The overarching goal of our research program has been focusing on studying and building efficient and secure networks and systems to enable fast, reliable, private, and secure delivery and processing of information. Recent years have seen a proliferation of heterogeneous mobile and wireless devices (such as smartphones and Internet-of-Things devices) which generate an increasing amount of data, yet the available spectrum and bandwidth became more and more scarce. On the other hand, due to the increase of hardware/software capabilities and energy-efficiency of devices, they are not only capable of communicating and networking but also sensing, computing, or even interacting with the physical world. The role of a network is transitioning into a multi-functional, intelligent infrastructure supporting integrated communication, sensing, data storage and computation, leading to a myriad of exiciting new applications and services. Thus, new network architectures and protocols/algorithms are required to support not only the delivery but also processing of information to enable those applications (e.g., cloud and edge computing).

These novel computing paradigms, however, also create more opportunities for vandals and criminals to launch various attacks to either gain economic benefits or jeopardize the society. The information about individuals are being collected and stored in various interconnected venues which makes them easier to be hacked and misused than ever. Devices are quickly rolled out to market by companies to stay ahead of the competition such that security is never a primary concern in their designs. As a result, the same technologies that human beings developed can lead to adverse effects (not only economical loss but also put people's safety at risk), and privacy of citizens are now near the brink of extinction. To avoid an infinite loop of break-and-patch, it is crucial that multiple objectives (high-performance, usability, security and privacy) are satisfied simultaneously when we design those systems.

Research Methodology

Our goal is to develop both solid foundations and practical mechanisms for performance and security/privacy assurance in emerging networked systems and computing platforms, to make them dependable and trustworthy. Our research is devoted not only to make them resilient to malicious attacks, but also to promote proactive built-in security protection in their early design. Our research philosophy is to bring together theory and practice. On the theoretical side, we may leverage tools from communications and networking, signal processing, optimization, game-theory, machine learning, algorithm design, and applied cryptography. On the practical side, we may investigate a variety of applications and make use of real-world networked devices such as vehicles, drones, IoT platforms, datasets, experimental/simulation platforms such as software-defined radios, etc. We always keep an open mind to new problems and toolsets, and are prepared to challenge existing and well-established assumptions.

Research Areas/Topics

1. Wireless Networking: Interference Cancellation for Coexistence, and Machine Learning for Adaptation

In the increasingly crowded wireless spectrum, highly efficient spectrum sharing mechanisms are desired to enable the coexistence among disparate multi-hop wireless networks. Cross-technology interference (CTI) is widespread which are detrimental to network performance, for example, among LTE and WiFi networks in the unlicensed ISM bands, IEEE 802.22 (WRAN) and IEEE 802.11af (WLAN) in the TV white space, etc. Current approaches mostly follow the interference-avoidance paradigm, where transmissions are separated in frequency, time, or space, rather than to reduce or eliminate interference. On the other hand, due to the advancement of novel physical layer technologies such as Multiple Input Multiple Output (MIMO) interference cancellation (IC), interference-free concurrent transmissions in the same frequency band become feasible. Different IC techniques have been demonstrated to enhance throughput within standalone homogeneous wireless networks. However, their potential for mitigating the cross-technology interference among multiple heterogeneous multi-hop networks were not well understood. Our work seeks to develop new models and methodologies to theoretically quantify the performance limit of cross-technology IC, as well as designing practical protocols to enable interference-free coexistence.

On the other hand, with the increase of the number of wireless devices and their traffic volumes, multi-hop wireless networks (MWNs) demand for higher capacity, reliability, and quality-of-service (QoS). Mechanisms at various network layers have been proposed in the past to enhance the performance of MWNs, however, the fundamental challenges or bottleneck reside in the unreliable wireless channel. Our work systematically explores antenna-level reconfigurability to optimize the end-to-end performance and QoS in MWNs, by both laying down the theoretical foundations and developing practical protocols. Online machine learning algorithms are being leveraged to adapt to the changing link status and optimize end-to-end scheduling and routing.

Funding support: National Science Foundation (NSF), Office of Naval Research (ONR).
Project Websites: Coexistence among heterogeneous multi-hop networks

