Database and Network Security

Authentication and Integrity Assurance

The popularity of mobile social networking services (mSNSs) is propelling more and more businesses, especially those in retailing and marketing, into mobile and location-based forms. To address the trustworthy issue, the service providers are expected to deliver their location-based services in an authenticatable manner, so that the correctness of the service results can be verified by the client. However, existing works on query authentication cannot preserve the privacy of the data being queried, which are sensitive user locations when it comes to location-based services and mSNSs.

Selected Publications:

  • L. Tang, Q. Ye, H. Zheng, H. Hu, Z. Han, and N-F. Law. “Stateful-CCSH: An Efficient Authentication Scheme for High-Resolution Video Surveillance System.” IEEE Internet of Things Journal, 2022.
  • H. Yan, H. Hu, Q. Ye, and L. Tang. “SPMAC: Scalable Prefix Verifiable Message Authentication Code for Internet of Things.” IEEE Transactions on Network and Service Management (TNSM), 2022.
  • L. Tang and H. Hu. “OHEA: Secure Data Aggregation in Wireless Sensor Networks against Untrusted Sensors.” 29th ACM International Conference on Information and Knowledge Management (CIKM ’20), Oct 19-23, 2020, Online, pp 1425–1434.
  • C. Xu, J. Xu, H. Hu, and M. H. Au. “When Query Authentication Meets Fine-Grained Access Control: A Zero-Knowledge Approach.” Proc. of 2018 ACM SIGMOD International Conference on Management of Data, Houston, USA, Jun 2018, 147-162.
  • C. Xu, Q. Chen, H. Hu, J. Xu, and X. Hei. “Authenticating Aggregate Queries over Set-Valued Data with Confidentiality.” IEEE Transactions on Knowledge and Data Engineering (TKDE), 30(4):630-644, Apr 2018.
  • H. Hu, Q. Chen, J. Xu, and B. Choi, “Assuring Spatio-Temporal Integrity on Mobile Devices with Minimum Location Disclosure”, IEEE Transactions on Mobile Computing (TMC), 16(11): 3000-3013, November 2017.
  • Q. Chen, H. Hu, and J. Xu. “Authenticated Online Data Integration Services.” Proc. of the 2015 ACM SIGMOD International Conference on Management of Data, pp 167-181.
  • Q. Chen, H. Hu, and J. Xu. “Authenticating Top-k Queries in Location-based Services with Confidentiality.” Proc. of the VLDB Endowment (PVLDB ’14), 49-60.
  • X. Lin, J. Xu, H. Hu, and W.-C. Lee. “Authenticating Location-Based Skyline Queries in Arbitrary Subspaces.” IEEE Transactions on Knowledge and Data Engineering (TKDE), 26(6): 1479-1493, June 2014.
  • H. Hu, J. Xu, Q. Chen, and Z. Yang. “Authenticating Location-based Services without Compromising Privacy.” Proc. of the 2012 ACM SIGMOD International Conference on Management of Data, pp. 301 – 312.
  • X. Lin, J. Xu, and H. Hu. “Authentication of Location-based Skyline Queries.” Proc. of the 20th ACM Conference on Information and Knowledge Management (CIKM ’11), pp. 1583 – 1588.

Externally Funded Projects:

  • Integrity Assurance for Vehicular Telematics Data (RGC/GRF, 15222118, 2019-2021, HK$ 693,000)
  • Security and Privacy-enhancing Technologies for Cloud Storage of Big Data (Co-PI: RGC/CRF, C1008-16G, 2017-2020, HK$ 5,983,404, PI: Prof. Jia Xiaohua)
  • Spatio-Temporal Attestation for Location-based Services Using Private Signatures (RGC/GRF, PolyU 210612, 2012-2015, HK$ 690,000)
  • Privacy-Conscious Query Authentication for Outsourced and Cloud Databases (RGC/GRF, HKBU 210811, 2011-2013, HK$ 792,500)

Patents:

  • H. Hu, Q. Chen, and J. Xu. “Method and Apparatus for Assuring Location Data Integrity with Minimum Location Disclosure.” US Patent No. 9,973,514 B2, May 2018.
  • H. Hu, J. Xu, and Q. Chen. “Method and Apparatus for Authenticating Location-based Services without Compromising Location Privacy.” US Patent No. 9,043,927 B2, May 2015.

