The team has built a model smart campus IoT system used for developing the architecture of layered cyber security systems.
Credit: Nankai University
Data breaches are increasing, with billions of records compromised every year. Liu Zheli, a professor from Nankai’s College of Cyber Science is leading a team focused on finding better ways to protect sensitive and confidential information. The team investigates the storage, query and computation of encrypted data, and has made breakthroughs in reserved format encryption, searchable encryption, private set operations over encrypted data, and machine learning which safeguards privacy.
Integrating encryption into existing applications typically demands the output is in the same format as the input, but this can be challenging. To solve this problem in ciphertext storage, Liu’s team proposed an algorithm that encrypts plaintext data into the same format. They also suggested a searchable encryption algorithm for retrieving data included in ciphertext with specific keywords.
Based on these two algorithms, the team has developed an encrypted database system and applied the methods to telecommunication, finance, social security, and government administration systems to effectively protect sensitive user data.
The proposed ciphertext set operation algorithm can perform secure operations for isolated and un-shared data, and is widely used in cooperative advertising, providing new business opportunities for companies such as the technology giant, Tencent, and its e-commerce collaborators.
Intelligent computing and system security
Nankai’s Intelligent Computing System (NKICS) Lab, led by Professor Li Tao is focused on heterogeneous computing systems, data-driven edge computing, and IoT big data-driven anomaly detection. The team has built a smart campus IoT system by developing the architecture of device layer, edge layer, support service layer and application layer. The system provides a sound experimental environment for designing and developing key technologies in intelligent IoT systems. It has since become a model for IoT teaching and research in the College of Cyber Science.
Edge computing is expected to become an indispensable part of IoT infrastructure and help alleviate the predicted pressure on 5G networks due to increased bandwidth demand. NKICS Lab takes advantage of the availability of a vast number of inexpensive edge devices and distributed collaborating networks, to design a high-efficiency neural network compression scheme and a number of parallel computing solutions to optimize the system. They successfully applied the results to aerial remote sensing, spectral image classification, and environmental monitoring. The team continues to develop neural network training routines for large scale, low-cost devices to lower the power consumption and training cost of computing resources.
Based on a combination of data-driven artificial intelligence algorithms and blockchains, the team has designed an intelligent security detection framework for the smart campus IoT system. By developing an evaluation model aimed at optimizing the conventional security detection algorithm, the team has detected security threats in some real-world industrial IoT systems. They also investigated the integration of credible consensus, smart contract and distributed storage techniques in the development of blockchain-based monitoring system for tracking threats in China’s power grid and civil aviation service zones.
The challenges of defending computer software against human attackers, who have limitless and authorized access to the target, known as Man-At-The-End (MATE) attacks, are pushing software protection research to a new level. Security problems involving human elements are more than just technical issues, and solutions must take into account such human factors as motivation, ingenuity and creativity. Software used in digital assets at all levels, from consumer devices, home networks, the cloud, and the IoT, are becoming inadequate at dealing with MATE attacks.
The research team led by professor Jia Chunfu has made several innovative steps to thwart these attacks. To fight against state-of-the-art dynamic binary analysis, they proposed a control flow obfuscation scheme based on unsolved problems in mathematics, such as the Collatz conjecture, which could efficiently slow down the symbolic execution. Exploiting the ‘hailstone sequence’ property of Collatz conjecture, they developed a novel software watermarking technique and attracted considerable attention in the software protection industry. In addition, by utilizing machine learning algorithms to replace conditional branch in software, Jia’s team has proposed a control flow obfuscation technique and several high-security dynamic software watermarks. Especially, they used the redundant output space of neural networks for concolic testing and to hold secure software watermarks.
As for protecting data transformation across the insecure network, one of the core ideas is to have the communicating peers actively changing network port signals, including the port number, IP address, and data encryption protocol according to an agreed hopping plan. Unpredictable changes in end-to-end communication can prevent the attackers from acquiring port information of one or both of the communicating parties and thwart the attack. Inspired by the frequency-hopping spread spectrum method, Jia’s team has proposed an active security protection technology for computer networks. The potential application of the technique has attracted interest from both academia and industry.
Cutting-edge cyber science research by Nankai researchers has led to academic publications, conference presentations, new software, patents, and standards. Through close collaboration with state agencies and commercial companies, the college has made a major impact on the information security industry.
“We want to lead the academic development of cyber science by exploiting our cross-disciplinary advantages of engineering, law, and management,” said Yuan Xiaojie, dean of the college. “We aim to become an influential institution in cyber security studies and a national base for cultivating talented professionals in this field.”