BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Yih-Chun Hu

Yih-Chun Hu contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Networking and Internet ArchitectureCryptography and SecurityInformation Theorymath.IT

Trust snapshot

Quick read

Trust 15 - UnverifiedVerification L1Unclaimed author
3works
0followers
4topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

3 published item(s)

preprint2022arXiv

Secure and Ultra-Reliable Provenance Recovery in Sparse Networks: Strategies and Performance Bounds

Provenance embedding algorithms are well known for tracking the footprints of information flow in wireless networks. Recently, low-latency provenance embedding algorithms have received traction in vehicular networks owing to strict deadlines on the delivery of packets. While existing low-latency provenance embedding methods focus on reducing the packet delay, they assume a complete graph on the underlying topology due to the mobility of the participating nodes. We identify that the complete graph assumption leads to sub-optimal performance in provenance recovery, especially when the vehicular network is sparse, which is usually observed outside peak-hour traffic conditions. As a result, we propose a two-part approach to design provenance embedding algorithms for sparse vehicular networks. In the first part, we propose secure and practical topology-learning strategies, whereas in the second part, we design provenance embedding algorithms that guarantee ultra-reliability by incorporating the topology knowledge at the destination during the provenance recovery process. Besides the novel idea of using topology knowledge for provenance recovery, a distinguishing feature for achieving ultra-reliability is the use of hash-chains in the packet, which trade communication-overhead of the packet with the complexity-overhead at the destination. We derive tight upper bounds on the performance of our strategies, and show that the derived bounds, when optimized with appropriate constraints, deliver design parameters that outperform existing methods. Finally, we also implement our ideas on OMNeT++ based simulation environment to show that their latency benefits indeed make them suitable for vehicular network applications.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

A System-Theoretic Clean Slate Approach to Provably Secure Ad Hoc Wireless Networking

Traditionally, wireless network protocols have been designed for performance. Subsequently, as attacks have been identified, patches have been developed. This has resulted in an "arms race" development process of discovering vulnerabilities and then patching them. The fundamental difficulty with this approach is that other vulnerabilities may still exist. No provable security or performance guarantees can ever be provided. We develop a system-theoretic approach to security that provides a complete protocol suite with provable guarantees, as well as proof of min-max optimality with respect to any given utility function of source-destination rates. Our approach is based on a model capturing the essential features of an adhoc wireless network that has been infiltrated with hostile nodes. We consider any collection of nodes, some good and some bad, possessing specified capabilities vis-a-vis cryptography, wireless communication and clocks. The good nodes do not know the bad nodes. The bad nodes can collaborate perfectly, and are capable of any disruptive acts ranging from simply jamming to non-cooperation with the protocols in any manner they please. The protocol suite caters to the complete life-cycle, all the way from birth of nodes, through all phases of ad hoc network formation, leading to an optimized network carrying data reliably. It provably achieves the min-max of the utility function, where the max is over all protocol suites published and followed by the good nodes, while the min is over all Byzantine behaviors of the bad nodes. Under the protocol suite, the bad nodes do not benefit from any actions other than jamming or cooperating. This approach supersedes much previous work that deals with several types of attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Mirage: Towards Deployable DDoS Defense for Web Applications

Distributed Denial of Service (DDoS) attacks form a serious threat to the security of Internet services. However, despite over a decade of research, and the existence of several proposals to address this problem, there has been little progress to date on actual adoption. We present Mirage, a protocol that achieves comparable performance to other DDoS mitigation schemes while providing benefits when deployed only in the server's local network and its upstream ISP, where local business objectives may incentivize deployment. Mirage does not require source end hosts to install any software to access Mirage protected websites. Unlike previous proposals, Mirage only requires functionality from routers that is already deployed in today's routers, though this functionality may need to be scaled depending on the point of deployment. Our approach is that end hosts can thwart the attackers by employing the principle of a moving target: end hosts in our architecture periodically change IP addresses to keep the attackers guessing. Knowledge of an active IP address of the destination end host can act as an implicit authorization to send data. We evaluate Mirage using theoretical analysis, simulations and a prototype implementation on PlanetLab. We find that our design provides a first step towards a deployable, yet effective DDoS defense.

0 citations0 reviewsNo code linkedOpen access