Huazhe Wang’s research while affiliated with University of California, Santa Cruz and other places

Radio frequency identification (RFID)-assisted management systems have been widely applied in warehousing, logistics, retailing, etc. In these scenarios, RFID-aided applications, e.g., object tracking and human behavior sensing, rely on a high-efficiency tag reading to realize accurate analyses and timely responses. However, serious tag collisions in those large-scale RFID systems will inevitably lead to significant decreases in the tag reading rates. To meet the strict timeliness requirements of those practical applications, we aim to treat the individual reading rate for each item tag differently and focus more attention on those user-interactive ones. However, due to unpredictable user behaviors, it is impractical to infer the user-interactive tags in advance. In addition, keeping focusing on them for continuous monitoring despite user movements and multipath-prevalent environments is also challenging. To solve these problems, we propose Spotlight, the first concurrent rate-adaptive reading system in passive RFIDs. Spotlight screens the ID-agnostic user-interactive tags by proposing a multichannel feature for narrow-band RFID systems without any hardware or protocol modification and achieves rate-adaptive reading by implementing real-time MU-MIMO beamforming. Substantial experiments with 1000+ COTS RFID tags exhibit that Spotlight outperforms the commercial reader by $2.7\times$ and the SDR-based reader by $6.12\times$ . In addition, Spotlight first proposes the online parallel decoding method to realize concurrency among multiple users, which breaks the commercial protocol’s throughput ceiling (37%) and achieves up to 59% throughputs.

There is an increasing trend that enterprises outsource their middlebox processing to a cloud for lower cost and easier management. However, outsourcing middleboxes brings threats to the enterprise's private information, including the traffic and rules of middleboxes, all of which are visible within the cloud. Existing solutions for secure middlebox outsourcing either incur significant performance overhead or do not support incremental updates. In this article, we present a secure and dynamic middlebox outsourcing framework, SICS, short for Secure In-Cloud Service. SICS encrypts each packet header and uses a label for in-cloud rule matching, which enables the cloud to perform its functionalities correctly with minimum header information leakage. Evaluation results show that SICS achieves higher throughput, faster construction and update speed, and lower resource overhead at the enterprise and in the cloud when compared with existing solutions.

Example method includes: identifying three relationships about a network function in an intent-based stateful network—(1) the network function forwarding a network packet implies that at least one previous network packet was received by the network function in the same direction prior to the network packet is forwarded, (2) an established state in the network function implies that at least one previous network packet was received at the network function, (3) the network function receiving the network packet as a downward network function implies the network packet was previously sent by a second network function acting as an upward network function; encoding the network function using a combination of at least one of the three identified relationships; and verifying a plurality of network intents in the intent-based stateful network based at least in part on the encoding of the network function.

Internet of Things has been widely applied in everyday life, ranging from transportation and healthcare to smart homes. As most IoT devices carry constrained resources and limited storage capacity, sensing data need to be transmitted to and stored at resource-rich platforms, such as a cloud. IoT applications need to retrieve sensing data from the cloud for analysis and decision-making purposes. Ensuring the authenticity and integrity of the sensing data is essential for the correctness and safety of IoT applications. We summarize the new challenges of the IoT data communication with authenticity and integrity and argue that existing solutions cannot be easily adopted to resource-constraint IoT devices. We present two solutions called dynamic tree chaining and geometric star chaining that provide efficient and secure communication for the Internet of Things. Extensive simulations and prototype emulation experiments driven by real IoT data show that the proposed system is more efficient than alternative solutions in terms of time and space.

Identifying the network-wide forwarding behaviors of a packet is essential for many network management applications, including rule verification, policy enforcement, attack detection, traffic engineering, and fault localization. Current tools that can perform packet behavior identification either incur large time and memory costs or do not support real-time updates. In this paper, we present AP Classifier, a control plane tool for packet behavior identification. AP Classifier is developed based on the concept of atomic predicates, which can be used to characterize the forwarding behaviors of packets. Experiments using the data plane network state of two real networks show that the processing speed of AP Classifier is faster than existing tools by at least an order of magnitude. Furthermore, AP Classifier uses very small memory and is able to support real-time updates.

Internet of Things has been widely applied in everyday life, ranging from transportation, healthcare, to smart homes. As most IoT devices carry constrained resources and limited storage capacity, sensing data need to be transmitted to and stored at resource-rich platforms, such as a cloud. IoT applications retrieve sensing data from the cloud for analysis and decision-making purposes. Ensuring the authenticity and integrity of the sensing data is essential for the correctness and safety of IoT applications. We summarize the new challenges of the IoT data communication framework with authenticity and integrity and argue that existing solutions cannot be easily adopted. We present two solutions, called Dynamic Tree Chaining (DTC) and Geometric Star Chaining (GSC) that provide authenticity, integrity, sampling uniformity, system efficiency, and application flexibility to IoT data communication. Extensive simulations and prototype emulation experiments driven by real IoT data show that the proposed system is more efficient than alternative solutions in terms of time and space.

There is an increasing trend that enterprises outsource their network functions to the cloud for lower cost and ease of management. However, network function outsourcing brings threats to the privacy of enterprises since the cloud is able to access the traffic and rules of in-cloud network functions. Current tools for secure network function outsourcing either incur large performance overhead or do not support real-time updates. In this paper, we present SICS, a secure service function chain outsourcing framework. SICS encrypts each packet header and use a label for in-cloud rule matching, which enables the cloud to perform its functionalities correctly with minimum header information leakage. Evaluation results show that SICS achieves higher throughput, faster construction and update speed, and lower resource overhead at both enterprise and cloud sides, compared to existing solutions.