Projects
The current research focus of Security and Privacy (SnP) lab is applied cryptography and data security. We have been leveraging various novel techniques (e.g., cryptography, steganography, coding techniques, hardware features like flash translation layer, Arm TrustZone, Intel SGX, etc) to protect confidentiality and integrity of mission critical data stored and processed in mobile devices, flash memory, cloud data centers, networks, etc. A few on-oning projects:
Secure Deletion on Sensitive Data (SecDel)
Network Data Security (NetSec)
Cloud Storage Security (CloudSec)
Plausibly Deniable Encryption Storage on Mobile Devices (PDE)
Data Recovery from Malicious Attacks (DRM)
SecDel
Secure Deletion on Sensitive Data
Descriptions:
Securely deleting obsolete data is of paramount importance, as reserving those data may not only endanger data owners’ privacy, but also violate retention regulations like HIPAA, Gramm-Leach-Bliley Act, and Sarbanes-Oxley Act, and GDPR. The goal of this project is to design novel techniques to completely eliminate data from various storage media, including hard disk drives (HDD) and flash memory.
Different from what have been done in the literature of secure deletion, our research is based on two key observations: First, a modern storage system usually consists of multiple layers (e.g., the application layer, the file system layer, and the storage medium layer), and performing secure deletion at the upper layer is usually not able to eliminate the data, since data leakage may be observed at the lower layers. Second, the past existence of the data may leave various “traces” in the storage medium at all layers, which may be utilized by the adversary to derive sensitive information about the data being deleted.
Following the aforementioned observations, we initiate the investigation of a secure deletion framework which, for the first time, can achieve the secure deletion guarantee that, 1) the data deleted cannot be completely or partially recovered, and 2) the adversary cannot learn anything about the deleted data. Such a guarantee cannot be achieved by existing overwriting-based/encryption-based secure deletion approaches.
Publications:
[AsiaCCS '22] Niusen Chen, and Bo Chen. Duplicates also Matter! Towards Secure Deletion on Flash-based Storage Media by Removing Duplicates. The 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), Nagasaki, Japan, May 30 - June 3, 2012 (Acceptance rate: 18.4%).
[AsiaCCS ’19] Biao Gao, Bo Chen, Shijie Jia, and Luning Xia. eHIFS: An Efficient History Independent File System. The 14th ACM ASIA Conference on Computer and Communications Security (ASIACCS ’19), Auckland, New Zeland, July 2019 (Acceptance rate: 17%).
[Cybersecurity ’18] Qionglu Zhang, Shijie Jia, Bing Chang, Bo Chen. Ensuring Data Confidentiality via Plausibly Deniable Encryption and Secure Deletion - A Survey. Cybersecurity (2018) 1: 1
[ACSAC ’16] Bo Chen, Shijie Jia, Luning Xia, and Peng Liu. Sanitizing Data is Not Enough! Towards Sanitizing Structural Artifacts in Flash Media. 2016 Annual Computer Security Applications Conference (ACSAC ’16), Los Angeles, California, USA, December 2016 (Acceptance rate: 22.8%)
[AsiaCCS ’16] Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. NFPS: Adding Undetectable Secure Deletion to Flash Translation Layer. The 11th ACM Asia Conference on Computer and Communications Security (ASIACCS ’16), Xi'an, China, May 30 - June 3, 2016 (Acceptance rate: 20.9%)
[arXiv ’15] Bo Chen, and Radu Sion. "HiFlash: A history independent flash device." arXiv preprint arXiv:1511.05180 (2015)
NetSec
Network Data Security
Descriptions:
Critical data may be propagated or even cached in the networks. Therefore, ensuring security of the sensitive data stored or propagated in the networks is of paramount importance. We have been working on building secure solutions and prototypes to protect critical data in various networks including information-centric networks, Internet of things, connected and autonomous vehicles, etc.
Publications:
[TCOM '21] Danye Wu, Zhiwei Xu, Bo Chen, Yujun Zhang, and Zhu Han. Enforcing Access Control in Information-Centric Edge Networking. IEEE Transactions on Communications, vol. 69, no. 1, pp. 353-364, Jan. 2021.
[ICC '19] Jiang Guo, Miao Wang, Bo Chen, Shucheng Yu, Hanwen Zhang, and Yujun Zhang. Enabling Blockchain Applications over Named Data Networking. 2019 IEEE International Conference on Communications (ICC '19), Shanghai, China, May 2019.
