Lixia Zhang

Lixia Zhang
University of California, Los Angeles | UCLA · Department of Computer Science

PhD

About

446
Publications
86,984
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
41,668
Citations

Publications

Publications (446)
Preprint
Full-text available
p>Recent years have witnessed the rapid deployment of smart homes; most of them are controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. In this paper, we describe the design of Sovereign, a home IoT system framework that provides end users complete control of their home IoT systems. Sovereign l...
Preprint
p>Recent years have witnessed the rapid deployment of smart homes; most of them are controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. In this paper, we describe the design of Sovereign, a home IoT system framework that provides end users complete control of their home IoT systems. Sovereign l...
Preprint
Modern digitally controlled systems require multiparty authentication and authorization to meet the desired security requirement. This paper describes the design and development of NDN-MPS, an automated solution to support multiparty signature signing and verification for NDN-enabled applications. NDN-MPS suggests several changes and extensions to...
Technical Report
Full-text available
This report provides a brief introduction to State Vector Sync (SVS), a sync protocol for Named Data Networking (NDN). To support distributed applications, sync protocols synchronize the data names of a shared dataset among a group of participants. In this report, we explain how the SVS design is influenced by the lessons that have been cumulated o...
Technical Report
Full-text available
Distributed data set synchronization protocols (sync protocols for brevity) provide an abstraction for connection-agnostic multiparty communication in NDN. A number of sync protocols have been proposed over the years, each featuring different design choices in data naming, dataset state representation, and state propagation mechanisms, which led to...
Article
Full-text available
Anonymous credentials are a solid foundation for privacy-preserving Single Sign-On (SSO). They enable unlinkable authentication across domains and allow users to prove their identity without revealing more than necessary. Unfortunately, anonymous credentials schemes remain difficult to use and complex to deploy. They require installation and use of...
Technical Report
Full-text available
Named Data Networking (NDN) is a new data-centric Inter-net architecture design, and NDN-Lite is an IoT networking framework that aims to enable end user controlled smart homes. This paper presents NDN-Lite Pub/Sub's design and implementation. By using names that carry application semantics to secure data and construct security policies directly, N...
Preprint
Full-text available
Named Data Networking (NDN) secures network communications by requiring all data packets to be signed when produced. This requirement necessitates efficient and usable mechanisms to handle NDN certificate issuance and revocation, making these supporting mechanisms essential for NDN operations. In this paper, we first investigate and clarify core co...
Article
We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake.
Article
The Internet's features and capacity have evolved, but is the nature of its security noticeably better? We examine the fundamental nature of distributed denial-of-service (DDoS) and the state of the union of our defenses in today's DDoS wars.
Preprint
Smart homes made up of Internet of Things (IoT) devices have seen wide deployment in recent years, with most, if not all, of them controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. We believe that the current situation has largely resulted from lacking a systematic home IoT framework to suppor...
Preprint
This paper introduces DAta-centric Peer-to-peer filE Sharing (DAPES), a data sharing protocol for scenarios with intermittent connectivity and user mobility. DAPES provides a set of semantically meaningful hierarchical naming abstractions that facilitate the exchange of file collections via local connectivity. This enables peers to "make the most"...
Preprint
Modern online media, such as Twitter, Instagram, and YouTube, enable anyone to become an information producer and to offer online content for potentially global consumption. By increasing the amount of globally accessible real-time information, today's ubiquitous producers contribute to a world, where an individual consumes vanishingly smaller frac...
Conference Paper
Full-text available
This paper introduces DAta-centric Peer-to-peer filE Sharing (DAPES), a data sharing protocol for scenarios with intermittent connectivity and user mobility. DAPES provides a set of semantically meaningful hierarchical naming abstractions that facilitate the exchange of file collections via local connectivity. This enables peers to "make the most"...
Preprint
We introduce EL PASSO, a privacy-preserving, asynchronous Single Sign-On (SSO) system. It enables personal authentication while protecting users' privacy against both identity providers and relying parties, and allows selective attribute disclosure. EL PASSO is based on anonymous credentials, yet it supports users' accountability. Selected authorit...
Conference Paper
Full-text available
