1. Blockchain-Enabled Automated and Robust Cyber Security Management

Songlin He, Eric Ficke, Mir Mehedi Ahsan Pritom, Huashan Chen, Qiang Tang, Qian Chen, Marcus Pendleton, Laurent Njilla, Shouhuai Xu

We initiate the study on the problem of automated and robust Cyber Security Management (CSM). We exemplify the problem by investigating how CSM should respond to the discovery of cyber intelligence identifying new attackers, victims, and defense capabilities. Given the complexity of CSM, we divide it into three classes, dubbed Network-centric (N-CSM), Tools-centric (T-CSM) and Application-centric (A-CSM). These lead to a range of functions for examining whether a network has been compromised and to what extent. Moreover, we propose to incorporate blockchain, i.e., Hyperledger Fabric, to build a decentralized CSM system, dubbed B2CSM, that ensures the retrieval of valid invocation results for CSM purpose. We also integrate B2CSM with decentralized storage network (DSN), that instantiated by IPFS, to reduce on-chain storage costs without hindering its robustness. We present the design and implementation of the prototype B2CSM system. Experiments with real-world datasets show that the CSM solutions and system are effective and efficient.

Published in Journal of Parallel and Distributed Computing (JPDC), 2022

2. Fair Peer-to-Peer Content Delivery via Blockchain

Songlin He, Yuan Lu, Qiang Tang, Guiling Wang, Chase Q. Wu
In comparison with conventional content delivery networks, peer-to-peer (p2p) content delivery is promising to save cost and handle high peak-demand, and can also complement the decentralized storage networks such as Filecoin. However, reliable p2p delivery requires proper enforcement of delivery fairness, i.e., the deliverers should be rewarded according to their in-time delivery. Unfortunately, most existing studies on delivery fairness are based on non-cooperative game-theoretic assumptions that are arguably unrealistic in the ad-hoc p2p setting.
We for the first time put forth an expressive yet still minimalist security notion for desired fair p2p content delivery, and give two efficient solutions FairDownload and FairStream via the blockchain for p2p downloading and p2p streaming scenarios, respectively. Our designs not only guarantee delivery fairness to ensure deliverers be paid (nearly) proportional to their in-time delivery but also ensure the content consumers and content providers are fairly treated. The fairness of each party can be guaranteed when the other two parties collude to arbitrarily misbehave. Moreover, the systems are efficient in the sense of attaining nearly asymptotically optimal on-chain costs and deliverer communication.
We implement the protocols and build the prototype systems atop the Ethereum Ropsten network. Extensive experiments done in LAN and WAN settings showcase their high practicality.

Publised in the 26th European Symposium on Research in Computer Security (ESORICS), 2021

3. Decentralizing IoT Management Systems Using Blockchain for Censorship Resistance

Songlin He, Qiang Tang, Chase Q. Wu and Xuewen Shen

Blockchain technology has been increasingly used for decentralizing cloud-based Internet of Things (IoT) architectures to address limitations faced by centralized systems. While many existing efforts are successful in decentralization with multiple servers (i.e., full nodes) to handle faulty nodes, an important issue has arisen that external clients have to rely on a relay node to communicate with the full nodes in the blockchain. Compromization of such relay nodes may result in a security breach and even a blockage of IoT sensors from the network. In this article, we propose blockchain-based decentralized IoT management systems for censorship resistance, which include a “diffusion” function to deliver all messages from sensors to all full nodes and an augmented consensus protocol to check data losses, replicate processing outcome, and facilitate opportunistic outcome delivery. We also leverage public key aggregation to reduce communication complexity and signature verification. The experimental results from proof-of-concept implementation and deployment in a real distributed environment show the feasibility and effectiveness in achieving censorship resistance.

Publised in the IEEE Transactions on Industrial Informatics (TII), 2019

4. On Distributed Information Composition in Big Data Systems

Haifa AlQuwaiee, Songlin He, Chase Q. Wu and Qiang Tang

Modern big data computing systems exemplified by Hadoop employ parallel processing based on distributed storage. The results produced by parallel tasks such as computing modules in scientific workflows or reducers in the MapReduce framework are typically stored in a distributed file system across multiple data nodes. However, most existing systems do not provide a mechanism to compose such distributed information, as required by many big data applications. We construct analytical cost models and formulate a Distributed Information Composition problem in Big Data Systems, referred to as DIC-BDS, to aggregate multiple datasets stored as data blocks in Hadoop Distributed File System (HDFS) using a composition operator of specific complexity to produce one final output. We rigorously prove that DIC-BDS is NP-complete, and propose two heuristic algorithms: Fixed-window Distributed Composition Scheme (FDCS) and Dynamic-window Distributed Composition Scheme with Delay (DDCS-D). We conduct extensive experiments in Google clouds with various composition operators of commonly considered degrees of complexity including O(n), O(n log n), and O(n^2). Experimental results illustrate the performance superiority of the proposed solutions over existing methods. Specifically, FDCS outperforms all other algorithms in comparison with a composition operator of complexity O(n) or O(n log n), while DDCS-D achieves the minimum total composition time with a composition operator of complexity O(n^2). These algorithms provide an additional level of data processing for efficient information aggregation in existing workflow and big data systems.

Published in the IEEE eScience 2019 15th International Conference (eScience), 2019

5. Censorship Resistant Decentralized IoT Management Systems

Songlin He, Qiang Tang, Chase Q. Wu

Blockchain technology has been increasingly used for decentralizing cloud-based Internet of Things (IoT) architectures to address some limitations faced by centralized systems. While many existing efforts are successful in leveraging blockchain for decentralization with multiple servers (full nodes) to handle faulty nodes, an important issue has arisen that external clients (also called lightweight clients) have to rely on a relay node to communicate with the full nodes in the blockchain. Compromization of such relay nodes may result in a security breach and even a blockage of IoT sensors from the network. We propose censorship resistant decentralized IoT management systems, which include a “diffusion” function to deliver all messages from sensors to all full nodes and an augmented consensus protocol to check data loss, replicate processing outcome, and facilitate opportunistic outcome delivery. We also leverage the cryptographic tool of aggregate signature to reduce the complexity of communication and signature verification.

Published in the MobiQuitous’18 Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (DLoT), 2018