NeTS: Medium: Collaborative Research: Secure and Usable Indoor Navigation for Individuals with Visual Impairment

Sponsored by the U.S. National Science Foundation (Awards # CNS-1514381 and CNS-1514014)
Duration: 09/01/2015-08/31/2019

                  


Welcome to the website of our research project: "NeTS: Medium: Collaborative Research: Secure and Usable Indoor Navigation for Individuals with Visual Impairment". This project is a collaborative effort Arizona State University of Arizona and University of Delaware. This website is created and maintained to disseminate and share research results and other information related to the project.

Project Description

Despite significant effort on novel wireless and mobile applications for sighted people, novel wireless and mobile applications to improve the wellbeing of visually impaired individuals remain largely underexplored. The biggest everyday challenge for visually impaired individuals is safe and quick navigation to reach a desired destination in unfamiliar outdoor/indoor environments. Outdoor navigation for unsighted people can be greatly facilitated by GPS-based aids which unfortunately do not work in indoor environments lack of GPS signals. This proposal outlines a challenging research plan on developing, prototyping, and evaluating a secure and usable indoor navigation system for the visually impaired. The scientific promise of the proposed research will expand the fundamental understandings about indoor navigation for the visually impaired with the potential to open a new research direction. Successful development and implementations of the proposed techniques will have profound impact on allowing visually impaired individuals to have indoor navigation and wayfinding as sighted people, thus significantly improving the mobility and wellbeing of millions of visually impaired users in the US and around the world.

The proposed research consists of six main research thrusts. The first thrust is to investigate novel crowdsourcing-based techniques to construct accurate indoor floor plans for arbitrary indoor venues with or without large open spaces. The second thrust is to develop secure cooperative techniques to detect and minimize the impact of fake mobility traces submitted by dishonest crowdsourcing workers. The third thrust is to investigate crowdsourcing-based construction of an indoor image database that can well characterize and visualize an indoor venue. The fourth thrust is to develop crowdsourcing-based techniques to enable accurate point-to-point indoor navigation for the visually impaired. The fifth thrust is to investigate novel techniques that can provide visually impaired individuals enhanced indoor navigation experience similar to what sighted persons can get. The last thrust is to implement the proposed indoor navigation system and thoroughly evaluate its efficacy, efficiency, and usability.

 


Personnel

Principal Investigators

Dr. Yanchao Zhang (Lead PI)
Associate Professor
School of Electrical, Computer and Energy Engineering
Arizona State University
Email: yczhang@asu.edu
Homepage: http://cnsg.asu.edu/zhang/

Dr. Rui Zhang (PI)
Assistant Professor
Department of Computer and Information Sciences
University of Delaware
Email: ruizhang@udel.edu
Homepage: https://www.eecis.udel.edu/~ruizhang/

Co-Principal Investigator

Dr. Terri M. Hedgpeth
Director
Disability Resource Center
Arizona State University 
Email: terrih@asu.edu
Homepage:

Graduate Students

Tao Li
Ph.D. student
School of Electrical, Computer and Energy Engineering
Arizona State University
Email: tli@asu.edu
Homepage:

 

Yidan Hu
Ph.D. student
Department of Computer and Information Sciences
University of Delaware
Email: yidanhu@udel.edu
Homepage:

 

Lizhou Yuan
Ph.D. student
Department of Computer and Information Sciences
University of Delaware
Email: lizhou@udel.edu
Homepage:

 

Wenxin Chen (09/01/2015-07/31/2016)
Ph.D. student
Department of Electrical Engineering
University of Hawaii
Email: yidanhu@udel.edu
Homepage:


Publications

  1. Your face your feart: Secure mobile face authentication with photoplethysmograms
    Yimin Chen, Jingchao Sun, Xiaocong Jin, Tao Li, Rui Zhang, and Yanchao Zhang
    IEEE International Conference on Computer Communications (INFOCOM), 2017.