In the current Internet, content delivery, e.g., video-on-demand (VoD), at scale is associated with a large distributed infrastructure which requires considerable investment. Content Providers (CPs) typically resort to third-party Content Distribution Networks (CDNs) or build their own expensive content delivery infrastructure in order to cope with...
Article
As the numbers and capabilities of networked devices continue to grow, they will play an increasingly important role in daily life. Ensuring security and usability will be the first and foremost challenge; Named Data Networking can help address this challenge through localized trust, usable security, and autoconfiguration.
Preprint
Full-text available
Data sharing among multiple parties becomes increasingly common today, so is the potential for data leakage. As required by new data protection regulations and laws, when data leakage occurs, one must be able to reliably identify the leaking party. Existing solutions utilize watermark technology or data object allocation strategy to differentiate t...
Article
Full-text available
This article introduces the design of a secure sign-on protocol, SSP, for smart homes built on named data networking (NDN). Instead of depending on cloud services, NDN supports a new smart home model where each home IoT system is identified by a unique name and has a local trust anchor. To securely sign into such a home, a new device must acquire t...
Preprint
Distributed Denial of Service (DDoS) attacks are now 20 years old; what has changed in that time? Their disruptive presence, their volume, distribution across the globe, and the relative ease of launching them have all been trending in favor of attackers. Our increases in network capacity and our architectural design principles are making our onlin...
Preprint
Full-text available
Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades, but defenses have not fundamentally outpaced attackers. Instead, the size and rate of growth in attacks have actually outpaced carriers' and DDoS mitigation services' growth. In this paper, we comprehensively examine ways in which Named Data Networking (NDN), a prop...
Preprint
Full-text available
With the ever growing Internet of Things (IoT) market, ledger systems are facing new challenges to efficiently store and secure enormous customer records collected by the IoT devices. The authenticity, availability, and integrity of these records are critically important for both business providers and customers. In this paper, we describe DLedger,...
Conference Paper
Full-text available
In this paper we present the design of Name-based Access Control (NAC) scheme, which supports data confidentiality and access control in Named Data Networking (NDN) architecture by encrypting content at the time of production, and by automating the distribution of encryption and decryption keys. NAC achieves the above design goals by leveraging spe...
Conference Paper
Named Data Networking (NDN) proposes a fundamental architectural change to the Internet, moving from point-to-point communication to a data-centric model. NDN-enabled nodes can communicate over any substrate that can deliver datagrams, such as layer-2 links (WiFi, BLE, Ethernet, etc.) and IP/UDP/TCP tunnels over IP connectivity. However in the latt...
Conference Paper
Full-text available
The Named Data Networking (NDN) architecture provides simple solutions to the communication needs of Internet of Things (IoT) in terms of ease-of-use, security, and content delivery. To utilize the desirable properties of NDN architecture in IoT scenarios, we are working to provide an integrated framework, dubbed NDNoT, to support IoT over NDN. NDN...
Article
Full-text available
As a proposed Internet architecture, Named Data Networking (NDN) changes the network communication model from delivering packets to destinations identified by IP addresses to fetching data packets by names. This architectural change leads to changes of host functions and initial configurations. In this paper we present an overview of the basic func...
Poster
Full-text available
Intermittent connectivity and dynamic network topology create unique challenges for distributed applications in Mobile Ad Hoc Networks (MANETs), where individual entities may produce data at any time while moving around continuously. In this poster, we present DDSN, a distributed dataset synchronization protocol in Named Data Networking (NDN) that...
Conference Paper
Full-text available
In Named Data Networking (NDN), mobility of data consumers is natively supported by the stateful forwarding plane. However, additional mechanisms are needed, so that requests for data can be forwarded toward a mobile data producer. In this paper, we present KITE, a trace-based producer mobility support that further exploits the stateful forwarding...
Conference Paper
Recent years have witnessed a surge in augmented reality (AR) applications in various markets and verticals, together with emerging toolkits and platforms to support new developments. However, the vision of a pervasive augmented reality held by many still seems a distance away. Notwithstanding the many ongoing efforts to tackle AR performance chall...
Conference Paper
Full-text available
The Named Data Networking (NDN) architecture names and secures data directly at the network layer, thus enabling in-network data caching, which in turn facilitates large scale data dissemination. Applications fetch the desired data by names, and the data can come from either the original data producers or router caches. This data retrieval design w...
