their own set of data access privileges. Unfortunately, the traditional RBAC model does not involve the use of cryptographic keys needed to enforce access control policies and protect data privacy. Cryptography-based Hierarchical Access Control (CHAC) models, on the other hand, have been proposed to facilitate RBAC models and directly enforce data privacy and access controls through the use of key management schemes. Though CHAC models and efficient key management schemes can support large and dynamic organizations, they are difficult to design and maintain without intimate knowledge of symmetric encryption, key management and hierarchical access control models. Therefore, in this paper we propose an efficient algorithm which automatically generates a fine-grained CHAC model based on the input of a highly user-friendly representation of access control policies. The generated CHAC model, the dual-level key management (DLKM) scheme, leverages the collusion-resistant Access Control Polynomial (ACP) and Atallah's Efficient Key Management scheme in order to provide privacy at both the data and user levels. As a result, the proposed model generation algorithm serves to democratize the use of CHAC. We analyze each component of our proposed system and evaluate the resulting performance of the user-friendly CHAC model generation algorithm, as well as the DLKM model itself, along several dimensions.
  • Item
    Design and Implementation of Privacy-Preserving, Flexible and Scalable Role-Based Hierarchical Access Control
    (IEEE, 2019-12) Phillips, Tyler; Yu, Xiaoyuan; Haakenson, Brandon; Zou, Xukai; Computer and Information Science, School of Science
    In many domains, organizations must model personnel and corresponding data access privileges as fine-grained hierarchical access control models. One class of such models, Role-based Access Control (RBAC) models, has been widely accepted and deployed. However, RBAC models are often used without involving cryptographic keys nor considering confidentiality/privacy at the data level. How to design, implement and dynamically modify such a hierarchy, ensure user and data privacy and distribute and manage necessary cryptographic keys are issues of the utmost importance. One elegant solution for cryptography-based hierarchical access control combines the collusion-resistant and privacy-preserving Access Control Polynomial (ACP) and Atallah's Dynamic and Efficient Extended Key Management scheme. Such a model involves cryptographic keys used to encrypt data, can address confidentiality/privacy at the data level and can efficiently support dynamic changes to the RBAC access hierarchy. In this paper, we discuss several implementation challenges and propose solutions when deploying such a system including: data encryption and decryption, key storage and key distribution. Furthermore, we provide analysis of the efficiency and scalability of the resulting system.