    Summary: Face authentication emerges as a powerful method for preventing unauthorized access to mobile devices. It is, however, vulnerable to photo-based forgery attacks (PFA) and videobased forgery attacks (VFA), in which the adversary exploits a photo or video containing the user’s frontal face. Effective defenses against PFA and VFA often rely on liveness detection, which seeks to find a live indicator that the submitted face photo or video of the legitimate user is indeed captured in real time. In this paper, we propose FaceHeart, a novel and practical face authentication system for mobile devices. FaceHeart simultaneously takes a face video with the front camera and a fingertip video with the rear camera on COTS mobile devices. It then achieves liveness detection by comparing the two photoplethysmograms independently extracted from the face and fingertip videos, which should be highly consistent if the two videos are for the same live person and taken at the same time. As photoplethysmograms are closely tied to human cardiac activity and almost impossible to forge or control, FaceHeart is strongly resilient to PFA and VFA. Extensive user experiments on Samsung Galaxy S5 have confirmed the high efficacy and efficiency of FaceHeart.

  2. POWERFUL: Mobile app fingerprinting via power analysis
    Yimin Chen, Xiaocong Jin, Jingchao Sun, Rui Zhang, and Yanchao Zhang
    IEEE International Conference on Computer Communications (INFOCOM), 2017.

    Summary: Which apps a mobile user has and how they are used can disclose significant private information about the user. In this paper, we present the design and evaluation of POWERFUL, a new attack which can fingerprint sensitive mobile apps (or infer sensitive app usage) by analyzing the power consumption profiles on Android devices. POWERFUL works on the observation that distinct apps and their different usage patterns all lead to distinguishable power consumption profiles. Since the power profiles on Android devices require no permission to access, POWERFUL is very difficult to detect and can pose a serious threat against user privacy. Extensive experiments involving popular and sensitive apps in Google Play Store show that POWERFUL can identify the app used at any particular time with accuracy up to 92.9%, demonstrating the feasibility of POWERFUL.

  3. Verifiable Social Data Outsourcing
    Xin Yao, Rui Zhang, Yanchao Zhang, and Yaping Lin
    IEEE International Conference on Computer Communications (INFOCOM), 2017.

    Summary: Social data outsourcing is an emerging paradigm for effective and efficient access to the social data. In such a system, a third-party Social Data Provider (SDP) purchases complete social datasets from Online Social Network (OSN) operators and then resells them to data consumers who can be any individuals or entities desiring the complete social data satisfying some criteria. The SDP cannot be fully trusted and may return wrong query results to data consumers by adding fake data and deleting/modifying true data in favor of the businesses willing to pay. In this paper, we initiate the study on verifiable social data outsourcing whereby a data consumer can verify the trustworthiness of the social data returned by the SDP. We propose three schemes for verifiable queries over outsourced social data. The three schemes all require the OSN provider to generate some cryptographic auxiliary information, based on which the SDP can construct a verification object for the data consumer to verify the query-result trustworthiness. They differ in how the auxiliary information is generated and how the verification object is constructed and verified. Extensive experiments based on a real Twitter dataset confirm the high efficacy and efficiency of our schemes.

  4. DPSense: Differentially private crowdsourced spectrum sensing
    Xiaocong Jin, Rui Zhang, Yimin Chen, Tao Li, and Yanchao Zhang
    ACM Conference on Computer and Communications Security (CCS), 2016.

    Summary: Dynamic spectrum access (DSA) has great potential to address worldwide spectrum shortage by enhancing spectrum efficiency. It allows unlicensed secondary users to access the underutilized licensed spectrum when the licensed primary users are not transmitting. As a key enabler for DSA systems, crowdsourced spectrum sensing (CSS) allows a spectrum sensing provider (SSP) to outsource the sensing of spectrum occupancy to distributed mobile users. In this paper, we propose DPSense, a novel framework that allows the SSP to select mobile users for executing spatiotemporal spectrum-sensing tasks without violating the location privacy of mobile users. Detailed evaluations on real location traces confirm that DPSense can provide differential location privacy to mobile users while ensuring that the SSP can accomplish spectrum-sensing tasks with overwhelming probability and also the minimal cost.