Conference Paper
Full-text available
In a future IoT-dominated environment the majority of data will be produced at the edge, which may be moved to the network core. We argue that this reverses today’s “core-to-edge” data flow to an “edge-to-core” model and puts severe stress on edge access/cellular links. In this paper, we propose a data-centric communication approach which treats st...
Chapter
The global routing system has seen a rapid increase in table size and routing changes in recent years, mostly driven by the growth of edge networks. This growth reflects two major limitations in the current architecture: (a) the conflict between provider-based addressing and edge networks' need for multihoming, and (b) flat routing's inability to p...
Preprint
Full-text available
This technical report presents an overview of the security support in the Named Data Networking (NDN) architecture that has been developed over the recent years. NDN changes the communication model from IP's delivery of packets between hosts identified by IP addresses to the retrieval of named and secured data packets. Consequently NDN fundamentall...
Technical Report
Full-text available
NDN Forwarding Daemon (NFD) is a network forwarder that implements the Named Data Networking (NDN) protocol. NFD is designed with modularity and extensibility in mind to enable easy experiments with new protocol features, algorithms , and applications for NDN. To help developers extend and improve NFD, this document explains NFD's internals includi...
Article
Full-text available
In the current Named Data Networking implementation, forwarding a data request requires finding an exact match between the prefix of the name carried in the request and a forwarding table entry. However, consumers may not always know the exact naming, or an exact prefix, of their desired data. The current approach to this problem-establishing namin...
Article
Full-text available
The Named-data Link State Routing protocol (NLSR) is a protocol for intra-domain routing in Named Data Networking (NDN). It is an application level protocol similar to many IP routing protocols, but NLSR uses NDN’s Interest/Data packets to disseminate routing updates, directly benefiting from NDN’s built-in data authenticity. The NLSR design, which...
Conference Paper
In the current Named Data Networking implementation, forwarding a data request requires finding an exact match between the prefix of the name carried in the request and a forwarding table entry. However, consumers may not always know the exact naming, or an exact prefix, of their desired data. The current approach to this problem---establishing nam...
Conference Paper
When splitting traffic for one destination among multiple paths, the employed paths should be loop-free, lest they waste network resources, and the involved routers should be given a high path choice, that is, a high number of potential nexthops. In IP networks this requires the use of a loop-free routing protocol, which limits the achievable path...
Conference Paper
Named Data Networking (NDN) enables data-centric security in network communication by mandating digital signatures on network-layer data packets. Since the lifetime of some data can extend to many years, they outlive the lifetime of their signatures. This paper introduces NDN DeLorean, an authentication framework to ensure the long-term authenticit...
Conference Paper
As a proposed Internet architecture, Named Data Networking must provide effective security support: data authenticity, confidentiality, and availability. This poster focuses on supporting data confidentiality via encryption. The main challenge is to provide an easy-to-use key management mechanism that ensures only authorized parties are given the a...
Conference Paper
Distributed dataset synchronization (sync for short) provides an important abstraction for multi-party data-centric communication in the Named Data Networking (NDN) architecture. Since the beginning of the NDN project, several sync protocols have been developed, each made its own design choices that cause inefficiency under various conditions. Furt...
Conference Paper
The Named Data Networking (NDN) architecture builds the security primitives into the network layer: all retrieved data packets must be signed to ensure their integrity authenticity and provenance. To ensure that these primitives are used in a meaningful way without imposing undue burdens on NDN users, the management of cryptographic keys and certif...
Conference Paper
Named Data Networking (NDN) architecture uses data-centric communication primitives that naturally support direct device-to-device (D2D) communications. To make NDN-enabled D2D communication a reality, this poster aims at two goals. First, we report our recent progress in enabling NDN connectivity over a number of popular D2D networking technologie...
Article
Full-text available
As a proposed Internet architecture, Named Data Networking (NDN) takes a fundamental departure from today's TCP/IP architecture, thus requiring extensive experimentation and evaluation. To facilitate such experimentation, we have developed ndnSIM, an open-source NDN simulator based on the NS-3 simulation framework. Since its first release in 2012,...