---

Welcome to the website of our research project: "SaTC: CORE: Small: Collaborative: Trustworthy Hierarchical Edge Computing". This project is a collaborative effort Arizona State University of Arizona and University of Delaware. This website is created and maintained to disseminate and share research results and other information related to the project.

Project Description

Edge computing has quickly risen as an effective paradigm to capture, process, gain insights from, and act upon the massive amount of Internet of Things (IoT) data close to where it is generated. Future edge computing systems are expected to be hierarchical and heterogeneous. It will become increasingly common for a single IoT application to utilize edge computing resources owned by multiple entities. This project envisions the emergence of hierarchical edge computing (HEC) service providers that purchase computing services from heterogeneous multi-owner edge computing systems and provide unified edge computing services to individual IoT applications. The development of HEC systems will have a profound impact on transportation, healthcare, energy, education, social life, public safety, and many other sectors. Security and privacy are among the most challenging obstacles that hinder the wide development and deployment of the promising HEC paradigm.

This project aims to tackle key security and privacy challenges in HEC systems, under which heterogeneous multi-owner edge computing systems can jointly provide trustworthy computing services to end-users via a single service provider. There are four research thrusts: (1) developing novel techniques to authenticate data streams with freshness guarantees; (2) investigating locally differentially private data analysis techniques via correlated randomized responses; (3) designing a novel framework for distributed privacy-preserving collaborative learning; and (4) building a prototype HEC system to thoroughly validate and evaluate the proposed techniques. If successful, the research can serve as a key enabler for the explosive development and deployment of edge computing services and IoT applications. The research will also enrich the scientific knowledge of network and distributed system security, data privacy, and edge computing. A substantial quantity of project deliverables will be made publicly available online through tutorials, talks, publications, and software toolkits. In addition, this project will integrate the research activities with curriculum development, provide research opportunities to female and underrepresented students, enhance undergraduate research experience through senior design projects, and foster the interest of K-12 students in science, technology, engineering, and math (STEM) via outreach programs.

---

Personnel

Principal Investigators

	Dr. Yanchao Zhang (Lead PI) Professor School of Electrical, Computer and Energy Engineering Arizona State University Email: yczhang@asu.edu Homepage: http://cnsg.asu.edu/zhang/
	Dr. Rui Zhang (PI) Associate Professor Department of Computer and Information Sciences University of Delaware Email: ruizhang@udel.edu Homepage: https://www.eecis.udel.edu/~ruizhang/

Graduate Students

	Zheyuan Liu Ph.D. Candidate Department of Computer and Information Sciences University of Delaware Email: zyliu@udel.edu Homepage:
	Yukun Dong Ph.D. Candidate Department of Computer and Information Sciences University of Delaware Email: yukun@udel.edu Homepage:
	Tianye Ma (11/2020-10/2021) Ph.D. Candidate Department of Computer and Information Sciences University of Delaware Email: matianye@udel.edu Homepage:

Alumni

	Yan Zhang Ph.D., 7/2022 Initial appointment: tenure-track Assistant Professor Department of Electrical and Computer Engineering, University of Akron
	Dianqi Han Ph.D., 7/2022 Initial appointment: tenure-track Assistant Professor Department of Computer Science and Engineering, University of Texas at Arlington
	Tao Li Ph.D., 7/2020 Initial appointment: tenure-track Assistant Professor Department of Computer and Information Technology, Indiana University-Purdue University Indianapolis (IUPUI)
	Yidan Hu Ph.D., 5/2021 Initial appointment: tenure-track Assistant Professor Department of Computing Security, Rochester Institute of Technology

---

Publications

1. Freshness authentication for outsourced multi-version key-value stores
   Yidan Hu, Xin Yao, Rui Zhang, and Yanchao Zhang
   IEEE Transactions on Dependable and Secure Computing (Early Access)
   
   Summary: Data outsourcing is a promising technical paradigm to facilitate cost-effective real-time data storage, processing, and dissemination. In data outsourcing, a data owner proactively pushes a stream of data records to a third-party cloud server for storage, which in turn processes various types of queries from end users on the data owner's behalf. However, the popular outsourced multi-version key-value stores pose a critical security challenge that a third-party cloud server cannot be fully trusted to return both authentic and fresh data in response to end users' queries. Although several recent attempts have been made on authenticating data freshness in outsourced key-value stores, they either incur excessively high communication cost or can only offer very limited real-time guarantee. To fill this gap, we propose KV-Fresh, a novel freshness authentication scheme for outsourced key-value stores that offers strong real-time guarantee for both point query and range query. KV-Fresh is designed based on a novel data structure, Linked Key Span Merkle Hash Tree, which enables highly efficient freshness proof by embedding chaining relationship among records generated at different time. Extensive simulation studies using a synthetic dataset generated from real data confirm the efficacy and efficiency of KV-Fresh.
   