[JoS '19] Zhiwei Xu, Bo Chen, and Yujun Zhang. Hierarchical Name-based Route Aggregation Scheme. Journal of Software (impact factor: 2.658), 2019, 30(2):381-398 (in Chinese).
[PAM '18] Haitao Xu, Fengyuan Xu, and Bo Chen. Internet Protocol Cameras with No Password Protection: An Empirical Investigation. 2018 Passive and Active Measurement Conference (PAM '18), Berlin, Germany, March 2018.
[GLOBECOM '17] Danye Wu, Zhiwei Xu, Bo Chen, and Yujun Zhang. Towards Access Control for Network Coding-based Named Data Networking. 2017 IEEE Global Communications Conference (GLOBECOM '17), Singapore, December 2017.
[SSCI '17] Zhiwei Xu , Bo Chen, Xuying Meng, and Limin Liu. Towards Efficient Detection of Sybil Attacks in Location-based Social Networks. The 2017 IEEE Symposium Series on Computational Intelligence (SSCI '17), Hawaii, USA, Nov. 27 - Dec. 1, 2017.
[TrustCom '17] Danye Wu, Zhiwei Xu, Bo Chen, and Yujun Zhang. What If Routers Are Malicious? Mitigating Content Poisoning Attack in NDN. The 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom '16), Tianjin, China, August 23 - August 26, 2016.
[LCN '15] Zhiwei Xu, Bo Chen, Ninghan Wang, Yujun Zhang, and Zhongcheng Li. ELDA: Towards Efficient and Lightweight Detection of Cache Pollution Attacks in NDN. The 40th Annual IEEE Conference on Local Computer Networks (LCN '15), Clearwater Beach, Florida, USA, October 2015.
CloudSec
Cloud Storage Security
Descriptions:
Protecting the critical data outsourced to the untrusted public cloud providers is a challenging problem as the outsourced data are completely out-of-control. A few questions need to be explored: 1) How to ensure the untrusted cloud providers will well protect the integrity of the data? 2) How to ensure the outsourced data are always recoverable? 3) How to ensure the outsourced data are stored in desired geographic locations? 4) How to enforce access control on the data? 5) How to maintain the confidentiality of the data while accommodating various cloud operations like deduplication? etc.
Projects:
Hardware-assisted Self-repairing in Decentralized Cloud Storage against Malicious Attacks (PI: Bo Chen, co-PI: Zhenlin Wang, Supported by US National Science Foundation under Grant No. 2225424, Oct 2022 - Sept 2025).
Towards Secure and Reliable Decentralized Cloud Storage (PI: Bo Chen, Supported by Michigan Technological University Research Excellence Fund (REF), Jan 2021 - Dec 2021).
Publications:
[John Wiley & Sons Book '21] Weijing You, and Bo Chen. Protocols for Cloud Security. Book Chapter, in Machine Learning Techniques and Analytics for Cloud Security, Rajdeep Chakraborty, Anupam Ghosh, Jyotsna Kumar Mandal (eds.), John Wiley & Sons, December 2021.
[Information '21] Weijing You, Lei Lei, Bo Chen, and Limin Liu. What if Keys Are Leaked? Towards Practical and Secure Re-encryption in Deduplication-based Cloud Storage. MDPI Information 12, no. 4 (2021): 142.
[SCI '20] Weijing You, and Bo Chen. Proofs of Ownership on Encrypted Cloud Data via Intel SGX. The First ACNS Workshop on Secure Cryptographic Implementation (SCI '20)(in conjunction with ACNS '20), Rome, Italy (online), October 2020.
[ESORICS '20] Weijing You, Bo Chen, Limin Liu, and Jiwu Jing. Deduplication-friendly Watermarking for Multimedia Data in Public Clouds. The 25th European Symposium on Research in Computer Security (ESORICS '20), Guildford, United Kingdom (online), September 2020 (Acceptance rate: 19.7%)
[JoCS ’17] Bo Chen and Reza Curtmola. Remote Data Integrity Checking with Server-Side Repair. Journal of Computer Security, vol. 25, no. 6, pp. 537-584, 2017
[Elsevier Book ’17] Bo Chen, Reza Curtmola, and Jun Dai. Auditable Version Control Systems in Untrusted Public Clouds. Book Chapter, in Software Architectures for Cloud and Big Data, Ivan Mistrik, Rami Bahsoon, Nour Ali, Maritta Heisel, Bruce Maxim (eds.), Elsevier - Morgan Kaufmann, June 2017
[ICICS '16] Lei Lei, Quanwei Cai, Bo Chen, and Jingqiang Lin. Towards Efficient Re-encryption for Secure Client-side Deduplication in Public Clouds. The 18th International Conference on Information and Communications Security (ICICS '16), Singapore, Nov. 29 - Dec. 02, 2016.
