Songwu Lu - US grants

The researchers envision that within the next few years mobile and wireless access to the Internet will very likely become the norm, rather than the exception as is seen today. This proposal describes the plans to develop and deploy iMASH, a network system that supports anytime, anywhere, on any platform access to the electronic patient records database for healthcare providers. The objective is to provide the capability for real-time, multimedia communication, so that a physician may access, on the move, the patients record and other relevant information as filtered by the physician's user profile, and may migrate ongoing application sessions seamlessly to different platforms that range from a high performance diagnostic workstation in the physician's office to hand held PDAs in the examination room. While the proposed techniques are general and extend to a range of mobile applications, the specific target of this project is healthcare applications. To this end, the researchers will develop a clinical testbed, which will serve as a laboratory for developing, testing, and evaluating advanced information technology in the context of patient care. The testbed will provide the user requirements to drive the iMASH architecture design, and will permit direct, realistic validation of the research results.
The researchers expect to make the following contributions from this research and development effort:
1) Development of a middleware infrastructure that provides support for anytime, anywhere, on any platform access to the Internet
2) A suite of wireless networking protocols and algorithms that provide quality of service support in a mobile, heterogeneous networking environment
3) A deployment of iMASH within the UCLA Medial School and a controlled study to evaluate its effectiveness in reducing healthcare costs and improving physician effectiveness
4) A system emulation capability that can be used to evaluate the performance and scalability of the middleware services and protocols across multiple dimensions including number of users, number of devices, types of applications, and geographical area. The emulator will be used to 'test drive' novel protocols and applications prior to deployment on the physical testbed.
The researchers have assembled a strong research and development team to undertake the iMASH effort. The team possesses the necessary expertise in the related areas of networking (Zhang, Gerla), wireless communications (Gerla, Lu), parallel and distributed systems (Bagrodia, Gerla), performance evaluation (Bagrodia), computerized medicine (Valentino, McCoy), clinical evaluation of technological innovations in improving heath care (Fiske), and campus computing and communication technology (Solomon).
A longer term goal of this effort is to deploy iMASH-like technology widely within the UCLA campus to support ubiquitous multimedia access for students and faculty, and to support wireless distance education. To enable appropriate technology transition, the team also includes two key members from the university administration: the CIO for the medical school (McCoy) and the Associate Vice-chancellor of Administrative Services with line responsibility over campus telecommunications (Solomon). The UCLA Hospital has recently embarked on a historical reconstruction with a $1 billion endowment. An integral part of the reconstruction is availability of complete wireless connectivity within the hospital. The UCLA campus is also engaged in a project to upgrade the network connectivity throughout the campus with the aim of providing a minimum of 10Mbps bandwidth from desktop to desktop within any two locations on campus. Planning is underway to further enhance this capability with wireless connectivity. These two technology initiatives provide a unique opportunity to insert the iMASH technology in widespread use within the UCLA campus, and subsequently to other locations.

Emerging infrastratureless wireless networking technologies such as MANET [1], sensor networks [31],
and bluetooth [2] will seek to support advanced applications such as smart environment, "zero conf"
teleconferencing setups, collaborative learning, wireless access to Web services, and emergency rescure
operations. This class of applications is mission critical, and the network has to address a number of critical
issues in order to cope with the anticipated design requirements of such applications. In an
infrastructureless wireless network, no underlying infrastructure, such as cellular layout and central control units e.g. base stations, is available for networking support. A large number of networking devices are allowed to communicate with one another over the shared wireless medium in an ad hoc manner. Some
unique design challenges posed by such networks include fully distributed and localized design, sustained
quality of service (QoS), efficient network resource utilization, unconstrained scalability and robust system
performance. State-of-the-art solutions are inadequate to address these issues and meet the applications'
requirements. A fundamental problem is that an infrastructureless wireless network is a large-scale
distributed system that may consist of a very large number of wireless networking components (e.g.
thousands, even millions in a sensor network), which have limited power and computing resources and are
prone to channel errors and failures. Therefore, any feasible system solution must be fully distributed and
localized, scalable, and robust. In some sense, the microscopic behavior of each individual node may not be
very critical, but network nodes must collectively achieve the desired global macroscopic property.
In this project, we propose a novel self-organizing protocol and algorithm design approach for such
networks, in order to meet the challenges posed by applications as well as the network itself. In a self-organizing design approach, local decision makers self-organize themselves and coordinate among one
another, in order to collectively achieve the desired global property. We apply our proposed design
methodology in two largely unaddressed problem domains: fair packet scheduling in multihop wireless
networks, and robust report forwarding in sensor networks. Toward this end, we present four self-organizing packet-scheduling algorithms and a novel report forwarding protocol that we have developed
recently [22, 24, 35, 36, 46, 47]. The key innovations of this work are:
A model-referenced self-organizing algorithm and protocol design approach.
A suite of self-organizing packet scheduling algorithms for infrastructureless wireless networks that
provide QoS performance bounds in terms of fairness, throughput and delay, maximize channel spatial
reuse, and arbitrate the conflict between achieving fairness and maximizing channel utilization.
A novel self-organizing data forwarding protocol that allows for unconstrained scalability, supports
robust message delivery along the optimal forwarding band, and ensures efficient power consumption
in the context of sensor networks.
The expected research results from this project include a formal investigation of self-organizing design
approach, and a detailed design, analysis, and evaluation of the self-organizing algorithms and protocols for
packet scheduling and report forwarding. The resulting software will be freely available to the research
community. The education plan in this proposal includes offering a new graduate course, reinventing an
undergraduate networking course, recruiting more students into undergraduate research programs, and
setting up an undergraduate networking laboratory.

