Chien-Chung Shen

Hao Guo, Collin Meese, Wanxin Li et al.

Federated Learning (FL) is a privacy-preserving machine learning (ML) technology that enables collaborative training and learning of a global ML model based on aggregating distributed local model updates. However, security and privacy guarantees could be compromised due to malicious participants and the centralized FL server. This article proposed a bi-level blockchained architecture for secure federated learning-based traffic prediction. The bottom and top layer blockchain store the local model and global aggregated parameters accordingly, and the distributed homomorphic-encrypted federated averaging (DHFA) scheme addresses the secure computation problems. We propose the partial private key distribution protocol and a partially homomorphic encryption/decryption scheme to achieve the distributed privacy-preserving federated averaging model. We conduct extensive experiments to measure the running time of DHFA operations, quantify the read and write performance of the blockchain network, and elucidate the impacts of varying regional group sizes and model complexities on the resulting prediction accuracy for the online traffic flow prediction task. The results indicate that the proposed system can facilitate secure and decentralized federated learning for real-world traffic prediction tasks.

Hang Chen, Collin Meese, Mark Nejad et al.

Low-latency traffic prediction is vital for smart city traffic management. Federated Learning has emerged as a promising technique for Traffic Prediction (FLTP), offering several advantages such as privacy preservation, reduced communication overhead, improved prediction accuracy, and enhanced adaptability to changing traffic conditions. However, majority of the current FLTP frameworks lack a real-time model updating scheme, which hinders their ability to continuously incorporate new incoming traffic data and adapt effectively to the changing dynamics of traffic trends. Another concern with the existing FLTP frameworks is their reliance on the conventional FL model aggregation method, which involves assigning an identical model (i.e., the global model) to all traffic monitoring devices to predict their individual local traffic trends, thereby neglecting the non-IID characteristics of traffic data collected in different locations. Building upon these findings and harnessing insights from reinforcement learning, we propose NeighborFL, an individualized real-time federated learning scheme that introduces a haversine distance-based and error-driven, personalized local models grouping heuristic from the perspective of each individual traffic node. This approach allows NeighborFL to create location-aware and tailored prediction models for each client while fostering collaborative learning. Simulations demonstrate the effectiveness of NeighborFL, offering improved real-time prediction accuracy over three baseline models, with one experimental setting showing a 16.9% reduction in MSE value compared to a naive FL setting.

Hang Chen, Syed Ali Asif, Jihong Park et al.

Federated learning (FL) is a promising distributed learning solution that only exchanges model parameters without revealing raw data. However, the centralized architecture of FL is vulnerable to the single point of failure. In addition, FL does not examine the legitimacy of local models, so even a small fraction of malicious devices can disrupt global training. To resolve these robustness issues of FL, in this paper, we propose a blockchain-based decentralized FL framework, termed VBFL, by exploiting two mechanisms in a blockchained architecture. First, we introduced a novel decentralized validation mechanism such that the legitimacy of local model updates is examined by individual validators. Second, we designed a dedicated proof-of-stake consensus mechanism where stake is more frequently rewarded to honest devices, which protects the legitimate local model updates by increasing their chances of dictating the blocks appended to the blockchain. Together, these solutions promote more federation within legitimate devices, enabling robust FL. Our emulation results of the MNIST classification corroborate that with 15% of malicious devices, VBFL achieves 87% accuracy, which is 7.4x higher than Vanilla FL.

Hao Guo, Wanxin Li, Ehsan Meamari et al.

The global Electronic Health Record (EHR) market is growing dramatically and has already hit $31.5 billion in 2018. To safeguard the security of EHR data and privacy of patients, fine-grained information access and sharing mechanisms are essential for EHR management. This paper proposes a hybrid architecture of blockchain and edge nodes to facilitate EHR management. In this architecture, we utilize attribute-based multi-signature (ABMS) scheme to authenticate user's signatures without revealing the sensitive information and multi-authority attribute-based encryption (ABE) scheme to encrypt EHR data which is stored on the edge node. We develop the blockchain module on Hyperledger Fabric platform and the ABMS module on Hyperledger Ursa library. We measure the signing and verifying time of the ABMS scheme under different settings, and experiment with the authentication events and access activities which are logged as transactions in blockchain.

Ehsan Meamari, Hao Guo, Chien-Chung Shen et al.

