Yannan Li

Yannan Li, Jingbo Wang, Chao Wang

We propose a method for certifying the fairness of the classification result of a widely used supervised learning algorithm, the k-nearest neighbors (KNN), under the assumption that the training data may have historical bias caused by systematic mislabeling of samples from a protected minority group. To the best of our knowledge, this is the first certification method for KNN based on three variants of the fairness definition: individual fairness, $ε$-fairness, and label-flipping fairness. We first define the fairness certification problem for KNN and then propose sound approximations of the complex arithmetic computations used in the state-of-the-art KNN algorithm. This is meant to lift the computation results from the concrete domain to an abstract domain, to reduce the computational cost. We show effectiveness of this abstract interpretation based technique through experimental evaluation on six datasets widely used in the fairness research literature. We also show that the method is accurate enough to obtain fairness certifications for a large number of test inputs, despite the presence of historical bias in the datasets.

Yannan Li, Jingbo Wang, Chao Wang

Data poisoning aims to compromise a machine learning based software component by contaminating its training set to change its prediction results for test inputs. Existing methods for deciding data-poisoning robustness have either poor accuracy or long running time and, more importantly, they can only certify some of the truly-robust cases, but remain inconclusive when certification fails. In other words, they cannot falsify the truly-non-robust cases. To overcome this limitation, we propose a systematic testing based method, which can falsify as well as certify data-poisoning robustness for a widely used supervised-learning technique named k-nearest neighbors (KNN). Our method is faster and more accurate than the baseline enumeration method, due to a novel over-approximate analysis in the abstract domain, to quickly narrow down the search space, and systematic testing in the concrete domain, to find the actual violations. We have evaluated our method on a set of supervised-learning datasets. Our results show that the method significantly outperforms state-of-the-art techniques, and can decide data-poisoning robustness of KNN prediction results for most of the test inputs.

Yanqi Zhao, Yiming Liu, Yong Yu et al.

A large number of IoT devices are connected via the Internet. However, most of these IoT devices are generally not perfect-by-design even have security weaknesses or vulnerabilities. Thus, it is essential to update these IoT devices securely, patching their vulnerabilities and protecting the safety of the involved users. Existing studies deliver secure and reliable updates based on blockchain network which serves as the transmission network. However, these approaches could compromise users privacy when updating the IoT devices. In this paper, we propose a new blockchain based privacy-preserving software updates protocol, which delivers secure and reliable updates with an incentive mechanism, as well protects the privacy of involved users. The vendor delivers the updates and it makes a commitment by using a smart contract to provide financial incentive to the transmission nodes who deliver the updates to the IoT devices. A transmission node gets financial incentive by providing a proof-of-delivery. The transmission node uses double authentication preventing signature (DAPS) to carry out the fair exchange to obtain the proof-of-delivery. Specifically, the transmission node exchanges an attribute-based signature from a IoT device by using DAPS. Then, it uses the attribute-based signature as a proof-of-delivery to receive financial incentives. Generally, the IoT device has to execute complex computation for an attribute-based signature (ABS). It is intolerable for resource limited devices. We propose a concrete outsourced attribute-based signature (OABS) scheme to resist the weakness. Then, we prove the security of the proposed OABS and the protocol as well. Finally, we implement smart contract in Solidity to demonstrate the validity of the proposed protocol.

Yannan Li, Willy Susilo, Guomin Yang et al.

The Internet of Things (IoT) is experiencing explosive growth and has gained extensive attention from academia and industry in recent years. Most of the existing IoT infrastructures are centralized, in which the presence of a cloud server is mandatory. However, centralized frameworks suffer from the issues of unscalability and single-point-of-failure. Consequently, decentralized IoT has been proposed by taking advantage of the emerging technology of Blockchain. Voting systems are widely adopted in IoT, such as a leader election in wireless sensor networks. Self-tallying voting systems are alternatives to traditional centralized voting systems in decentralized IoT since the traditional ones are not suitable for such scenarios. Unfortunately, self-tallying voting systems inherently suffer from fairness issues, such as adaptive and abortive issues caused by malicious voters. In this paper, we introduce a framework of self-tallying systems in decentralized IoT based on Blockchain. We propose a concrete construction and prove the proposed system satisfies all the security requirements including fairness, dispute-freeness and maximal ballot secrecy. The implementations on mobile phones demonstrate the practicability of our system.

Lingyue Zhang, Huilin Li, Yannan Li et al.