The SGER proposal "Explorative Study: Design for Resiliency" describes design and analysis work targeted to the Internet's Domain Name System (DNS). DNS is a core underpinning service and protocol enabling name-to-address mappings for the Internet. Previous work in the community combined with recent measurements and analysis by the author reveal a number of weaknesses in DNS as it is deployed and configured by authoritative zones. These weaknesses stem from both an original design that considered only physical errors in the infrastructure, and a set of inefficiencies and breakage resulting directly from misconfiguration and human error. This study will explore a re-design of DNS based on principles of resiliency in the protocol. The new design will be analyzed comparatively to today's existing system and known vulnerabilities will be applied in the assessment. An amendment to the SGER proposal applies recent DNS measurement and analysis to the addition of several DNS-specific tools that provide automated checking for DNS configuration problems through active measurement, zone file checks and DNS protocol enhancement.

Proposal: 0524854

Title: CT-ISG Collaborative Research: DNS Security Revisited: Enabling Cryptographic Defenses in Large-Scale Distributed Systems

PIs: Lixia Zhang (UCLA), Songwu Lu (UCLA), and Dan Massey (Colorado
State)

The Domain Name System (DNS) is a core Internet protocol and virtually all Internet applications rely on some form of DNS data. This project is identifying and addressing fundamental technical challenges in deploying the DNS Security Extensions (DNSSEC) in the global Internet. DNSSEC aims at enhancing DNS with data origin authentication and data integrity checking by applying well defined cryptographic solutions, however a number of system issues have arisen in the process of moving the cryptographic solution to real deployment. This project is first conducting a systematic assessment of the gap between the DNSSEC specification and the deployment constraints. For each identified technical challenge, the project is proposing, implementing, and evaluating specific solutions and then integrating such solutions into a unified design improvement.

DNSSEC deployment is critical to enhanced security in cyberspace, and this effort will help move it forward by overcoming existing roadblocks, foreseeing new obstacles on the road, and developing enabling techniques to clear these obstacles. The project will also extrapolate a set of lessons and principles on major challenges in deploying cryptographic protection in large scale systems, which will hopefully provide input into other cryptographic deployment effort, such as the global routing system.

Wireless sensor networks with their ability of in situ and dense spatiotemporal sampling of physical phenomena have rapidly emerged as a valuable new class of instrument for the basic sciences. Like any instrument, however, sensor networks suffer from impairments that adversely impact the integrity of the sensed information about the physical phenomena. The causes of reduced integrity in sensor networks are many, and include various internal and external uncertainties in the sensing, processing, and communication elements of the system. Examples include calibration errors, faults, sensing channel degradation and obstructions, bio-fouling etc. This project is comprehensively addressing the integrity problem by studying its causes, understanding fundamental limits, developing algorithms and system support, and validating the approach in real-life. The two key elements of the overall approach are autonomous detection of integrity compromise, and resilient estimation and aggregation. Underlying these two are novel statistical and signal-processing techniques that exploit learned models of the physical phenomenon, the measurement process, and the faults which result in corrupted or missed data. In addition, the project is investigating approaches for guiding remediation of the causes of integrity problems, and for integrity-driven deployment of sensor network to achieve desired resilience. The research would result in a thorough understanding of integrity failure in sensor networks, and result in a toolkit of design tools and run-time software for ensuring high-integrity operation. These would be validated via terrestrial, under-soil, and aquatic ecological observation application, and also disseminated for broader use via the project web site at http://nesl.ee.ucla.edu/projects/integrity.

