Sort:
Open Access Research Article Issue
Distributed Differential Privacy Protection with High Data Availability in Smart Grids
Tsinghua Science and Technology 2026, 31(6): 2707-2721
Published: 30 March 2026
Abstract PDF (3.6 MB) Collect
Downloads:32

In smart grids, real-time electricity data uploaded by smart meters may be analyzed by an attacker with other data analytics methods, which may expose users’ privacy. To ensure user privacy, differential privacy methods are often used to process data. However, these methods reduce the accuracy of the data results obtained by the center and lead to unavailability of the data. In this paper, we address this problem and propose a distributed differential privacy protection scheme. Two methods of data noise addition and data perturbation are fused and used in the protection scheme. Data accuracy is improved by optimizing the noise generation method. To address the problem of quantitatively balancing the users’ privacy needs with the central analytics needs, this paper describes the needs of both through mathematical definitions, i.e., data accuracy and data privacy, and proposes a privacy budget that balances data accuracy and privacy. The performance of the proposed scheme is evaluated using the typical power data, which proves the excellent performance.

Open Access Issue
Empirical Analysis of Remote Keystroke Inference Attacks and Defenses on Incremental Search
Tsinghua Science and Technology 2025, 30(6): 2434-2451
Published: 04 July 2025
Abstract PDF (4.5 MB) Collect
Downloads:100

Incremental search provides real-time suggestions as users type their queries. However, recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels. Specifically, attackers can derive information about user keystrokes from observable traffic features, like packet sizes, timings, and directions, thereby inferring the victim’s entered search query. This vulnerability is known as a remote keystroke inference attack. While various attacks leveraging different traffic features have been developed, accompanied by obfuscation-based countermeasures, there is still a lack of overall and in-depth understanding regarding these attacks and defenses. To fill this gap, we conduct the first comprehensive evaluation of existing remote keystroke inference attacks and defenses. We carry out extensive experiments on five well-known incremental search websites, all listed in Alexa’s top 50, to evaluate and compare their real-world performance. The results demonstrate that attacks utilizing multidimensional request features pose the greatest risk to user privacy, and random padding is currently considered the optimal defense balancing both efficacy and resource demands. Our work sheds light on the real-world implications of remote keystroke inference attacks and provides developers with guidelines to enhance privacy protection strategies.

Open Access Issue
EScope: Effective Event Validation for IoT Systems Based on State Correlation
Big Data Mining and Analytics 2023, 6(2): 218-233
Published: 26 January 2023
Abstract PDF (4.1 MB) Collect
Downloads:111

Typical Internet of Things (IoT) systems are event-driven platforms, in which smart sensing devices sense or subscribe to events (device state changes), and react according to the preconfigured trigger-action logic, as known as, automation rules. "Events" are essential elements to perform automatic control in an IoT system. However, events are not always trustworthy. Sensing fake event notifications injected by attackers (called event spoofing attack) can trigger sensitive actions through automation rules without involving authorized users. Existing solutions verify events via "event fingerprints" extracted by surrounding sensors. However, if a system has homogeneous sensors that have strong correlations among them, traditional threshold-based methods may cause information redundancy and noise amplification, consequently, decreasing the checking accuracy. Aiming at this, in this paper, we propose "EScope" , an effective event validation approach to check the authenticity of system events based on device state correlation. EScope selects informative and representative sensors using an Neural-Network-based (NN-based) sensor selection component and extracts a verification sensor set for event validation. We evaluate our approach using an existing dataset provided by Peeves. The experiment results demonstrate that EScope achieves an average 67% sensor amount reduction on 22 events compared with the existing work, and increases the event spoofing detection accuracy.

Open Access Issue
RouteGuardian: Constructing Secure Routing Paths in Software-Defined Networking
Tsinghua Science and Technology 2017, 22(4): 400-412
Published: 20 July 2017
Abstract PDF (15.2 MB) Collect
Downloads:63

Software-Defined Networking (SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However, traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose RouteGuardian, a reliable security-oriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, RouteGuardian supports dynamic routing reconfiguration according to the latest network status. We prototyped RouteGuardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.

Total 4