Attribute-based Encryption (ABE) is an information centric security solution that moves beyond traditional restrictions of point-to-point encryption by allowing for flexible, fine-grain policy-based and content-based access control that is cryptographically enforced. As the original ABE systems are managed by a single authority, several efforts have decentralized different ABE schemes to address the key escrow problem, where the authority can issue secret keys to itself to decrypt all the ciphertext. However, decentralized ABE (DABE) schemes raise the issue of collusion attacks. In this paper, we review two existing types of collusion attacks on DABE systems, and introduce a new type of collusion among authorities and data users. We show that six existing DABE systems are vulnerable to the newly introduced collusion and propose a model to secure one of the DABE schemes.

Ehsan Meamari, Chien-Chung Shen

Since Bitcoin's inception in 2008, it has became attractive investments for both trading and mining. To mine Bitcoins, a miner has to invest in computing power and pay for electricity to solve cryptographic puzzles for rewards, if it becomes the first to solve a puzzle, paid in Bitcoin. Given that mining is such a resource intensive effort, miners seek new strategies trying to make the mining process more profitable.

Ehsan Meamari, Hao Guo, Chien-Chung Shen et al.

Attribute-Based Encryption (ABE) has emerged as an information-centric public-key cryptographic system which allows a data owner to share data, according to access policy, with multiple data users based on the attributes they possess, without knowing their identities. In the original ABE schemes, a central authority administrates the system and issues secret keys to data users based on their attributes and both the owner and users need to trust a specific CA. However, in certain real-world applications, the data users would not trust anyone but themselves. For such situations, we introduce a new decentralization model of ABE, termed Data User-based ABE (DU-ABE), which is managed jointly by the data users. DU-ABE is the first decentralized ABE scheme that replaces the authorities with the data users without employing any other extra entities.

Hao Guo, Wanxin Li, Mark Nejad et al.

The global Electronic Health Record (EHR) market is growing dramatically and expected to reach $39.7 billions by 2022. To safe-guard security and privacy of EHR, access control is an essential mechanism for managing EHR data. This paper proposes a hybrid architecture to facilitate access control of EHR data by using both blockchain and edge node. Within the architecture, a blockchain-based controller manages identity and access control policies and serves as a tamper-proof log of access events. In addition, off-chain edge nodes store the EHR data and apply policies specified in Abbreviated Language For Authorization (ALFA) to enforce attribute-based access control on EHR data in collaboration with the blockchain-based access control logs. We evaluate the proposed hybrid architecture by utilizing Hyperledger Composer Fabric blockchain to measure the performance of executing smart contracts and ACL policies in terms of transaction processing time and response time against unauthorized data retrieval.

Hao Guo, Ehsan Meamari, Chien-Chung Shen

Attribute-based access control makes access control decisions based on the assigned attributes of subjects and the access policies to protect objects by mediating operations from the subjects. Authority, which validates attributes of subjects, is one key component to facilitate attribute-based access control. In an increasingly decentralized society, multiple attributes possessed by subjects may need to be validated by multiple different authorities. This paper proposes a multi-authority attribute-based access control scheme by using Ethereum's smart contracts. In the proposed scheme, Ethereum smart contracts are created to define the interactions between data owner, data user, and multiple attribute authorities. A data user presents its attributes to different attribute authorities, and after successful validation of attributes, obtains attribute tokens from respective attribute authorities. After collecting enough attribute tokens, a smart contract will be executed to issue secret key to the data user to access the requested object. The smart contracts for multi-authority attribute-based access control have been prototyped in Solidity, and their performance has been evaluated on the Rinkeby Ethereum Testnet.

Marcos Portnoi, Chien-Chung Shen

We introduce LOCATHE (Location-Enhanced Authenticated Key Exchange), a generic protocol that pools location, user attributes, access policy and desired services into a multi-factor authentication, allowing two peers to establish a secure, encrypted session and perform mutual authentication with pre-shared keys, passwords and other authentication factors. LOCATHE contributes to: (1) forward secrecy through ephemeral session keys; (2) security through zero-knowledge password proofs (ZKPP), such that no passwords can be learned from the exchange; (3) the ability to use not only location, but also multiple authentication factors from a user to a service; (4) providing a two-tiered privacy authentication scheme, in which a user may be authenticated either based on her attributes (hiding her unique identification), or with a full individual authentication; (5) employing the expressiveness and flexibility of Decentralized or Multi-Authority Ciphertext-Policy Attribute-Based Encryption, allowing multiple service providers to control their respective key generation and attributes.