2. Wireless Security: Automatic Trust Establishment

Wireless networks play a key role in collecting data from IoT sensors. Examples include body area networks consisting of wearable sensors to monitor patients' vital signs in real-time, and local area networks where an access point collects data from security cameras and motion sensors for trespassing detection. For such applications, the security, integrity, and availability of wireless communications is crucial for users' safety and privacy. The fist step toward guaranteeing secure communications is to establish security associations (or initial trust), which usually involves the process of deriving a common cryptographic key or password between intended devices, and achieving two-party mutual authentication (to verify the device’s identity or legitimacy) and key-agreement (to establish a secure channel over a public medium). The prevailing methods for secure pairing either involve the manual input of a secret (e.g., a password or a PIN) to each device, or by preloading devices with some default secret. However, key preloading solutions pose significant scalability, usability, and interoperability challenges. Many new wireless devices lack the necessary interfaces to enter or change passwords. Even if those passwords are entered a priori, manufacturers frequently opt for default secrets that are easily leaked. Indeed, the largest DDoS attack to date exploited default passwords preloaded to IP cameras, digital video recorders, etc., to form the Mirai botnet and attack the DNS infrastructure. For public key infrastructure (PKI)-based solutions, timely key revocation is extremely challenging to achieve, especially under intermittent connectivity. Thus, our research focuses on developing solutions to automatically establish initial trust for securely introduce new devices into a network, as well as evovling the trust without manual efforts. We mainly pursue "in-band" approaches where devices are only required to possess a common radio interface without any out-of-band channels or additional hardware/sensing interfaces.

Funding support: Army Research Office (ARO), and the Army Educational Outreach Program (AEOP).

3. Security and Privacy in Dynamic Spectrum Sharing

   The dramatic growth in demand for wireless services has fueled a severe shortage in radio spectrum, especially in the overcrowded unlicensed bands. The regulatory approach for meeting this galloping demand is to allow the coexistence of competing wireless technologies, cellular, Wi-Fi, radar, TV, emergency communications, and others. This shared spectrum paradigm poses novel challenges for the secure, efficient, and fair resource allocation. Many of these challenges stem from the heterogeneity of the coexisting systems, the system scale, and the lack of explicit coordination mechanisms between them. The fundamentally different spectrum access models and PHY-layer capabilities–dynamic vs. fixed access, schedule-based vs. random access, MIMO-capable vs. single antenna, interference-avoiding vs. interference-mitigating, etc.– create a complex and interdependent ecosystem, without a single control plane. Whereas some recent efforts have tried to address the coexistence of specific technologies (e.g., LTE and Wi-Fi, opportunistic access in TV white spaces), a comprehensive and general approach to securely and efficiently coordinate spectrum access for heterogeneous systems remains elusive. Thus, we propose a novel coexistence framework for coordinating, monitoring, evaluating, and adapting spectrum access in a secure, efficient, and privacy-preserving manner.
 
On the other hand, enforcing spectrum access rules or etiquettes is crucial to the ultimate success of dynamic spectrum access (DSA) paradigm. Traditional approaches either require trusted radio software/hardware, or employ dedicated trusted devices to exert external enforcement. However, they are not compatible with legacy devices and incur high cost in actual deployment, which becomes a barrier for them to be adopted in reality. Thus, we investigate a fundamentally different spectrum etiquette enforcement paradigm by tapping into the power of crowdsourcing. Every cognitive radio device can potentially act as an agent to collaboratively monitor radio access behavior in its neighborhood, be able to detect/identify anomalous spectrum usage and its culprit, and exert immediate punishment if that happens. In this way, spectrum misuse can be effectively deterred and prevented without requiring a dedicated trusted infrastructure nor significant external efforts.

Funding support: National Science Foundation (NSF).
Project Websites:  SpecEES: Secure and fair coexistence; EARS: crowdsourced spectrum enforcement.

4. Security and Privacy Protection of Data Collection and Analysis

  The emergence of cloud computing brings a paradigm shift to the way that big data is stored, accessed and utilized. Especially, outsourcing data to the public cloud enjoys unlimited resources with great economic savings for both data owners and users. However, as customers no longer have physical control over the remote cloud resources, security and privacy concerns have been major hurdles against the widespread adoption of the cloud technology. Our research aims at protecting user privacy in the public cloud, by designing privacy-assured, usable and efficient data storage, auditing, and processing solutions for large amount of sensitive information stored in commercial cloud platforms, such as corporate financial documents, medical records and social network profiles. Our research in this area has been focusing on: remotely proving the possession of owners' data in the cloud, privacy-preserving and usable search over cloud data, and collaborative outsourced computations leveraging the cloud.

On the other hand, in recent years large companies are already collecting many users' data for analytics/advertisement purposes and providing better services. To protect users' privacy, encryption may not be the best solution in this scenario since the service provider must be able to query statistical information from the data. Data obfuscation/perturbation techniques have became promising as they aim at hiding the secrets of individual users while still allowing statistical analysis. Differential privacy is a formal notion to quantify the privacy level of users in this setting. However, how to achieve a good balance between privacy and data utility is always a challenge, especially in the local setting where the service provider is untrusted. Our recent research focus on developing context-aware privacy notions and mechanisms to enhance the utility-privacy tradeoff, by leveraging statistical and information-theoretic approaches.