Database Security and Blockchain

This is the area of research that studies database encryption, secure query processing (especially secure hardware empowered), and de-centralized distributed ledger, a.k.a., blockchain.

Selected Publications:

  • L. Tang, Q. Ye, H. Hu, M. H. Au. “Secure Traffic Monitoring with Spatio-temporal Metadata Protection Using Oblivious RAM.” IEEE Transactions on Intelligent Transportation Systems, 2023.
  • Z. Han, H. Hu, and Q. Ye. “ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave.” IEEE Transactions on Cloud Computing (TCC), Volume: 11, Issue: 2, 01 April 2023, pp. 1474-1486.
  • Z. Han, Q. Ye, and H. Hu. “OTKI-F: An Efficient Memory-secure Multi-keyword Fuzzy Search Protocol.” Journal of Computer Security, vol. 31, no. 2, pp. 129-152, 2023.
  • Z. Peng, J. Xu, H. Hu, and L. Chen. “BlockShare: A Blockchain Empowered System for Privacy-Preserving Verifiable Data Sharing.” Bulletin of the IEEE Computer Society Technical Committee on Data Engineering, June 2022, pp.14-24.
  • T. Huang, J. Huang, H. Wei, J. Zhang, H. Yan, D. Wong, H. Hu. “zkChain: A Privacy-Preserving Model Based on zk-SNARKs and Hash Chain for Efficient Transfer of Assets.” Transactions on Emerging Telecommunications Technologies (ETT), 2022.
  • B. C. Singh, Q. Ye, H. Hu, and B. Xiao. “Efficient and lightweight indexing approach for multi-dimensional historical data in blockchain.” Future Generation Computer Systems, Elsevier, 2022.
  • Z. Han, H. Hu, and Q. Ye. “ReFlat: A Robust Access Pattern Hiding Solution for General Cloud Query Processing Based on K-Isomorphism and Hardware Enclave.” IEEE Transactions on Cloud Computing (TCC), 2021.
  • Z. Han and H. Hu. “ProDB: A memory-secure database using hardware enclave and practical oblivious RAM.” Information Systems, Volume 96, February 2021, 101681.
  • Y. Ji, C. Xu, J. Xu, H. Hu. “vABS: Towards Verifiable Attribute-Based Search over Shared Cloud Data.” (demo) Proc. of 35th IEEE International Conference on Data Engineering (ICDE ’19), Macau SAR, China, Apr. 2019, pp 2028-2031.
  • H. Hu, J. Xu, X. Xu, K. Pei, B. Choi, and S. Zhou. “Private Search on Key-Value Stores with Hierarchical Indexes”,Proc. of the 30th IEEE International Conference on Data Engineering (ICDE ’14), Chicago, IL, USA, April 2014, pp 628-639.

Externally Funded Projects:

  • User-Controlled Secure Data Sharing and Analytics with Blockchain and Trusted Computing Technologies (Co-PI: RGC/CRF, C2004-21GF, 2022-2025, HK$ 6,734,880, PI: Prof. Xu Jianliang)
  • Protecting Metadata Privacy for Mobile Crowdsensing Using Oblivious RAM (RGC/GRF, 15238116, 2017-2020, HK$ 482,605)
  • Privacy-Preserving Mobile User Behavior Statistics Collection (Huawei Innovation Research Program, 2017-2018, US$ 30,000)
  • Privacy Preservation Techniques for Query Processing in Big Data 大数据查询处理的隐私保护技术 (Co-PI: Joint Funds of National Natural Science Foundation of China (Key Program) 国家自然科学基金联合基金重点支持项目合作单位负责人, U1636205, 2017-2020, CNY 2,520,000, PI: Prof. Zhou Shuigeng)
  • Mutual Privacy Protection on Private Queries over Large-Scale Private Data 海量数据查询中的双向隐私保护机制研究 (National Natural Science Foundation of China 国家自然科学基金面上项目, 61572413, 2016-2019, CNY 630,000)

Patents:

  • H. Hu, Z. Chen, and J. Yu. “Privacy-Preserving Large-Scale Location Monitoring.” US Patent No. 9,756,461, Sept 2017.