Time filter

Source Type

Dong Q.,Peking University | Guan Z.,MoE Key Laboratory of High Confidence Software Technologies PKU | Chen Z.,A+ Network
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2015

Proliferation of Electronic Commerce (EC) has revolutionized the way people purchase online. Web-based technologies enable people to more actively interact with merchants and service providers. Such purchasing logs and comments further lead to proliferation of recommender systems. Existing recommendation algorithms exploit either prior transactions or customer reviews to predict user interests towards certain items. Vast noise may be introduced into such information by fake raters, and information redundancy also makes recommender system entangled. In this work, we first examine user reviews and prior transactions to estimate user credibility and item importance to reduce effect from content polluters. Then we propose to alleviate the redundant information from homogeneous users based on link analysis. A unified framework is finally proposed to incorporate them in a mathematical formulation, which can be efficiently optimized. Experimental results on real world data reveal that our model can significantly outperform other baselines. © Springer International Publishing Switzerland 2015.

Yang Y.,Peking University | Yang Y.,MoE Key Laboratory of High Confidence Software Technologies PKU | Yang Y.,A+ Network | Guan Z.,Peking University | And 6 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2015

In recent years, memory disclosure attacks, such as cold boot attack and DMA attack, have posed huge threats to cryptographic applications in real world. In this paper, we present a CPU-bounded memory disclosure attacks resistant yet efficient software implementation of elliptic curves cryptography on general purpose processors. Our implementation performs scalar multiplication using CPU registers only in kernel level atomatically to prevent the secret key and intermediate data from leaking into memory. Debug registers are used to hold the private key, and kernel is patched to restrict access to debug registers. We take full advantage of the AVX and CLMUL instruction sets to speed up the implementation. When evaluating the proposed implementation on an Intel i7-2600 processor (at a frequency of 3.4GHz), a full scalar multiplication over binary fields for key length of 163 bits only requires 129 μs, which outperforms the unprotected implementation in the well known OpenSSL library by a factor of 78.0%. Furthermore, our work is also flexible for typical Linux applications. To the best of our knowledge, this is the first practical ECC implementation which is resistant against memory disclosure attacks so far. © Springer International Publishing Switzerland 2015.

Yu L.,Peking University | Yu L.,MoE Key Laboratory of High Confidence Software Technologies PKU | Wang Y.,National Computer Emergency Response Team and Coordination Center | Wu Z.,Peking University | And 7 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2014

With the increasing popularity of online social networks, such as twitter and weibo, privacy preserving publishing of social network data has raised serious concerns. Previous works only consider a single static release of social network data, which are not inadequate for analyzing the evolution of social networks. In this paper, we focus on the problem of preserving edges when edges are deleted or added in multiple releases of social network data. To achieve this objective, we propose the Dynamic Safety Condition, which effectively constrains nodes partition to ensure sparsity of edges between any two group. Using this condition, we devise the heuristic algorithm DEP, which anonymizes a sequential graphs to satisfy the privacy objective. Finally, we verify the effectiveness of the algorithm through experiments. © 2014 Springer International Publishing Switzerland.

Tang C.,Peking University | Tang C.,MoE Key Laboratory of High Confidence Software Technologies PKU | Tang C.,A+ Network | Wang Y.,Peking University | And 17 more authors.
Proceedings - International Conference on Advanced Information Networking and Applications, AINA | Year: 2011

Private attributes of Online Social Network(OSN) users can be inferred from other information (which is usually from users' friends and group information). To address this, social networking sites allow users to hide their friend lists and group lists, so that general public cannot see them. However, if a user doesn't make his friend list public, but his friends have public friend list where we can find him, we can do reverse lookup to extend the friend lists of the user. Furthermore, many social networks allow non-group members to list the members of public groups (e.g., Facebook). These are strong violations of OSN users' privacy, and can be considered as privacy risks caused by the asymmetric configuration of settings in OSNs. In this paper we present the privacy risks due to the lack of symmetric configurations, which exist in most of the OSNs. To make our idea more clear, we propose a inference attack and show that it can be used to infer users' private information, even for users already made their friend list private. We theoretically analyze the risk of proposed privacy issues, and evaluate the risk using experiments based on real-world OSN data. We show that it is not sufficient to only disable friend list and group list to guarantee privacy, and propose methods to mitigate these privacy issues. © 2011 IEEE.

Xin W.,Peking University | Xin W.,MoE Key Laboratory of High Confidence Software Technologies PKU | Tang C.,Peking University | Tang C.,MoE Key Laboratory of High Confidence Software Technologies PKU | And 9 more authors.
Cryptology and Information Security Series | Year: 2011

Radio Frequency Identification (RFID) systems suffer from different security and privacy problems, among which relay attacks are a hot topic recently. A relay attack is a form of man-in-the-middle (MITM) attack where the adversary manipulates the communication by only relaying the verbatim messages between two parties. The main countermeasure against relay attacks is the use of distance bounding protocols measuring the round-trip time between the reader and the tag, more precisely, it uses bit exchanges for a series of rapid challenge-response rounds in RFID systems. In 2005, Hancke and Kuhn first introduced distance bounding protocol into RFID systems, after that, many schemes have been proposed based on this protocol. However, most schemes tend to a more complex design to decrease adversary's success probability. In this paper, we propose a novel distance bounding protocol named MEED, using only 2n bits of memory, which, to our best knowledge, is equal to Hancke and Kuhn's protocol and less than any existing protocols. In addition, by using our protocol, the tag is able to detect adversary's malicious queries. We also make a comparison with typical previous distance bounding protocols in both memory and mafia fraud success probability. © 2011 The authors and IOS Press. All rights reserved.

Discover hidden collaborations