Visible to the public Biblio

Filters: Author is Yu, Ping  [Clear All Filters]
2020-05-04
Chen, Hanlin, Hu, Ming, Yan, Hui, Yu, Ping.  2019.  Research on Industrial Internet of Things Security Architecture and Protection Strategy. 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRIS). :365–368.

Industrial Internet of Things (IIoT) is a fusion of industrial automation systems and IoT systems. It features comprehensive sensing, interconnected transmission, intelligent processing, self-organization and self-maintenance. Its applications span intelligent transportation, smart factories, and intelligence. Many areas such as power grid and intelligent environment detection. With the widespread application of IIoT technology, the cyber security threats to industrial IoT systems are increasing day by day, and information security issues have become a major challenge in the development process. In order to protect the industrial IoT system from network attacks, this paper aims to study the industrial IoT information security protection technology, and the typical architecture of industrial Internet of things system, and analyzes the network security threats faced by industrial Internet of things system according to the different levels of the architecture, and designs the security protection strategies applied to different levels of structures based on the specific means of network attack.

2018-06-07
Wei, Changzheng, Li, Jian, Li, Weigang, Yu, Ping, Guan, Haibing.  2017.  STYX: A Trusted and Accelerated Hierarchical SSL Key Management and Distribution System for Cloud Based CDN Application. Proceedings of the 2017 Symposium on Cloud Computing. :201–213.
Protecting the customer's SSL private key is the paramount issue to persuade the website owners to migrate their contents onto the cloud infrastructure, besides the advantages of cloud infrastructure in terms of flexibility, efficiency, scalability and elasticity. The emerging Keyless SSL solution retains on-premise custody of customers' SSL private keys on their own servers. However, it suffers from significant performance degradation and limited scalability, caused by the long distance connection to Key Server for each new coming end-user request. The performance improvements using persistent session and key caching onto cloud will degrade the key invulnerability and discourage the website owners because of the cloud's security bugs. In this paper, the challenges of secured key protection and distribution are addressed in philosophy of "Storing the trusted DATA on untrusted platform and transmitting through untrusted channel". To this end, a three-phase hierarchical key management scheme, called STYX1 is proposed to provide the secured key protection together with hardware assisted service acceleration for cloud-based content delivery network (CCDN) applications. The STYX is implemented based on Intel Software Guard Extensions (SGX), Intel QuickAssist Technology (QAT) and SIGMA (SIGn-and-MAc) protocol. STYX can provide the tight key security guarantee by SGX based key distribution with a light overhead, and it can further significantly enhance the system performance with QAT based acceleration. The comprehensive evaluations show that the STYX not only guarantees the absolute security but also outperforms the direct HTTPS server deployed CDN without QAT by up to 5x throughput with significant latency reduction at the same time.