Data centers have become the main networking infrastructure to
support online services, ranging from end-user applications (e.g.,
Web search and IM) to distributed system operations (e.g., GFS and
MapReduce). In this project, we explore a different design paradigm
to data center networks (DCNs). We take a new server-centric
solution approach, in contrast to the switch-centered paradigm. We
push intelligence into servers, which generally have more open and
standardized hardware architecture and software platforms. Multiple
layers of low-cost, commodity off-the-shelf, mini-switches are used
to connect servers. We leverage the large number of servers in a
data center. Even when each server just adds one more link to the
rest of servers, we obtain many links in the DCN system given the
large server population. These added links, without using high-end
switches but using only mini-switches, provide the foundation for
enhancing scalability, inter-server capacity, and fault tolerance.
Taking the approach, we can design DCNs with high scalability,
enhanced fault-tolerance, and high inter-server capacity, and better
support data center applications that exhibit various traffic
patterns of one-to-one, one-to-several, one-to-all, and all-to-all
communications. Our design also opens more space for stimulating
innovations in the DCN software through the more open programming
platform on servers, while abandoning expensive, proprietary core
switches. The results in scalable and modular data centers and
associated management tools are expected to show that, the added
complexity into servers will incur only minor systems overhead but
produce large performance gains.

The cellular network is the largest wireless infrastructure deployed today. It plays an important role to provide users mobile Internet access and cellular voice service. A key design component of the cellular network is its signaling protocols, which operate on the control plane. Compared with their Internet counterparts, these signaling protocols are more complex to ensure vital control functions, such as mobility support, radio resource control, session management for data and voice, to name a few. Consequently, their proper design and operation are critical to both the cellular operators and the users. The objective of this project is to devise tools and verify the correctness of signaling protocols in current cellular networks by: (i)identifying design loopholes in the protocols defined by the 3GPP standards, as well as operational slips made by operators and vendors, (ii) analyzing their root causes and performance penalties, and (iii) devising techniques that fix such problems. The proposed activities can enhance the reliability of cellular networks in both design and practice. They will help us to not only better understand how to avoid design and implementation mistakes in a cellular system, but also to renovate the current protocol design and even affect the upcoming 5G cellular technology in its standardization. If successful, the results will facilitate the design and practice of a more reliable mobile Internet infrastructure for our society. The project will also recruit and train a new generation of students and engineers, including those from minority groups, who are technically ready for the mobile Internet era. The PIs will interact closely with the related industry for possible technology transfer.

The research in this project has two main thrusts. One is to devise tools and identify design loopholes and operational slips in cellular networks. The project will develop a cellular-specific verifier that adapts generic model-checking techniques with domain-specific cellular knowledge, and uses phone-based empirical validation. The project will apply model checking to identify a superset of potential candidate loopholes, and then validate the real ones through experiments over operational 3G/4G carriers, by focusing on design slips in two categories: (a) protocols interaction with shared certain context (e.g., connection status, commands, IP address, virtual connection), which is popular in cross-layer, cross-domain, and inter-system protocol communications; (b) Out-of-sequenced signaling delivery. When the designated sequence of control messages is disrupted, its cost is way beyond lost or delayed messages. Missequenced signals are reacted based on defined semantics and may trigger wrong protocol operations. This project will also assess the real-world impact of both categories of issues through user studies over operational carriers. The other thrust of this project is to propose fixes to the identified loopholes. The proposed solutions incorporate new heuristics into cellular signaling protocols and call for concerted effort on the mobile device and the network infrastructure.

Wireless cellular networks serve as an essential cyber-infrastructure for mobile users. Unlike the Internet, cellular networks have adopted usage-based charging, rather than the simpler flat-rate charging. Data-plan subscribers have to pay their data bills based on the consumed traffic volume in 3G/4G networks. Although this metered charging system has been operational and generally successful for years, the security study of such a system remains largely unaddressed. The objective of this research is to investigate the insecurity aspects of large-scale cellular network infrastructures, identify their security loopholes, sketch novel attacks that exploit such loopholes, devise defenses that protect from such attacks, and validate the attacks and the defenses via real experiments in operational carriers. The proposed study helps us to better understand how various forms of vulnerabilities exhibit in the cellular system, open new venue for secure system design and operations, and refine the networking design that makes both the infrastructure and the user devices more resilient against malicious threats.

