About
489
Publications
117,004
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
45,704
Citations
Introduction
Help the Internet grow.
Publications
Publications (489)
Metaverse applications desire to communicate with semantically identified objects among a diverse set of cyberspace entities, such as cameras for collecting images from, sensors for sensing environment, and users collaborating with each other, all could be nearby or far away, in a timely and secure way. However, supporting the above function faces...
This position paper explores how to support the Web's evolution through an underlying data-centric approach that better matches the data-orientedness of modern and emerging applications. We revisit the original vision of the Web as a hypermedia system that supports document composability and application interoperability via name-based data access....
This work presents the design and implementation of an Open Storage System plugin for XRootD, utilizing Named Data Networking (NDN). This represents a significant step in integrating NDN, a prominent future Internet architecture, with the established data management systems within CMS. We show that this integration enables XRootD to access data in...
Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades. Despite the ever-increasing investments into mitigation solution development, DDoS attacks continue to grow with ever-increasing frequency and magnitude. To identify the root cause of the above-observed trend, in this paper, we conduct a systematic and architectural...
Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades. Despite the ever-increasing investments into mitigation solution development, DDoS attacks continue to grow with ever-increasing frequency and magnitude. To identify the root cause of the above-observed trend, in this paper, we conduct a systematic and architectural...
By requiring all data packets been cryptographically authenticatable, the Named Data Networking (NDN) architecture design provides a basic building block for secured networking. This basic NDN function requires that all entities in an NDN network go through a security bootstrapping process to obtain the initial security credentials. Recent years ha...
The Internet Research Task Force (IRTF) Research Group on Decentralizing the Internet (DINRG) hosted a workshop on Centralization in the Internet on June 3, 2021. The workshop focused on painting a broad-brush landscape of the Internet centralization problem space: its starting point, its driving force, together with an articulation on what can and...
p>Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades. Despite the ever-increasing investments into mitigation solution developments, DDoS attacks are also growing with ever-increasing frequency and magnitude. To identify the root cause of the above-observed trend, in this paper, we perform a systematic analysis of vo...
p>Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades. Despite the ever-increasing investments into mitigation solution developments, DDoS attacks are also growing with ever-increasing frequency and magnitude. To identify the root cause of the above-observed trend, in this paper, we perform a systematic analysis of vo...
Today's big data science communities manage their data publication and replication at the application layer. These communities utilize myriad mechanisms to publish, discover, and retrieve datasets - the result is an ecosystem of either centralized, or otherwise a collection of ad-hoc data repositories. Publishing datasets to centralized repositorie...
Distributed dataset synchronization, or Sync in short, plays the role of a transport service in the Named Data Networking (NDN) architecture. A number of NDN Sync protocols have been developed over the last decade. In this paper, we conduct a systematic examination of NDN Sync protocol designs, identify common design patterns, reveal insights behin...
Recent years have witnessed the rapid deployment of smart homes; most of them are controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. In this article, we describe the design of Sovereign, a home Internet of Things (IoT) system framework that provides end users complete control of their home IoT...
p>Recent years have witnessed the rapid deployment of smart homes; most of them are controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. In this paper, we describe the design of Sovereign, a home IoT system framework that provides end users complete control of their home IoT systems. Sovereign l...
p>Recent years have witnessed the rapid deployment of smart homes; most of them are controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. In this paper, we describe the design of Sovereign, a home IoT system framework that provides end users complete control of their home IoT systems. Sovereign l...
Modern digitally controlled systems require multiparty authentication and authorization to meet the desired security requirement. This paper describes the design and development of NDN-MPS, an automated solution to support multiparty signature signing and verification for NDN-enabled applications. NDN-MPS suggests several changes and extensions to...
This report provides a brief introduction to State Vector Sync (SVS), a sync protocol for Named Data Networking (NDN). To support distributed applications, sync protocols synchronize the data names of a shared dataset among a group of participants. In this report, we explain how the SVS design is influenced by the lessons that have been cumulated o...
Distributed data set synchronization protocols (sync protocols for brevity) provide an abstraction for connection-agnostic multiparty communication in NDN. A number of sync protocols have been proposed over the years, each featuring different design choices in data naming, dataset state representation, and state propagation mechanisms, which led to...
Anonymous credentials are a solid foundation for privacy-preserving Single Sign-On (SSO). They enable unlinkable authentication across domains and allow users to prove their identity without revealing more than necessary. Unfortunately, anonymous credentials schemes remain difficult to use and complex to deploy. They require installation and use of...
Named Data Networking (NDN) is a new data-centric Inter-net architecture design, and NDN-Lite is an IoT networking framework that aims to enable end user controlled smart homes. This paper presents NDN-Lite Pub/Sub's design and implementation. By using names that carry application semantics to secure data and construct security policies directly, N...
