Visible to the public Biblio

Filters: Author is Wang, Yi  [Clear All Filters]
2023-07-13
Guo, Chunxu, Wang, Yi, Chen, Fupeng, Ha, Yajun.  2022.  Unified Lightweight Authenticated Encryption for Resource-Constrained Electronic Control Unit. 2022 29th IEEE International Conference on Electronics, Circuits and Systems (ICECS). :1–4.
Electronic control units (ECU) have been widely used in modern resource-constrained automotive systems, com-municating through the controller area network (CAN) bus. However, they are still facing man-in-the-middle attacks in CAN bus due to the absence of a more effective authenti-cation/encryption mechanism. In this paper, to defend against the attacks more effectively, we propose a unified lightweight authenticated encryption that integrates recent prevalent cryp-tography standardization Isap and Ascon.First, we reuse the common permutation block of ISAP and Asconto support authenticated encryption and encryption/decryption. Second, we provide a flexible and independent switch between authenticated encryption and encryption/decryption to support specific application requirements. Third, we adopt standard CAESAR hardware API as the interface standard to support compatibility between different interfaces or platforms. Experimental results show that our proposed unified lightweight authenticated encryption can reduce 26.09% area consumption on Xilinx Artix-7 FPGA board compared with the state-of-the-arts. In addition, the encryption overhead of the proposed design for transferring one CAN data frame is \textbackslashmathbf10.75 \textbackslashmu s using Asconand \textbackslashmathbf72.25 \textbackslashmu s using ISAP at the frequency of 4 MHz on embedded devices.
2023-04-14
Lin, Chen, Wang, Yi.  2022.  Implementation of Cache Timing Attack Based on Present Algorithm. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :32–35.
Traditional side-channel attacks have shortcomings such as low efficiency, extremely difficult collection and injection of fault information in real environments, and poor applicability of attacks. The cache timing attack proposed in recent years is a new type of side-channel attack method. This attack method uses the difference in the reading speed of the computer CPU cache to enable the attacker to obtain the confidential information during the execution of the algorithm. The attack efficiency is high, and the cost is relatively low. little. Present algorithm is a lightweight block cipher proposed in 2007. The algorithm has excellent hardware implementation and concise round function design. On this basis, scholars at home and abroad have carried out different side-channel attacks on it, such as differential attacks., multiple differential chain attacks, algebraic attacks, etc. At present, there is no published research on the Cache timing attack against the Present algorithm at home and abroad. In this paper, the output value of the S box in the first and second rounds of the encryption process is obtained through the combination of the Cache timing attack and the side-channel Trojan horse, and Combined with the key recovery algorithm, the master key of the algorithm is finally recovered.
2022-11-18
Wang, XinRui, Luo, Wei, Bai, XiaoLi, Wang, Yi.  2021.  Research on Big Data Security and Privacy Risk Governance. 2021 International Conference on Big Data, Artificial Intelligence and Risk Management (ICBAR). :15—18.
In the era of Big Data, opportunities and challenges are mixed. The data transfer is increasingly frequent and speedy, and the data lifecycle is also extended, bringing more challenges to security and privacy risk governance. Currently, the common measures of risk governance covering the entire data life cycle are the data-related staff management, equipment security management, data encryption codes, data content identification and de-identification processing, etc. With the trend of data globalization, regulations fragmentation and governance technologization, “International standards”, a measure of governance combining technology and regulation, has the potential to become the best practice. However, “voluntary compliance” of international standards derogates the effectiveness of risk governance through this measure. In order to strengthen the enforcement of the international standards, the paper proposes a governance approach which is “the framework regulated by international standards, and regulations and technologies specifically implemented by national legislation.” It aims to implement the security and privacy risk governance of Big Data effectively.
2021-08-11
Li, Yuekang, Chen, Hongxu, Zhang, Cen, Xiong, Siyang, Liu, Chaoyi, Wang, Yi.  2020.  Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet. 2020 27th Asia-Pacific Software Engineering Conference (APSEC). :495—499.
With the emergence of smart automotive devices, the data communication between these devices gains increasing importance. SOME/IP is a light-weight protocol to facilitate inter- process/device communication, which supports both procedural calls and event notifications. Because of its simplicity and capability, SOME/IP is getting adopted by more and more automotive devices. Subsequently, the security of SOME/IP applications becomes crucial. However, previous security testing techniques cannot fit the scenario of vulnerability detection SOME/IP applications due to miscellaneous challenges such as the difficulty of server-side testing programs in parallel, etc. By addressing these challenges, we propose Ori - a greybox fuzzer for SOME/IP applications, which features two key innovations: the attach fuzzing mode and structural mutation. The attach fuzzing mode enables Ori to test server programs efficiently, and the structural mutation allows Ori to generate valid SOME/IP packets to reach deep paths of the target program effectively. Our evaluation shows that Ori can detect vulnerabilities in SOME/IP applications effectively and efficiently.
2020-03-09
Lv, Jixian, Wang, Yi, Liu, Jinze.  2019.  A Security Problem in Cloud Auditing Protocols. 2019 International Conference on Machine Learning, Big Data and Business Intelligence (MLBDBI). :43–46.
In 2013, subversion attack comes to publity again by Mikhail Bellare, who was inspired by PRISM. In this work, we implement this kind of attack on cloud auditing protocols. We show that through subversion attacks, the cloud server can recover the secret information stored by the data owner. Especially, First, we set a general frame of data auditing protocols. This model forms a basic security model of auditing protocols. Then we give a security model of attacker. Finally, we put forward some popular auditing protocols which can be subverted.
2017-10-13
Wang, Yi, Redmiles, David.  2016.  Exploring Trust and Cooperation Development with Agent-Based Simulation in A Pseudo Scale-free Network. Proceedings of the 19th International Conference on Supporting Group Work. :121–130.

Globally distributed collaboration requires cooperation and trust among team members. Current research suggests that informal, non-work related communication plays a positive role in developing cooperation and trust. However, the way in which teams connect, i.e. via a social network, greatly influences cooperation and trust development. The study described in this paper employs agent-based modeling and simulation to investigate the cooperation and trust development with the presence of informal, non-work-related communication in networked teams. Leveraging game theory, we present a model of how an individual makes strategic decisions when interacting with her social network neighbors. The results of simulation on a pseudo scale-free network reveal the conditions under which informal communication has an impact, how different network degree distributions affect efficient trust and cooperation development, and how it is possible to "seed" trust and cooperation development amongst individuals in specific network positions. This study is the first to use agent-based modeling and simulation to examine the relationships between scale-free networks' topological features (degree distribution), cooperation and trust development, and informal communication.