Censorship resistance techniques
Today, the Internet is playing an ever-increasing in social and political movements around the world. Activists use it to coordinate their activities and to inform the general people of important information that is not available via traditional media channels. The free flow of information and exchange of ideas on the Internet has been perceived as a serious threat by repressive regimes. In response, they have imposed strong censorship on the Internet usage of their citizens. While there are many tools that have been developed to help people in censored countries to circumvent censorship, a key challenge in censorship-resistant web browsing is being able to direct legitimate users to redirection proxies while preventing censors, posing as insiders, from discovering their addresses and blocking them. We study how to design circumvention systems that are robust to the insider attack. [CCS12] [NDSS13]
Anonymity systems
Anonymous communication is a technique that hides the identities of communicating partners from third parties (e.g., Internet routers, ISPs, and censors) and hides the user’s identity from the remote party (e.g., a web server). Tor is one of the most popular deployed anonymous communication systems. It now serves about 20,000 users a day, relying on about 2000 Tor servers run by volunteers. A key problem with Tor is that its centralized structure with a limited number of Tor servers is hard to scale to a large number of users. One fundamental way to address the problem is to design anonymity systems based on DHT-like P2P networks. Since each peer in a P2P network has to rely on others to find/communicate with a particular node, how to limit information leak from curious nodes and resist attacks against malicious nodes becomes a big challenge. [CCS10] [ICDCS12]
Machine learning
In the internship project at VeriSign Labs, we designed and implemented an automatic detection system for DDoS attacks using clustering based machine learning techniques. Our design minimizes the need of expertise knowledge and does not require any labelled data; it uses hierarchical clustering and ensembles to achieve high detection accuracy and low false positive rate. In the internship project at NEC Labs America, we designed and implemented a useful tool to automatically find and update network configurations of large-scale enterprise systems during cloud migration. Our approach is based on SVM classification, and achieves high accuracy. [Intern-Verisign][Intern-NEC]
Trustworthy Cyber Infrastructure for the Powergrid (TCIP)
Time-critical multicast authentication. Multicast is an important data transmission mechanism in cyber-physical systems to efficiently propagate messages. Wherein, a critical security task is to enable each receiving node to verify the origin and integrity of received data. Since communications in cyber-physical systems are usually in real-time, time-critical multicast authentication is required to minimize end-to-end processing delay. [INFOCOM09]
Secure network coding. Network coding has the capability of improving throughput and reducing bandwidth consumption in multicast networks, which is beneficial to resource-constrained networks, such as the electric power grid. However, the "combination nature" of network coding makes it easier for adversaries to launch pollution attacks, where a single injected false packet can lead to decoding failure of original packets. We design a self-healing scheme for network-coding-based networks to rapidly identify/isolate malicious nodes. [INFOCOM10]
Key management. Key management is the foundation of many security applications. For example, a shared secret key can be used to provide integrity, confidentiality, and authentication in two-party communications. We propose a hierarchical pairwise key distribution scheme for hierarchical-structured critical-infrastructure networks. In this scheme, each node gets key materials from its parent node in the hierarchy and any two nodes in the hierarchy can directly establish a shared key using each other's IDs. [HIPKEY]
Secure network coding. Network coding has the capability of improving throughput and reducing bandwidth consumption in multicast networks, which is beneficial to resource-constrained networks, such as the electric power grid. However, the "combination nature" of network coding makes it easier for adversaries to launch pollution attacks, where a single injected false packet can lead to decoding failure of original packets. We design a self-healing scheme for network-coding-based networks to rapidly identify/isolate malicious nodes. [INFOCOM10]
Key management. Key management is the foundation of many security applications. For example, a shared secret key can be used to provide integrity, confidentiality, and authentication in two-party communications. We propose a hierarchical pairwise key distribution scheme for hierarchical-structured critical-infrastructure networks. In this scheme, each node gets key materials from its parent node in the hierarchy and any two nodes in the hierarchy can directly establish a shared key using each other's IDs. [HIPKEY]