  5. iLock: Immediate and automatic locking of mobile devices against data theft
    Tao Li, Yimin Chen, Jingchao Sun, Xiaocong Jin, and Yanchao Zhang
    ACM Conference on Computer and Communications Security (CCS), 2016.

    Summary: Mobile device losses and thefts are skyrocketing. The sensitive data hosted on a lost/stolen device are fully exposed to the adversary. Although password-based authentication mechanisms are available on mobile devices, many users reportedly do not use them, and a device may be lost/stolen while in the unlocked mode. This paper presents the design and evaluation of iLock, a secure and usable defense against data theft on a lost/stolen mobile device. iLock automatically, quickly, and accurately recognizes the user’s physical separation from his/her device by detecting and analyzing the changes in wireless signals. Once significant physical separation is detected, the device is immediately locked to prevent data theft. iLock relies on acoustic signals and requires at least one speaker and one microphone that are available on most COTS (commodity-off-the-shelf) mobile devices. Extensive experiments on Samsung Galaxy S5 show that iLock can lock the device with negligible false positives and negatives.

  6. VISIBLE: Video-Assisted Keystroke Inference from Tablet Backside Motion
    Jingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Rui Zhang, and Yanchao Zhang
    ISOC Network and Distributed System Security Symposium  (NDSS), 2016.

    Summary: The deep penetration of tablets in daily life has made them attractive targets for keystroke inference attacks that aim to infer a tablet user’s typed inputs. We propose VISIBLE, a novel video-assisted keystroke inference framework to infer a tablet user’s typed inputs from surreptitious video recordings of tablet backside motion. VISIBLE is built upon the observation that the keystrokes on different positions of the tablet’s soft keyboard cause its backside to exhibit different motion patterns. VISIBLE uses complex steerable pyramid decomposition to detect and quantify the subtle motion patterns of the tablet backside induced by a user’s keystrokes, differentiates different motion patterns using a multi-class Support Vector Machine, and refines the inference results using a dictionary and linguistic relationship. Extensive experiments demonstrate the high efficacy of VISIBLE for inferring single keys, words, and sentences. In contrast to previous keystroke inference attacks, VISIBLE does not require the attacker to visually see the tablet user’s input process or install any malware on the tablet.

  7. Privacy-Preserving Crowdsourced Spectrum Sensing
    Xiaocong Jin and Yanchao Zhang
    IEEE International Conference on Computer Communications (INFOCOM), 2016.

    Summary: Crowdsourced spectrum sensing has great potential in improving current spectrum database services. Without strong incentives and location privacy protection in place, however, mobile users will be reluctant to act as mobile crowdsourcing workers for spectrum sensing tasks. In this paper, we present PriCSS, the first framework for a crowdsourced spectrum sensing service provider to select spectrum-sensing participants in a differentially privacy-preserving manner. Thorough theoretical analysis and simulation studies show that PriCSS can simultaneously achieve differential location privacy, approximate social cost minimization, and truthfulness.

  8. Secure Outsourced Skyline Query Processing via Untrusted Cloud Service Providers
    Wenxin Chen, Mengjun Liu, Rui Zhang, Yanchao Zhang, and Shubo Liu
    IEEE International Conference on Computer Communications (INFOCOM), 2016.

    Summary: Recent years have witnessed a growing number of location-based service providers (LBSPs) outsourcing their points of interest (POI) datasets to third-party cloud service providers (CSPs), which in turn answer various data queries from mobile users on their behalf. A main challenge in such systems is that the CSPs cannot be fully trusted, which may return fake query results for various bad motives, e.g., in favor of POIs willing to pay. As an important type of queries, location-based skyline queries (LBSQ) ask for the POIs that are not spatially dominated by any other POI with respect to some query position. To tackle this challenge, we propose three novel schemes that enable efficient verification of any LBSQ result returned by an untrusted CSP by embedding and exploring a novel neighboring relationship among POIs. The efficacy and efficiency of our schemes are thoroughly analyzed and evaluated.

  9. PriStream: Privacy-Preserving Distributed Stream Monitoring of Thresholded Percentile Statistics
    Jingchao Sun, Rui Zhang, Jinxue Zhang, and Yanchao Zhang
    IEEE International Conference on Computer Communications (INFOCOM), 2016.