Marcos Portnoi, Chien-Chung Shen

This work presents an application of the highly expressive Attribute-Based Encryption to implement Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the user and the firearm are received by embedded hardware in the firearms, which then advises the user about safe operations. The Secure Zones utilize Attribute-Based Encryption to encode the policies and user attributes, and providing privacy and security through it cryptography. We describe a holistic approach to evolving the firearm to a cyber-physical system to aid in augmenting safety. We introduce a conceptual model for a firearm equipped with sensors and a context-aware software agent. Based on the information from the sensors, the agent can access the context and inform the user of potential unsafe operations. To support Secure Zones and the cyber-physical firearm model, we propose a Key Infrastructure Scheme for key generation, distribution, and management, and a Context-Aware Software Agent Framework for Firearms.

Marcos Portnoi, Chien-Chung Shen

This work presents a mobile sign-on scheme, which utilizes Bluetooth Low Energy beacons for location awareness and Attribute-Based Encryption for expressive, broadcast-style key exchange. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login. The effect is a "traveling" sign-on that accompanies the user throughout different locations.

Marcos Portnoi, Chien-Chung Shen

This work presents an application of the highly expressive Attribute-Based Encryption to implement wireless-delimited Secure Zones for firearms. Within these zones, radio-transmitted local policies based on attributes of the consumer and the firearm are received by embedded hardware in the firearms, which then advises the consumer about safe operations. The Secure Zones utilize Attribute-Based Encryption to encode the policies and consumer or user attributes, and providing privacy and security through it cryptography. We describe a holistic approach to evolving the firearm to a cyber-physical system to aid in augmenting safety. We introduce a conceptual model for a firearm equipped with sensors and a context-aware software agent. Based on the information from the sensors, the agent can access the context and inform the consumer of potential unsafe operations. To support Secure Zones and the cyber-physical firearm model, we propose a Key Infrastructure Scheme for key generation, distribution, and management, and a Context-Aware Software Agent Framework for Firearms.

Marcos Portnoi, Chien-Chung Shen

Traditional user authentication involves entering a username and password into a system. Strong authentication security demands, among other requirements, long, frequently hard-to-remember passwords. Two-factor authentication aids in the security, even though, as a side effect, might worsen user experience. We depict a mobile sign-on scheme that benefits from the dynamic relationship between a user's attributes, the service the user wishes to utilize, and location (where the user is, and what services are available there) as an authentication factor. We demonstrate our scheme employing Bluetooth Low Energy beacons for location awareness and the expressiveness of Attribute-Based Encryption to capture and leverage the described relationship. Bluetooth Low Energy beacons broadcast encrypted messages with encoded access policies. Within range of the beacons, a user with appropriate attributes is able to decrypt the broadcast message and obtain parameters that allow the user to perform a short or simplified login.

Yu Sun, Louis F. Rossi, Chien-Chung Shen et al.

Swarm dynamics is the study of collections of agents that interact with one another without central control. In natural systems, insects, birds, fish and other large mammals function in larger units to increase the overall fitness of the individuals. Their behavior is coordinated through local interactions to enhance mate selection, predator detection, migratory route identification and so forth [Andersson and Wallander 2003; Buhl et al. 2006; Nagy et al. 2010; Partridge 1982; Sumpter et al. 2008]. In artificial systems, swarms of autonomous agents can augment human activities such as search and rescue, and environmental monitoring by covering large areas with multiple nodes [Alami et al. 2007; Caruso et al. 2008; Ogren et al. 2004; Paley et al. 2007; Sibley et al. 2002]. In this paper, we explore the interplay between swarm dynamics, covert leadership and theoretical information transfer. A leader is a member of the swarm that acts upon information in addition to what is provided by local interactions. Depending upon the leadership model, leaders can use their external information either all the time or in response to local conditions [Couzin et al. 2005; Sun et al. 2013]. A covert leader is a leader that is treated no differently than others in the swarm, so leaders and followers participate equally in whatever interaction model is used [Rossi et al. 2007]. In this study, we use theoretical information transfer as a means of analyzing swarm interactions to explore whether or not it is possible to distinguish between followers and leaders based on interactions within the swarm. We find that covert leaders can be distinguished from followers in a swarm because they receive less transfer entropy than followers.