[CRC Book ’16] Reza Curtmola and Bo Chen. Availability, Recovery and Auditing Across Data Centers. Book Chapter, in Cloud Computing Security: Foundations and Challenges, John Vacca (editor), CRC Press, August 2016
[CRC Book ’16] Reza Curtmola and Bo Chen. Integrity Assurance for Data Outsourcing. Book Chapter, in Cloud Computing Security: Foundations and Challenges, John Vacca (editor), CRC Press, August 2016
[CODASPY ’15] Bo Chen, Anil Kumar Ammula, and Reza Curtmola. Towards Server-side Repair for Erasure Coding-based Distributed Storage Systems. The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY ’15), San Antonio, TX, USA, March 2015
[NDSS ’14] Bo Chen and Reza Curtmola. Auditable Version Control Systems. The 21th Annual Network and Distributed System Security Symposium (NDSS ’14), San Diego, CA, USA, Feb. 2014 (Acceptance rate: 18.6%)
[CODASPY ’13] Bo Chen and Reza Curtmola. Towards Self-Repairing Replication-Based Storage Systems Using Untrusted Clouds. The Third ACM Conference on Data and Application Security and Privacy (CODASPY ’13), San Antonio, TX, USA, Feb. 2013 (Acceptance rate: 22.4%) (Outstanding Paper Award)
[SPCC ’12] Bo Chen and Reza Curtmola. Robust Dynamic Provable Data Possession. The Third International Workshop on Security and Privacy in Cloud Computing (SPCC ’12, in conjunction with ICDCS ’12), Macau, China, June 2012
[CCSW ’10] Bo Chen, Reza Curtmola, Giuseppe Ateniese, and Randal Burns. Remote Data Checking for Network Coding-based Distributed Storage Systems. The Second ACM Cloud Computing Security Workshop (CCSW ’10, in conjunction with CCS ’10), Chicago, IL, USA, October 2010
PDE
Plausibly Deniable Encryption Storage on Mobile Devices
Descriptions:
Mobile computing devices (e.g., smart phones, tablets) are increasingly ubiquitous nowadays. Due to their portability and mobility, more and more people today turn to such devices for daily communications, web browsing, online shopping, electronic banking, etc. This however, leaves large amounts of sensitive personal/corporate data in these devices. To protect sensitive information, all the major mobile operating systems have incorporated a certain level of encryption. A broadly used encryption technique is full disk encryption (FDE), which has been available on Android phones since version 3.0. FDE can defend against a passive attacker who tries to retrieve sensitive information from the data storage. However, it cannot defend against an active attacker, who can capture the device owner, and force the owner to disclose the key used for decrypting the sensitive information. We need a technique which can protect the sensitive data even when the data owner faces such a coercive attack. This is a necessary technique for protecting sensitive data as well as the people who possess them.
Plausibly Deniable Encryption (PDE) has been proposed to defend against adversaries who can coerce users into revealing the encrypted sensitive content. The high-level idea of PDE is: the original sensitive data are encrypted into a cipher-text in such a way that, when using a decoy key, a different reasonable and innocuous plain-text will be generated; only when using the true key, the original sensitive data will be disclosed. Upon being coerced, the victim can simply disclose the decoy key to avoid being tortured. Our goal of this project is to leverage concept of PDE and build deniable storage systems specifically for mobile devices, which would be challenging compared to PDE systems for PC platforms because: First, compared to a PC platform, a mobile platform is usually equipped with limited computational resources and sensitive to energy consumption. In other words, the PDE designs for mobile platforms have much higher requirements in efficiency and energy effectiveness. Therefore, the existing PDE systems built for PC platforms are not immediately applicable to the mobile platforms due to their large overhead. Second, modern mobile devices usually use NAND flash as storage media, and deniability compromise is possible due to flash storage's internal design for handing special nature of flash memory. Compared to mechanical drives, flash memory has a few completely different characteristics, including: 1) Flash memory is update unfriendly. A flash cell cannot be over-written before it has been erased. However, the erase can only be performed on the basis of a large region (i.e., a 128-KB block); 2) Flash memory is vulnerable to wear. A flash cell can only be programmed/erased for a limited number of times before the wear begins to deteriorate its integrity.