    Summary: Distributed stream monitoring has numerous potential applications in future smart cities. Communication efficiency and data privacy are two main challenges for distributed stream monitoring services. We propose PriStream, the first communication-efficient and privacy-preserving distributed stream monitoring system for thresholded PERCENTILE aggregates. PriStream allows the monitoring service provider to evaluate an arbitrary function over a desired percentile of distributed data reports and monitor when the output exceeds a predetermined system threshold. Detailed theoretical analysis and evaluations show that PriStream has high accuracy and communication efficiency, and differential privacy guarantees under a strong adversary model.

  10. PriExpress: Privacy-Preserving Express Delivery with Fine-Grained Attribute-Based Access Control
    Tao Li, Rui Zhang, and Yanchao Zhang
    IEEE Conference on Communications and Network Security (CNS), 2016. (accepted)

    Summary: With the fast development of mobile Internet, ecommerce has been widely applied to the living of the masses. Because of the strong dependence of e-commerce, logistics industry has attracted much attention. However, when users get convenient service from the logistics industry, their privacy is compromised. Addresses, phone numbers and other private information on the parcel are accessible to anyone. Moreover, because users’ logistics data is stored in plaintext in the companies’ servers, it is vulnerable to the peep from staffs in the company and even the Hackers. We propose the first logistics system, PriExpress, which protects the users’ privacy and ensures the efficient delivery of the parcel at the same time. To address the above problem, we improved attribute based encryption with a hidden access tree. Based on users’ attributes, we enforce fine-grained access control on the logistic data. Our security and performance analysis shows that PriExpress is both secure and efficient.

  11. SecureFind: Secure and Privacy-Preserving Object Finding via Mobile Crowdsourcing
    Jingchao Sun, Rui Zhang, Xiaocong Jin, and Yanchao Zhang
    IEEE Transactions on Wireless Communications. (TWC), vol. 15, no. 3, pp. 1716-1728, March 2016.

    Summary: The plummeting cost of Bluetooth tags and the ubiquity of mobile devices are revolutionizing the traditional lost-and-found service. We propose SecureFind, a secure and privacy-preserving object-finding system via mobile crowdsourcing. In SecureFind, a unique Bluetooth tag is attached to every valuable object, and the owner of a lost object submits an object-finding request to many mobile users via the SecureFind service provider. Each mobile user involved searches his vicinity for the lost object on behalf of the object owner who can infer the location of his lost object based on the responses from mobile users. SecureFind is designed to ensure strong object security such that only the object owner can discover the location of his lost object as well as offering location privacy to mobile users involved. The high efficacy and efficiency of SecureFind are confirmed by extensive simulations.

  12. Privacy-Preserving Spatiotemporal Matching for Secure Device-to-Device Communications
    Jingchao Sun, Rui Zhang, Jinxue Zhang, and Yanchao Zhang
    IEEE Internet of Things Journal. (IOT), 2016. (accepted)

    Summary: Device-to-device (D2D) communications are emerging due to the explosive growth of smartphones and tablets. Given the possible presence of attackers, a fundamental challenge in secure D2D communications is to develop sound mobile authentication techniques whereby mobile users can select the most trustworthy D2D communication partners from possibly many candidates. We tackle this open challenge and proposes spatiotemporal matching as a promising enabler for secure D2D communications. Spatiotemporal matching is built upon the location-aware capability of D2D devices. In particular, a mobile user could very easily maintain his spatiotemporal profile recording his continuous whereabouts in time, and the level of his spatiotemporal profile matching that of the other user can be translated into the level of trust they two can have in each other. Since spatiotemporal profiles contain very sensitive personal information, privacy-preserving spatiotemporal matching is needed to ensure that as little information as possible about the spatiotemporal profile of either matching participant is disclosed beyond the matching result. Towards this end, we propose two novel privacy-preserving spatiotemporal matching protocols, which are thoroughly analyzed and evaluated through detailed simulation studies driven by experimental data.

Disclaimer: The papers here are made available for timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders.


 
 
© Rui Zhang, 2017