Security and Privacy

Query Authentication and Assurance

The popularity of mobile social networking services (mSNSs) is propelling more and more businesses, especially those in retailing and marketing, into mobile and location-based forms. To address the trustworthy issue, the service providers are expected to deliver their location-based services in an authenticatable manner, so that the correctness of the service results can be verified by the client. However, existing works on query authentication cannot preserve the privacy of the data being queried, which are sensitive user locations when it comes to location-based services and mSNSs.

Selected Publications:

  • C. Xu, J. Xu, H. Hu, and M. H. Au. “When Query Authentication Meets Fine-Grained Access Control: A Zero-Knowledge Approach.” Proc. of the 2018 ACM SIGMOD International Conference on Management of Data, Houston, USA, Jun 2018, pp 147-162.
  • C. Xu, Q. Chen, H. Hu, J. Xu, and X. Hei. “Authenticating Aggregate Queries over Set-Valued Data with Confidentiality.” IEEE Transactions on Knowledge and Data Engineering (TKDE), 30(4):630-644, Apr 2018.
  • H. Hu, Q. Chen, J. Xu, and B. Choi, “Assuring Spatio-Temporal Integrity on Mobile Devices with Minimum Location Disclosure”, IEEE Transactions on Mobile Computing (TMC), 16(11): 3000-3013, November 2017.
  • Q. Chen, H. Hu, and J. Xu. “Authenticated Online Data Integration Services.” Proc. of the 2015 ACM SIGMOD International Conference on Management of Data, pp 167-181.
  • Q. Chen, H. Hu, and J. Xu. “Authenticating Top-k Queries in Location-based Services with Confidentiality.” Proc. of the VLDB Endowment (PVLDB ’14), 49-60.
  • X. Lin, J. Xu, H. Hu, and W.-C. Lee. “Authenticating Location-Based Skyline Queries in Arbitrary Subspaces.” IEEE Transactions on Knowledge and Data Engineering (TKDE), 26(6): 1479-1493, June 2014.
  • H. Hu, J. Xu, Q. Chen, and Z. Yang. “Authenticating Location-based Services without Compromising Privacy.” Proc. of the 2012 ACM SIGMOD International Conference on Management of Data, pp. 301 – 312.

Externally Funded Projects:

  • Integrity Assurance for Vehicular Telematics Data (RGC/GRF, 15222118, 2019-2021, HK$ 693,000)
  • Security and Privacy-enhancing Technologies for Cloud Storage of Big Data (Co-PI: RGC/CRF, C1008-16G, 2017-2020, HK$ 5,983,404, PI: Prof. Jia Xiaohua)
  • Spatio-Temporal Attestation for Location-based Services Using Private Signatures (RGC/GRF, PolyU 210612, 2012-2015, HK$ 690,000)
  • Privacy-Conscious Query Authentication for Outsourced and Cloud Databases (RGC/GRF, HKBU 210811, 2011-2013, HK$ 792,500)

Patents:

  • H. Hu, Q. Chen, and J. Xu. “Method and Apparatus for Assuring Location Data Integrity with Minimum Location Disclosure.” US Patent No. 9,973,514 B2, May 2018.
  • H. Hu, J. Xu, and Q. Chen. “Method and Apparatus for Authenticating Location-based Services without Compromising Location Privacy.” US Patent No. 9,043,927 B2, May 2015.

Privacy-aware Computing

Location-based services (LBS) provide location-related information to users. However, to enjoy these LBS services the user must explicitly expose his/her accurate location to the service provider, who might abuse such information or even trade it to unauthorized parties. As public concern for privacy protection are getting stronger, we need to address the privacy issue while still maintaining good quality of services. A typical solution is location cloaking, which blurs the user location and replaces it with a cloaked region to satisfy some privacy metric like k-anonymity (at least k users share the same region so that they are indistinguishable).

Selected Publications:

  • Q. Ye, H. Hu, X. Meng, and H. Zheng. “PrivKV: Key-Value Data Collection with Local Differential Privacy.” Proc. of 40th IEEE Symposium on Security and Privacy (SP’19), San Francisco, USA, May 2019, accepted to appear。
  • C. Liu, S. Zhou, H. Hu, Y. Tang, J. Guan, and Y. Ma. “CPP: Towards Comprehensive Privacy Preserving for Query Processing in Information Networks.” Information Sciences, Volume 467, October 2018, pages 296-311.
  • H. Hu, J. Xu, X. Xu, K. Pei, B. Choi, and S. Zhou. “Private Search on Key-Value Stores with Hierarchical Indexes”,Proc. of the 30th IEEE International Conference on Data Engineering (ICDE ’14), Chicago, IL, USA, April 2014, pp 628-639.
  • H. Li, H. Hu, J. Xu. “Nearby Friend Alert: Location Anonymity in Mobile Geo-Social Networks”. IEEE Pervasive Computing, 12(4): 62-70, 2013.
  • H. Hu, J. Xu, C. Ren, and B. Choi. “Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism.” Proc. of the 27th IEEE International Conference on Data Engineering (ICDE ’11), pp. 601 – 612.
  • H. Hu and J. Xu. “Non-Exposure Location Anonymity.” Proc. the 25th IEEE Int. Conf. on Data Engineering (ICDE ’09), Shanghai, China, pp. 1120-1131.
  • H. Hu, J. Xu, S. T. On, J. Du, and K. Y. Ng. “Privacy-Aware Location Data Publishing”. ACM Transactions on Database Systems (TODS), 35(3), July 2010.
  • H. Hu and J. Xu. “2PASS: Bandwidth-Optimized Location Cloaking for Anonymous Location-Based Services.” IEEE Transactions on Parallel and Distributed Systems (TPDS), 21(10): 1458-1472, October 2010.
  • H. Hu, J. Xu and D. L. Lee. “PAM: An Efficient and Privacy-Aware Monitoring Framework for Continuously Moving Objects.” IEEE Transactions on Data and Knowledge Engineering (TKDE), 22(3): 404-419, March 2010.

Externally Funded Projects:

  • Protecting Metadata Privacy for Mobile Crowdsensing Using Oblivious RAM (RGC/GRF, 15238116, 2017-2020, HK$ 482,605)
  • Privacy-Preserving Mobile User Behavior Statistics Collection (Huawei Innovation Research Program, 2017-2018, US$ 30,000)
  • Privacy Preservation Techniques for Query Processing in Big Data 大数据查询处理的隐私保护技术 (Co-PI: Joint Funds of National Natural Science Foundation of China (Key Program) 国家自然科学基金联合基金重点支持项目合作单位负责人, U1636205, 2017-2020, CNY 2,520,000, PI: Prof. Zhou Shuigeng)
  • Mutual Privacy Protection on Private Queries over Large-Scale Private Data 海量数据查询中的双向隐私保护机制研究 (National Natural Science Foundation of China 国家自然科学基金面上项目, 61572413, 2016-2019, CNY 630,000)
  • Incognito Browsing of Spatial-Temporal Data Using Computational Private Information Retrieval (RGC/GRF, 12200914, 2014-2017, HK$ 692,894)

Patents:

  • H. Hu, Z. Chen, and J. Yu. “Privacy-Preserving Large-Scale Location Monitoring.” US Patent No. 9,756,461, Sept 2017.