Named Data Networking (NDN) secures network communications by requiring all data packets to be signed when produced. This requirement necessitates efficient and usable mechanisms to handle NDN certificate issuance and revocation, making these supporting mechanisms essential for NDN operations. In this paper, we first investigate and clarify core co...
We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake.
The Internet's features and capacity have evolved, but is the nature of its security noticeably better? We examine the fundamental nature of distributed denial-of-service (DDoS) and the state of the union of our defenses in today's DDoS wars.
Smart homes made up of Internet of Things (IoT) devices have seen wide deployment in recent years, with most, if not all, of them controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. We believe that the current situation has largely resulted from lacking a systematic home IoT framework to suppor...
This paper introduces DAta-centric Peer-to-peer filE Sharing (DAPES), a data sharing protocol for scenarios with intermittent connectivity and user mobility. DAPES provides a set of semantically meaningful hierarchical naming abstractions that facilitate the exchange of file collections via local connectivity. This enables peers to "make the most"...
Modern online media, such as Twitter, Instagram, and YouTube, enable anyone to become an information producer and to offer online content for potentially global consumption. By increasing the amount of globally accessible real-time information, today's ubiquitous producers contribute to a world, where an individual consumes vanishingly smaller frac...
This paper introduces DAta-centric Peer-to-peer filE Sharing (DAPES), a data sharing protocol for scenarios with intermittent connectivity and user mobility. DAPES provides a set of semantically meaningful hierarchical naming abstractions that facilitate the exchange of file collections via local connectivity. This enables peers to "make the most"...
We introduce EL PASSO, a privacy-preserving, asynchronous Single Sign-On (SSO) system. It enables personal authentication while protecting users' privacy against both identity providers and relying parties, and allows selective attribute disclosure. EL PASSO is based on anonymous credentials, yet it supports users' accountability. Selected authorit...
In the current Internet, content delivery, e.g., video-on-demand (VoD), at scale is associated with a large distributed infrastructure which requires considerable investment. Content Providers (CPs) typically resort to third-party Content Distribution Networks (CDNs) or build their own expensive content delivery infrastructure in order to cope with...
As the numbers and capabilities of networked devices continue to grow, they will play an increasingly important role in daily life. Ensuring security and usability will be the first and foremost challenge; Named Data Networking can help address this challenge through localized trust, usable security, and autoconfiguration.
Data sharing among multiple parties becomes increasingly common today, so is the potential for data leakage. As required by new data protection regulations and laws, when data leakage occurs, one must be able to reliably identify the leaking party. Existing solutions utilize watermark technology or data object allocation strategy to differentiate t...
This article introduces the design of a secure sign-on protocol, SSP, for smart homes built on named data networking (NDN). Instead of depending on cloud services, NDN supports a new smart home model where each home IoT system is identified by a unique name and has a local trust anchor. To securely sign into such a home, a new device must acquire t...
Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending in favor of attackers. Our increases in network capacity and our architectural design principles are making our onlin...
In this paper we present the design of Name-based Access Control (NAC) scheme, which supports data confidentiality and access control in Named Data Networking (NDN) architecture by encrypting content at the time of production, and by automating the distribution of encryption and decryption keys. NAC achieves the above design goals by leveraging spe...
Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades, but defenses have not fundamentally outpaced attackers. Instead, the size and rate of growth in attacks have actually outpaced carriers' and DDoS mitigation services' growth. In this paper, we comprehensively examine ways in which Named Data Networking (NDN), a prop...
With the ever growing Internet of Things (IoT) market, ledger systems are facing new challenges to efficiently store and secure enormous customer records collected by the IoT devices. The authenticity, availability, and integrity of these records are critically important for both business providers and customers. In this paper, we describe DLedger,...
In this paper we present the design of Name-based Access Control (NAC) scheme, which supports data confidentiality and access control in Named Data Networking (NDN) architecture by encrypting content at the time of production, and by automating the distribution of encryption and decryption keys. NAC achieves the above design goals by leveraging spe...
Named Data Networking (NDN) proposes a fundamental architectural change to the Internet, moving from point-to-point communication to a data-centric model. NDN-enabled nodes can communicate over any substrate that can deliver datagrams, such as layer-2 links (WiFi, BLE, Ethernet, etc.) and IP/UDP/TCP tunnels over IP connectivity. However in the latt...
The Named Data Networking (NDN) architecture provides simple solutions to the communication needs of Internet of Things (IoT) in terms of ease-of-use, security, and content delivery. To utilize the desirable properties of NDN architecture in IoT scenarios, we are working to provide an integrated framework, dubbed NDNoT, to support IoT over NDN. NDN...