Projects:
Hardware-assisted Plausibly Deniable System for Mobile Devices (PI: Bo Chen, Supported by US National Science Foundation under Grant No. 1928349, Oct 2019 - Sept 2023).
Publications:
[SecureComm '22] Niusen Chen, Bo Chen, and Weisong Shi. A Cross-layer Plausibly Deniable Encryption System for Mobile Devices. 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm '22), Kansas City, Missouri, October 2022.
[AC3 '22] Niusen Chen, Bo Chen, and Weisong Shi. The Block-based Mobile PDE Systems Are Not Secure – Experimental Attacks. 2022 EAI International Conference on Applied Cryptography in Computer and Communications (AC3 '22), Nanjing, China, May 2022.
[EdgeSP '21] Jinghui Liao, Bo Chen, and Weisong Shi. TrustZone Enhanced Plausibly Deniable Encryption System for Mobile Devices. The Fourth ACM/IEEE Workshop on Security and Privacy in Edge Computing (EdgeSP '21), San Jose, CA, December 2021.
[AC3 '21] Niusen Chen, Bo Chen, and Weisong Shi. MobiWear: A Plausibly Deniable Encryption System for Wearable Mobile Devices. The First EAI International Conference on Applied Cryptography in Computer and Communications (AC3 '21), Xiamen, China, May 2021 (Best Paper Award).
[S&P '20] Bo Chen, and Niusen Chen. A Secure Plausibly Deniable System for Mobile Devices against Multi-snapshot Adversaries. 2020 IEEE Symposium on Security and Privacy (S&P '20) Poster Session, San Francisco, CA, May 2020.
[DSN ’18] Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’18), June 2018 (Acceptance rate: 28%)
[Cybersecurity ’18] Qionglu Zhang, Shijie Jia, Bing Chang, Bo Chen. Ensuring Data Confidentiality via Plausibly Deniable Encryption and Secure Deletion - A Survey. Cybersecurity (2018) 1: 1.
[ComSec ’18 ] Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, and Zhan Wang. User-Friendly Deniable Storage for Mobile Devices. Elsevier Computers & Security, vol. 72, pp. 163-174, January 2018
[CCS ’17] Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer. 2017 ACM Conference on Computer and Communications Security (CCS ’17), Dallas, Texas, USA, Oct 30 - Nov 3, 2017 (Acceptance rate: 18%)
[ACSAC ’15] Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. MobiPluto: File System Friendly Deniable Storage for Mobile Devices. 2015 Annual Computer Security Applications Conference (ACSAC ’15), Los Angeles, California, USA, December 2015 (Acceptance rate: 24.4%)
[ISC ’14] Xingjie Yu, Bo Chen, Zhan Wang, Bing Chang, Wen Tao Zhu, and Jiwu Jing. MobiHydra: Pragmatic and Multi-Level Plausibly Deniable Encryption Storage for Mobile Devices. The 17th Information Security Conference (ISC ’14), Hong Kong, China, Oct. 2014
DRM
Data Recovery from Malicious Attacks
Descriptions:
Various attacks (e.g., APT attacks, malware, ransomware) may penetrate networks and systems. They may eventually cause damage to mission-critical data, and significantly affect daily operations of organizations, enterprises, federal agencies as well as military departments. The goal of this project is to design novel techniques to efficiently detect and identify malicious attacks, eliminate attacks, and restore system being hacked to a good previous state. Our major tasks are:
1) Attacks/malware detection and identification. This task aims to detect malicious attacks timely. In addition, the nature of attacks should be identified and reported.
2) Attacks/malware elimination. This task aims to completely eliminate attacks/malware from the affected system.
3) System restoration. This task aims to enable fast restoration of both external storage and memory.
Projects:
Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks (PI: Bo Chen, Supported by US National Science Foundation under Grant No. 1938130, Oct 2019 - Sept 2022).
Mitigating Ransomware Attacks by Leveraging Isolation Techniques (PI: Bo Chen, Supported by FedEx Institute of Technology at the University of Memphis, Jan 2017 - Dec 2017).
Publications:
[SecureComm '22] Wen Xie, Niusen Chen, and Bo Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks. 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm '22), Kansas City, Missouri, October 2022.