   
2. SpecKriging: GNN-based secure cooperative spectrum sensing
   Yan Zhang, Ang Li, Jiawei Li, Dianqi Han, Tao Li, Rui Zhang, and Yanchao Zhang
   IEEE Transactions on Wireless Communications , vol. 21, no. 11, pp. 9936-9946, November 2022.
   
   Summary: Cooperative spectrum sensing (CSS) adopted by spectrum-sensing providers (SSPs) plays a key role for dynamic spectrum access and is essential for avoiding interference with licensed primary users (PUs). A typical SSP system consists of geographically distributed spectrum sensors which can be compromised to submit fake spectrum-sensing reports. In this paper, we propose SpecKriging, a new spatial-interpolation technique based on Inductive Graph Neural Network Kriging (IGNNK) for secure CSS. In SpecKriging, we first pretrain a graphical neural network (GNN) model with the historical sensing records of a few trusted anchor sensors. During system runtime, we use the trained model to evaluate the trustworthiness of non-anchor sensors' data and also use them along with anchor sensors' new data to retrain the model. SpecKriging outputs trustworthy sensor reports for spectrum-occupancy detection. To the best of our knowledge, SpecKriging is the first work that explores GNNs for trustworthy CSS and also incorporates the hardware heterogeneity of spectrum sensors. Extensive experiments confirm the high efficacy and efficiency of SpecKriging for trustworthy spectrum-occupancy detection even when malicious spectrum sensors constitute the majority.
   
   
3. (In)secure Acoustic Mobile Authentication
   Dianqi Han, Ang Li, Lili Zhang, Yan Zhang, Jiawei Li, Tao Li, Rui Zhang, and Yanchao Zhang
   IEEE Transactions on Mobile Computing , vol. 21, no. 9, pp. 3193-3207, September 2022.
   
   Summary: Acoustic fingerprinting aims to identify a mobile device based on its internal microphone(s) and speaker(s) which are unique due to manufacturing imperfection. This paper seeks a thorough understanding of the (in)security of exploring acoustic fingerprints for achieving distributed mobile authentication. Our contributions are threefold. First, we present a new acoustic fingerprint-emulation attack and demonstrate that it is a common vulnerability of acoustic mobile authentication systems. Second, we propose a dynamic challenge-response defense to secure acoustic mobile authentication systems against the acoustic fingerprint-emulation attack. Finally, we thoroughly investigate existing acoustic fingerprinting schemes and identify the best option for accurate, secure, and deployable acoustic mobile authentication systems.
   
   
4. SecQSA: Secure sampling-based quantile summary aggregation in wireless sensor networks
   Aishah Aseeri and Rui Zhang
   17th International Conference on Mobility, Sensing and Networking  (MSN), 2021.
   
   Summary: Wireless sensor networks are widely expected to play a key role in the emerging Internet of Things (IoT)-based smart cities in which a large number of resource-constrained sensor nodes collect data about our physical environment to assist intelligent decision making. Since blindly forwarding all the sensed data to the base station may quickly deplete sensor nodes' limited energy, secure data aggregation has been considered as a key functionality in wireless sensor networks that allow the base station to acquire important statistics about the sensed data. While many secure data aggregation schemes have been proposed in the literature, most of them target simple statistics such as Sum, Count, Min/Max, and Median. In contrast, a quantile summary allows a base station to extract the phi-quantile for any 0 < phi < 1 of all the sensor readings in the network and can provide a more accurate characterization of the data distribution. How to realize secure quantile summary aggregation in wireless sensor networks remains an open challenge. In this paper, we fill this void by first evaluating the impact of a range of attacks on quantile summary aggregation using simulation and then introduce a novel secure quantile summary aggregation protocol for wireless sensor networks. Detailed simulation studies confirm the efficacy and efficiency of the proposed protocol.
   
   
5. Your home is insecure: Practical attacks on wireless home alarm systems
   Tao Li, Dianqi Han, Jiawei Li, Ang Li, Yan Zhang, Rui Zhang, and Yanchao Zhang
   IEEE International Conference on Computer Communications  (INFOCOM), 2021.
   
   Summary: Wireless home alarm systems are being widely deployed, but their security has not been well studied. Existing attacks on wireless home alarm systems exploit the vulnerabilities of networking protocols while neglecting the problems arising from the physical component of IoT devices. In this paper, we present new event-eliminating and event-spoofing attacks on commercial wireless home alarm systems by interfering with the reed switch in almost all COTS alarm sensors. In both attacks, the external adversary uses his own magnet to control the state of the reed switch in order to either eliminate legitimate alarms or spoof false alarms. We also present a new battery-depletion attack with programmable electromagnets to deplete the alarm sensor's battery quickly and stealthily in hours which is expected to last a few years. The efficacy of our attacks is confirmed by detailed experiments on a representative Ring alarm system.


6. Secure outsourced top-k selection queries against untrusted cloud service providers
   Xixun Yu, Yidan Hu, Rui Zhang, Zheng Yan, and Yanchao Zhang
   IEEE/ACM 29th International Symposium on Quality of Service  (IWQoS), 2021.
   
   Summary: As cloud computing reshapes the global IT industry, an increasing number of business owners have outsourced their datasets to third-party cloud service providers (CSP), which in turn answer data queries from end users on their behalf. A well known security challenge in data outsourcing is that the CSP cannot be fully trusted, which may return inauthentic or unsound query results for various reasons. This paper considers top-k selection queries, an important type of queries widely used in practice. In a top-k selection query, a user specifies a scoring function and asks for the k objects with the highest scores. Despite several recent efforts, existing solutions can only support a limited range of scoring functions with explicit forms known in advance. This paper presents three novel schemes that allow a user to verify the integrity and soundness of any top-k selection query result returned by an untrusted CSP. The first two schemes support monotone scoring functions, and the third scheme supports scoring functions comprised of both monotonically nondecreasing and non-increasing subscoring functions. Detailed simulation studies using a real dataset confirm the efficacy and efficiency of the proposed schemes and their significant advantages over prior solutions.
   
   
7. Secure Connected Vehicle-based traffic signal systems
   Tianye Ma, Rui Zhang, and Mark Nejad
   IEEE Wireless Communications and Networking Conference  (WCNC), 2021.
   
   Summary: The emerging Connected Vehicle (CV) technology is widely expected to greatly enhance traffic safety and efficiency by enabling vehicles, pedestrians, and infrastructures to communicate with one another. As a promising CV application, CV-based traffic signal control aims to improve the traffic efficiency at intersections by dynamically optimizing traffic signal control plans based on the mobility information submitted by surrounding CVs. Effective CV-based traffic control relies on accurate estimation of the queue length i.e., the number of vehicles waiting at intersections, to determine the optimal traffic signal control plans. Despite significant efforts on accurate queue length estimation, the robustness of queue length estimation has so far received very limited attention. A recent study has demonstrated that it is possible for malicious CVs to significantly manipulate the queue length estimation by reporting false mobility data, which can cause severe traffic congestion. To tackle this challenge, we introduce a robust queue length estimation mechanism that first utilizes the mobility data reported by all the CVs waiting in the queue to calculate multiple preliminary queue length estimates. Then, the robust statistical methods are adopted to derive a resulting estimated queue length whose accuracy is kept at an acceptable level even though there exist multiple malicious CVs in the queue. The simulation results confirm the effectiveness of the proposed mechanism.
   
   
8. Verifiable query processing over outsourced social graph
   Xin Yao, Rui Zhang, Dingquan Huang, and Yanchao Zhang
   IEEE/ACM Transactions on Networking , vol. 29, no. 5, pp. 2313-2326, Oct. 2021.
   
   Summary: Social data outsourcing is an emerging paradigm for effective and efficient access to the social data. In such a system, a third-party Social Data Provider (SDP) purchases social network datasets from Online Social Network (OSN) operators and then resells them to data consumers who can be any individuals or entities desiring social data through query interfaces. The SDP cannot be fully trusted and may return forged or incomplete query results to data consumers for various reasons, e.g., in favor of the businesses willing to pay. In this paper, we initiate the study on verifiable query processing over outsourced social graph whereby a data consumer can verify both the integrity and completeness of any query result returned by an untrusted SDP. We propose three schemes for single-attribute queries and another scheme for multi-attribute queries over outsourced social data. The four schemes all require the OSN provider to generate some cryptographic auxiliary information, based on which the SDP can construct a verification object to allow the data consumer to verify the integrity and completeness of the query result. They, however, differ in how the auxiliary information is generated and how the verification object is constructed and verified. Detailed analysis and extensive experiments using a real Twitter dataset confirm the efficacy and efficiency of the proposed schemes.
   
   
9. A spatiotemporal approach for secure crowdsourced Radio Environment Map construction
   Yidan Hu and Rui Zhang
   IEEE/ACM Transactions on Networking, vol. 28, no. 4, pp. 1790-1803, Aug. 2020.
   
   Summary: Database-driven Dynamic Spectrum Sharing (DSS) is the de-facto technical paradigm adopted by Federal Communications Commission for increasing spectrum efficiency, which allows licensed spectrum to be opportunistically used by secondary users. In database-driven DSS, a geo-location database administrator (DBA) maintains spectrum availability information over its service region in the form of a Radio Environment Map (REM), where the received signal strength from the primary user at every location is either directly measured via spectrum sensing or estimated via statistical spatial interpolation. Crowdsourcing-based spectrum sensing is a promising approach for periodically collecting spectrum measurements over a large geographic area but is unfortunately vulnerable to false spectrum measurements. Despite a large body of prior work on secure cooperative spectrum sensing, how to construct an accurate REM in the presence of false measurements remains an open challenge. In this paper, we introduce ST-REM, a novel spatiotemporal approach for securely constructing an REM in the presence of false spectrum measurements. Inspired by the self-label techniques developed for semi-supervised learning, ST-REM iteratively constructs an REM from a small number of spectrum measurements from trusted anchor sensors and many more measurements from mobile users. During each iteration, the DBA evaluates the trustworthiness of each measurement by jointly considering its spatial fitness with other trusted measurements and the mobile user's long-term behavior. By gradually incorporating the most trustworthy spectrum measurements, the DBA is able to construct a REM with high accuracy. Extensive simulation studies using a real spectrum measurement dataset confirm the efficacy and efficiency of ST-REM.
   
   
10. IndoorWaze: A crowdsourcing-based context-aware indoor navigation system
    Tao Li, Yimin Chen, Rui Zhang, Yanchao Zhang, and Terri Hedgpeth
    IEEE Transactions on Wireless Communications, vol. 19, no. 8, pp. 5461-5472, Aug. 2020.
    
    Summary: Indoor navigation systems are very useful in large complex indoor environments such as shopping malls. Current systems focus on improving indoor localization accuracy and must be combined with an accurate labeled floor plan to provide usable indoor navigation services. Such labeled floor plans are often unavailable or involve a prohibitive cost to manually obtain. In this paper, we present IndoorWaze, a novel crowdsourcing-based context-aware indoor navigation system that can automatically generate an accurate context-aware floor plan with labeled indoor POIs for the first time in literature. IndoorWaze combines the Wi-Fi fingerprints of indoor walkers with the Wi-Fi fingerprints and POI labels provided by POI employees to produce a high-fidelity labeled floor plan. As a lightweight crowdsourcing-based system, IndoorWaze involves very little effort from indoor walkers and POI employees. We prototype IndoorWaze on Android smartphones and evaluate it in a large shopping mall. Our results show that IndoorWaze can generate a high-fidelity labeled floor plan, in which all the stores are correctly labeled and arranged, all the pathways and crossings are correctly shown, and the median estimation error for the store dimension is below 12%.
    
    
11. KV-Fresh: Freshness authentication for outsourced multi-version key-value stores
    Yidan Hu, Rui Zhang, and Yanchao Zhang
    IEEE International Conference on Computer Communications  (INFOCOM), 2020.
    
    Summary: Data outsourcing is a promising technical paradigm to facilitate cost-effective real-time data storage, processing, and dissemination. In such a system, a data owner proactively pushes a stream of data records to a third-party cloud server for storage, which in turn processes various types of queries from end users on the data owner's behalcf. This paper considers outsourced multi-version key-value stores that have gained increasing popularity in recent years, where a critical security challenge is to ensure that the cloud server returns both authentic and fresh data in response to end users' queries. Despite several recent attempts on authenticating data freshness in outsourced keyvalue stores, they either incur excessively high communication cost or can only offer very limited real-time guarantee. To fill this gap, this paper introduces KV-Fresh, a novel freshness authentication scheme for outsourced key-value stores that offers strong real-time guarantee. KV-Fresh is designed based on a novel data structure, Linked Key Span Merkle Hash Tree, which enables highly efficient freshness proof by embedding chaining relationship among records generated at different time. Detailed simulation studies using a synthetic dataset generated from real data confirm the efficacy and efficiency of KV-Fresh.
    
    

Disclaimer: The papers here are made available for timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders.

---