By addressing the key security issues of mobile data charging, the proposed research helps to protect the multi-trillion dollar network operations. It not only secures revenues of global cellular operators, but also protects the monetary rights of billions of mobile users. The proposed solutions will help to renovate the existing network infrastructure, and shape the upcoming 5G cellular technology in its standardization. It will also train a new generation of engineers and students in this field. The PIs will interact closely with industry for possible technology transfer.

Mobility support is deemed a fundamental service for the next-generation Internet. The current cellular network is the only large-scale infrastructure that successfully provides wide-area, ubiquitous mobility support in reality. With the explosive growth of smartphone devices and the surge of mobile data traffic, cellular networks have been evolving into an increasingly heterogeneous networked system. As a result, managing mobility becomes challenging yet rewarding. This project seeks to study the configuration issues on mobility management of 2G/3G/4G networks, in order to ensure desirable mobility support. The research focuses on assessing two structural properties: stability and reachability. Stability implies no persistent oscillation loops during constant network conditions, while reachability denotes no access black hole (e.g., certain cells or even a given mobile technology (e.g., 4G) cannot be reached by the device). The success of the project will not only identify and characterize misconfigurations in today's cellular networks, but also protect multi-trillion dollar investment in the fast expanding mobile information infrastructure. The obtained results may influence the design of upcoming 5G wireless networks.

The proposed research has three key areas of technical contributions. First, it takes a novel approach to configuration study. It models and analyzes problematic cases and comes up with a taxonomy of instability and unreachability for the mobility configuration problems, and derives triggering conditions for each problematic instance. The fundamental problem lies in its distributed, yet not well-coordinated configuration decision-making. Second, the project covers activities from theory to practice. Given the misconfiguration instances discovered in theory, it further empirically assesses them in operational mobile networks. It seeks to measure their likelihood in reality and quantify their negative impacts on both the user device and the network infrastructure. The diversified root causes are to be analyzed, spanning policy conflicts within a single parameter, inconsistency between different types of parameters, and uncoordinated decisions between the device and the network. Last, the research proposes new solutions to configuration management in mobile networks. This research simplifies the current approach, while retaining its full configurability for parameters. To this end, two design guidelines of minimal replication of decision rules and no multi-hop mobility decision are explored in order to ensure both stability and reachability of mobility support.

The cellular network is the largest wireless infrastructure deployed today. It offers users mobile Internet access and carrier-grade voice service. Each such service (e.g., data or voice) typically involves operations on both data and control planes. The former transfers service content to users, whereas the latter performs control functions of service instantiation, maintenance, update, and termination. Securing control and data planes is thus critical to mobile network service. Different from the Internet built upon the single best-effort delivery, the fourth-generation (4G) mobile network supports diversified service models. It not only provides multiple priorities within the network (e.g., voice has higher priority than data), but also carries control and data over different radio channels. Consequently, given a service (e.g., voice, video, or messaging), its control-plane and data-plane operations open new venues for security research. This project aims to study both planes in 4G networks from the security perspective. The success of this research will not only protect the trillion-dollar market of mobile voice for billions of smartphone users, but also safeguard the mobile Internet access from attacks initiated by malicious calls. The proposed activity may influence the upcoming 5G technology standardization and train a new generation of engineers and students.

The proposed research has two main thrusts. One is the insecurity analysis of 4G network services. This project examines the control and data planes and their coordination. It conducts thorough theoretical analysis to uncover all potential vulnerabilities, explores novel attacks, and empirically validates those practical threats. The other is to propose defenses to secure both planes from such threats. The solution calls for concerted efforts between the network and the user, and between hardware and software. This project seeks to make three contributions: (1) Systematic disclosure of insecurity on the control-plane and data-plane operations: Both incur new breaches that current defense measures fail to protect; (2) Identification of diverse root causes: Mobile standards stipulate loose regulations, whereas device software and hardware assume protection from each other. As both planes become more accessible to smartphones, no new protection mechanisms are in place. (3) Solution that secures both control-plane and data-plane operations: It adds protection at both hardware and software at mobile devices, and inside the network infrastructure. It further leverages device capabilities while preserving flexible network services.