Funding support: National Science Foundation (NSF) and Amazon Web Services.
Project Websites: Secure data service outsourcing (completed)

5. Cyber-Physical System Security: Autonomous and Connected Vehicles & Unmanned Aerial Systems.

   

Vehicular automation is now appearing that promises a new era of transportation technology. Although automation introduces opportunities to optimize the efficiency and safety of transportation systems, it also exposes users to new security risks due to increased reliance on computers, sensors and networked communication. The goal of this research is to provide a secure foundation for a transportation system that increasingly relies on cooperative automation strategies and vehicle connectedness to achieve increases in safety, efficiency, and capacity. We anticipate a three phase deployment of automation technologies: (1) autonomous vehicles without connectivity will use local sensing to form and maintain platoons, (2) vehicles will begin to incorporate traffic-related information shared via vehicle-to-vehicle communication into their decision making processes, and (3) a trusted infrastructure will emerge that supplies guidance to vehicles via vehicle-to-infrastructure communication to achieve safe, optimal, and adaptive system-wide traffic flows. Our work examine the vulnerabilities of inter-vehicular and intra-vehicular systems from both communication and controls perspectives, then propose defense mechanisms that are practical and low-overhead, for example, by deriving security and trust from the physical layer.

Unmanned Aircraft Systems (UAS) have received significant attention in the past decade due to their utility in intelligence, reconnaissance, and recreational applications at a fraction of the cost of employing manned aircraft. UAS systems are an advancing technology with tremendous potential, but which also raise serious concerns with regard to safety, security, and privacy. As UASs continue to proliferate, aviation regulatory agencies around the world are facing a challenging dilemma in terms of safely integrating UAS operations into their respective national airspace systems and enforcing their compliance to relevant regulations. The significance of the dilemma is exacerbated by the lack of technical approaches for effectively countering the threats posed by nefarious or unintentionally noncompliant UAS operations and enforcing the relevant regulations to safeguard controlled/restricted airspace. This project aims to address this critical need by developing offensive and defensive measures for detecting and bringing down UASs that violate controlled/restricted airspace in an automated, controlled, and reliable manner. Our project team proposes to develop a set of systematic approaches for countering the threat posed by nefarious or noncompliant UASs. The multi-disciplinary team consists of exertise that include UAS flight control systems, CPS security, wireless communications and networking, and reinforcement learning and intelligent control.

Funding support: National Science Foundation (NSF).
Project Websites: Security in autonomous vehicular transportation
News coverage: The Epoch Times,Driverless transportation, The Atlantic, 163 Tech News (网易科技新闻), 爬车网

Funded Research Projects

• DURIP: A Millimeter-Wave Communication System for Wireless Security and Networking Research and Education, $249,934, Army Research Office, 04/21/2021 - 04/20/2022, PI (Co-PI: Loukas Lazos).
• Undergraduate Research Apprentice Program (URAP)/High School Apprentice Program (HSAP) Supplement, $15,000, Army Research Office, 05/15/2021 - 08/15/2021, PI (Co-PI: Loukas Lazos).
• In-band Wireless Trust Establishment Resistant to Advanced Signal Manipulations, Army Research Office, 01/01/2019 - 12/31/2021, PI (Co-PI: Loukas Lazos).
• SaTC: CORE: Medium: Collaborative: Enforcement of Geofencing Policies for Commercial Unmanned Aircraft Systems, National Science Foundation, 09/01/2018 - 08/31/2021, PI.
• SpecEES: Secure and Fair Spectrum Sharing for Heterogeneous Coexistent Systems, National Science Foundation, 10/1/2017-9/30/2020, Co-PI (with PI Loukas Lazos and Co-PI Marwan Krunz) (Project website)
• Toward High Performance Tactical Multi Hop Wireless Networks via Exploiting Antenna Reconfigurability, Office of Naval Research, 6/1/2016-5/31/2019.
• EARS: Collaborative Research: Crowdsourcing-Based Spectrum Etiquette Enforcement in Dynamic Spectrum Access, National Science Foundation, $360,000, 1/1/2015-12/31/2018, PI (Co-PIs: Ryan Gerdes and Bedri Cetiner). (Project website)
• TWC: Medium: Secure and Resilient Vehicular Platooning, National Science Foundation, 8/1/2014-7/31/2019, $1,229,923, Co-PI (PI: Ryan Gerdes) (Project website)
• CAREER: Toward Cooperative Interference Mitigation for Heterogeneous Multi-hop MIMO Wireless Networks, $489,999, National Science Foundation, 7/1/2014-6/31/2019, PI  (Project website).
• CSR: Small: Collaborative Research: Towards User Privacy in Outsourced Cloud Data Services, $175,000, National Science Foundation, 10/1/2012-9/31/2015, PI.
• Proving the Possession of Multi-Owner Data in the Cloud, $2,500, Amazon AWS Research Grant, 2014-2016

We thank the generous support of: