Embedded Files
I am currently an assistant professor in the Institute of Information Engineering, CAS. My research interests include network security and cyber-physical system security.
Efficient User Authentication and Key Managements in 3G-WLAN Interworking Networks
Efficient User Authentication and Key Managements in 3G-WLAN Interworking Networks
This work was supported by Huawei Technology Fund, and got a China patent granted.
Our contribution is threefold:
A comprehensive analysis of current authentication and key management schemes used in 3G-WLAN interworking networks
Proposition of an improved authentication scheme by modifying the EAP-AKA keying framework to facilitate a WLAN user to efficiently access services through 3G networks
Design of a new re-authentication and handover authentication procedure based on the proposed key framework to simplify the maintenance of previous authenticated connections
Reliable and Secure Communication Infrastructures for FREEDM Systems towards Smart Grid
Reliable and Secure Communication Infrastructures for FREEDM Systems towards Smart Grid
This work is motivated by an urgently needed understanding, how to design implement and integrate communication infrastructures with power systems. And the objective of this work is to acquire first-hand experiences and system performance towards an operable, cost-efficient and backward-compatible communication solution for the smart grid.
To this end, we carried out an empirical study based on a smart grid demonstration project, the Future Renewable Electric Energy Delivery and Management (FREEDM) systems. Our work is threefold:
A summary of communication requirements implied in FREEDM use cases
Designs and implementations of a communication platform by using the Distributed Network Protocol 3.0 over TCP/IP framework, serving for interconnections of power electronics devices
A comprehensive system performance measurement and analysis regarding the message delivery delay, the efficiency of DNP3 over TCP/IP, and other implementation issues.
Message Authentication and Integrity Protection in Smart Grid
Message Authentication and Integrity Protection in Smart Grid
This work aims to investigate security issues of the smart grid. More specifically, we focus on one of the most important facilities of power systems, electrical substations, to study cyber threats inside the Substation Automation System (SAS). Due to the distinctive time-critical and fault-sensitive features of the message delivery inside the substation, the message authentication and integrity protection faces dual challenges from both performance and security.
Our objective is to find appropriate existing security schemes to fulfill demands of secure SAS message transmissions. If no appropriate scheme, we expect to summarize design principles or guidelines for the future security scheme design on the network performance perspective.
Our finding is interesting. The time-critical message transmission poses different constraints on prestigious security schemes regarding its applicability in SAS. Moreover, intrinsic design limitations of existing security schemes, such as complicated computations, waiting time before verification, shorter key valid time and limited key supplies, can easily be hijacked by malicious attacks, to undermine message deliveries, thus becoming security vulnerabilities, not the security guards.
Secure Video Surveillance Systems towards Smart City: Design and Implementation
Secure Video Surveillance Systems towards Smart City: Design and Implementation
This work is supported by the "Strategic Priority Research Program" of the Chinese Academy of Sciences, and now is under the stage of scheme design and implementation.
This work targets security weaknesses widely existing in the current Video Surveillance Systems (VSS), which puts a large amount of users at risk. Due to the absence of defense approaches in VSS, attackers are readily to intrude the system, to eavesdrop the video that may be very helpful for VIP tracking against people's privacy, to tamper videos confusing the audiences, even to manipulate the camera for criminal intent.
Based on above considerations, our work is to re-design the VSS by adding security schemes. These schemes include the authentication scheme towards M2M communication establishement, encypted video streaming transportation, and so on.
Page updated
Google Sites
Report abuse