Technological advances have moved society into an exciting era of mobile computing. Our daily lives can be further enriched by a new generation of mobile applications, such as augmented reality (AR) which broadens one's real-world perception by harmonizing sound, image, video, and sensors from multiple sources to aid comprehension and navigation. However, today's Internet operates with the address-based TCP/IP protocol architecture developed 40 years ago, which greatly limits the full promises of these new applications. Thus, current AR implementations face challenges in performance, scalability and availability upon disasters. This proposed research project (ICE-AR) aims to develop a new wireless network architecture to address these limitations and provide pervasive support for these emerging applications.

The ICE-AR project team will apply and extend six years of research efforts on Named Data Networking (NDN), a realization of the Information Centric Networking (ICN) vision, to create this new architecture. The design emphasizes application-level data naming, data-centric security and computing, asynchronous publishing and consumption, and efficient use of local and proximate resources. The architecture will unify latest advances in wireless communication with domain-specific computing technologies to accelerate AR at the wireless edge and deliver robust performance, with or without the pre-deployed infrastructure support.

Part I:

The global deployment of the 5G infrastructure is underway. This upcoming technology is envisioned to support billions of mobile users today and trillions of connected things tomorrow. Robotic applications are a new class of emerging applications for 5G, yet posing stringent requirements on low latency, high reliability, and high speed. In this project, we propose to innovate the 5G technology in its software stack (in the form of protocols) from the device side rather than inside the infrastructure. We use showcase robotic applications to drive our design effort. We challenge the conventional wisdom that wireless access is the sole roadblock for low latency and high reliability. Instead, we take the device perspective on 5G software innovation, which poses as an equally critical pathway from our initial results. We seek to achieve three goals. First, we refine the software stack of 5G for low latency within the standards from the device side. Second, we ensure high reliability through device-centric software techniques on the 5G system. Third, we provision 5G devices with new capabilities of both learning and reasoning for both common usage settings and failure-prone scenarios. If successful, it may help to advance robotic applications in our daily life and the society. The proposal further helps to train and prepare the next-generation workforce for 5G technology.

Part II:

The proposed research has three key areas of technical contributions. First, we use the robotic applications to drive our device-centric 5G innovations. It quantifies the requirements on low latency and high reliability, makes a case for software-defined reliability and latency tailored to applications, and offers benchmarks for assessing the design. Second, we take the device-centric approach to high reliability and low latency. Our solution leverages the state replica at the design and optimizes 5G latency on both control and data planes. To improve reliability, we exploit both concurrent network access (via connectivity to two base stations and multiple concurrent wireless channels to each) and detect-and-react for higher reliability. We devise novel proactive failure masking and reactive recovery components, by leveraging existing 5G mechanisms and recent checkpointing schemes. We further adjust various tuning knobs to the application's reliability requirement. Third, we provide new learning and reasoning functions at the device to open up the closed 5G network operations and enable the applications for further adaptations.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

The current 4G/5G cannot ensure satisfactory reliability and performance for many emerging usage scenarios, such as vehicle-to-everything, high-speed rails, low earth orbit satellites, and drones. This project proposes a forward-looking solution suite for beyond-5G extreme mobility. It eliminates the 4G/5G limitations for extreme mobility by enabling predictive wireless design and simplified yet more efficient wide-area mobility support. If successful, this work will significantly advance the state-of-the-art in wireless networks. To maximize the impact, the researchers will collaborate with industry and release software to the public. The research outcome will also be incorporated into the graduate and undergraduate curriculum.

This project proposes a forward-looking, transformative solution suite to beyond-5G extreme mobility. It first unveils 5G's deficiencies in extreme mobility under various scenarios and studies the client and infrastructure's proper roles in supporting them. It then develops novel approaches to accurately predict wireless channel by extracting delay-Doppler of the multipath and exploiting their temporal locality. In this way, it eliminates slow channel feedback in high-speed mobility and adapts to the fast-varying channel in extreme mobility. It further uses the predicted channel to enable predictive rate adaptation, resource allocation, and MIMO optimization under high mobility. Finally, it designs latency-friendly and interpretable distributed machine learning (ML) to help clients analyze the latency bottlenecks, and perform cross-layer latency optimizations. The proposed research will be evaluated using a software-defined radio prototype and large-scale emulation driven by operational 4G/5G traces.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.