[JCP '22] Niusen Chen, and Bo Chen. Defending against OS-level Malware in Mobile Devices via Real-time Malware Detection and Storage Restoration. Journal of Cybersecurity and Privacy 2, no. 2 (2022): 311-328.
[SCI '21] Niusen Chen, Wen Xie, and Bo Chen. Combating the OS-level Malware in Mobile Devices by Leveraging Isolation and Steganography. The Second ACNS Workshop on Secure Cryptographic Implementation (SCI '21)(in conjunction with ACNS '21), Kamakura, Japan, June 2021.
[S&P '20] Wen Xie, Niusen Chen, and Bo Chen. Incorporating Malware Detection into The Flash Translation Layer. 2020 IEEE Symposium on Security and Privacy (S&P '20) Poster Session, San Francisco (online), CA, May 2020.
[CODASPY '19] Peiying Wang, Shijie Jia, Bo Chen, Luning Xia and Peng Liu. MimosaFTL: Adding Secure and Practical Ransomware Defense Strategy to Flash Translation Layer. The Ninth ACM Conference on Data and Application Security and Privacy (CODASPY '19), Dallas, TX, USA, March 2019 (Acceptance rate: 23.5%).
[ACSAC ’17] Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. 2017 Annual Computer Security Applications Conference (ACSAC ’17), Orlando, Florida, USA, December 2017 (Acceptance rate: 19.7%) (Distinguished Paper Award)
[SSCI ’17] Kul Prasad Subedi, Daya Ram Budhathoki, Bo Chen, and Dipankar Dasgupta. RDS3: Ransomware Defense Strategy by Using Stealthily Spare Space. The 2017 IEEE Symposium Series on Computational Intelligence (SSCI ’17), Hawaii, USA, Nov. 27 - Dec. 1, 2017.
[JoCS ’17] Bo Chen and Reza Curtmola. Remote Data Integrity Checking with Server-Side Repair. Journal of Computer Security, vol. 25, no. 6, pp. 537-584, 2017
[Elsevier Book ’17] Bo Chen, Reza Curtmola, and Jun Dai. Auditable Version Control Systems in Untrusted Public Clouds. Book Chapter, in Software Architectures for Cloud and Big Data, Ivan Mistrik, Rami Bahsoon, Nour Ali, Maritta Heisel, Bruce Maxim (eds.), Elsevier - Morgan Kaufmann, June 2017
[CRC Book ’16] Reza Curtmola and Bo Chen. Availability, Recovery and Auditing Across Data Centers. Book Chapter, in Cloud Computing Security: Foundations and Challenges, John Vacca (editor), CRC Press, August 2016
[CRC Book ’16] Reza Curtmola and Bo Chen. Integrity Assurance for Data Outsourcing. Book Chapter, in Cloud Computing Security: Foundations and Challenges, John Vacca (editor), CRC Press, August 2016
[CODASPY ’15] Bo Chen, Anil Kumar Ammula, and Reza Curtmola. Towards Server-side Repair for Erasure Coding-based Distributed Storage Systems. The Fifth ACM Conference on Data and Application Security and Privacy (CODASPY ’15), San Antonio, TX, USA, March 2015
[NDSS ’14] Bo Chen and Reza Curtmola. Auditable Version Control Systems. The 21th Annual Network and Distributed System Security Symposium (NDSS ’14), San Diego, CA, USA, Feb. 2014 (Acceptance rate: 18.6%)
[CODASPY ’13] Bo Chen and Reza Curtmola. Towards Self-Repairing Replication-Based Storage Systems Using Untrusted Clouds. The Third ACM Conference on Data and Application Security and Privacy (CODASPY ’13), San Antonio, TX, USA, Feb. 2013 (Acceptance rate: 22.4%) (Outstanding Paper Award)
[SPCC ’12] Bo Chen and Reza Curtmola. Robust Dynamic Provable Data Possession. The Third International Workshop on Security and Privacy in Cloud Computing (SPCC ’12, in conjunction with ICDCS ’12), Macau, China, June 2012
[CCSW ’10] Bo Chen, Reza Curtmola, Giuseppe Ateniese, and Randal Burns. Remote Data Checking for Network Coding-based Distributed Storage Systems. The Second ACM Cloud Computing Security Workshop (CCSW ’10, in conjunction with CCS ’10), Chicago, IL, USA, October 2010
© 2022    Security and Privacy (SnP) Lab @ Michigan Technological University