Cryptocurrencies, led by bitcoin launched in 2009, have obtained wide attention due to the emerging Blockchain in recent years. Anonymous cryptocurrencies are highly essential since users want to preserve their privacy when conducting transactions. However, some users might misbehave with the cover of anonymity such as rampant trafficking and extortion. Thus, it is important to balance anonymity and accountability of anonymous cryptocurrencies. In this paper, we solve this issue by proposing a linkable group signature (LGS) for signing cryptocurrency transactions, which can be used to trace a payer's identity in consortium blockchain based anonymous cryptocurrencies, in case the payer tries illegal activities. A payer keeps anonymous if he/she behaves honestly. We prove that the proposed scheme achieves full-anonymity, full-traceability and linkability in the random oracle. Implementation of the proposed LGS scheme demonstrates its high efficiency thus, can be adopted in anonymous cryptocurrencies in reality.

Yong Yu, Yannan Li, Xiaojiang Du et al.

Information-Centric Networks (ICN) are promising alternatives to current Internet architecture since the Internet struggles with a number of issues such as scalability, mobility and security. ICN offers a number of potential benefits including reduced congestion and enhanced delivery performance by employing content caching, simpler network configurations and stronger security for the content. Named Data Networking (NDN), an instance of the ICN, enables content delivery instead of host-centric approaches by naming data rather than the host. In order to make NDN practical in the real world, the challenging issues of content security need to be addressed. In this article, we examine the architecture, content security as well as possible solutions to these issues of NDN, with a special focus on content integrity and provenance. We propose a variety of digital signature schemes to achieve the data integrity and origin authentication in NDN for various applications, which include cost-effective signatures, privacy-preserving signatures, network coding signatures, and post-quantum signatures. We also present the speed-up techniques in generating signatures and verifying signatures such as pre-computation, batch verification and server-aided verification to reduce the computational cost of the producers and receivers in NDN. A number of certificate-free trust management approaches and possible adoptions in NDN are investigated.

Yong Yu, Yujie Ding, Yanqi Zhao et al.

Currently, the number of Internet of Thing (IoT) devices making up the IoT is more than 11 billion and this number has been continuously increasing. The prevalence of these devices leads to an emerging IoT business model called Device-as-a-service(DaaS), which enables sensor devices to collect data disseminated to all interested devices. The devices sharing data with other devices could receive some financial reward such as Bitcoin. However, side-channel attacks, which aim to exploit some information leaked from the IoT devices during data trade execution, are possible since most of the IoT devices are vulnerable to be hacked or compromised. Thus, it is challenging to securely realize data trading in IoT environment due to the information leakage such as leaking the private key for signing a Bitcoin transaction in Bitcoin system. In this paper, we propose LRCoin, a kind of leakage-resilient cryptocurrency based on bitcoin in which the signature algorithm used for authenticating bitcoin transactions is leakage-resilient. LRCoin is suitable for the scenarios where information leakage is inevitable such as IoT applications. Our core contribution is proposing an efficient bilinear-based continual-leakage-resilient ECDSA signature. We prove the proposed signature algorithm is unforgeable against adaptively chosen messages attack in the generic bilinear group model under the continual leakage setting. Both the theoretical analysis and the implementation demonstrate the practicability of the proposed scheme.

Yong Yu, Liang Xue, Yannan Li et al.

The advances of cloud computing, fog computing and Internet of Things (IoT) make the industries more prosperous than ever. A wide range of industrial systems such as transportation systems and manufacturing systems have been developed by integrating cloud computing, fog computing and IoT successfully. Security and privacy issues are a major concern that hinders the wide adoptions of these novel techniques. In this paper, we focus on assured data deletion, an issue which is important but received less attention in academia and industry. We firstly propose a framework to integrate the cloud, the fog and the things together to manage the stored data from industries or individuals. We then focus on secure data deletion in this framework by proposing an assured data deletion scheme which fulfills fine-grained access control over sensitive data and verifiable data deletion. Only the data owners and the fog devices are involved when deleting a data key and validating the data deletion, which makes the protocol practical due to the features of low latency and real-time interaction of fog computing. The proposed protocol takes advantage of attribute-based encryption and is provably secure under the standard model. The theoretical analysis shows the good performance and functionality requirements while the implementation results demonstrate the feasibility of our proposal.

Xin Jin, Yannan Li, Ningning Liu et al.

Image relighting is to change the illumination of an image to a target illumination effect without known the original scene geometry, material information and illumination condition. We propose a novel outdoor scene relighting method, which needs only a single reference image and is based on material constrained layer decomposition. Firstly, the material map is extracted from the input image. Then, the reference image is warped to the input image through patch match based image warping. Lastly, the input image is relit using material constrained layer decomposition. The experimental results reveal that our method can produce similar illumination effect as that of the reference image on the input image using only a single reference image.