Visible to the public Biblio

Filters: Author is Zhang, Lixia  [Clear All Filters]
2022-10-06
Zhang, Zhiyi, Won, Su Yong, Zhang, Lixia.  2021.  Investigating the Design Space for Name Confidentiality in Named Data Networking. MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM). :570–576.
As a fundamental departure from the IP design which encodes source and destination addresses in each packet, Named Data Networking (NDN) directly uses application-defined data names for network layer communications. While bringing important data-centric benefits, the semantic richness of NDN names has also raised confidentiality and privacy concerns. In this paper, we first define the problem of name confidentiality, and then investigate the solution space through a comprehensive examination of all the proposed solutions up to date. Our work shows that the proposed solutions are simply different means to hide the actual data names via a layer of translation; they differ in where and how the translation takes place, which lead to different trade-offs in feasibility, efficiency, security, scalability, and different degrees of adherence to NDN's data-centric communications. Our investigation suggests the feasibility of a systematic design that can enable NDN to provide stronger name confidentiality and user privacy as compared to today's TCP/IP Internet.
2019-08-05
Zhang, Zhiyi, Lu, Edward, Li, Yanbiao, Zhang, Lixia, Yu, Tianyuan, Pesavento, Davide, Shi, Junxiao, Benmohamed, Lotfi.  2018.  NDNoT: A Framework for Named Data Network of Things. Proceedings of the 5th ACM Conference on Information-Centric Networking. :200–201.
The Named Data Networking (NDN) architecture provides simple solutions to the communication needs of Internet of Things (IoT) in terms of ease-of-use, security, and content delivery. To utilize the desirable properties of NDN architecture in IoT scenarios, we are working to provide an integrated framework, dubbed NDNoT, to support IoT over NDN. NDNoT provides solutions to auto configuration, service discovery, data-centric security, content delivery, and other needs of IoT application developers. Utilizing NDN naming conventions, NDNoT aims to create an open environment where IoT applications and different services can easily cooperate and work together. This poster introduces the basic components of our framework and explains how these components function together.
2018-06-11
Zhang, Zhiyi, Yu, Yingdi, Afanasyev, Alexander, Burke, Jeff, Zhang, Lixia.  2017.  NAC: Name-based Access Control in Named Data Networking. Proceedings of the 4th ACM Conference on Information-Centric Networking. :186–187.

As a proposed Internet architecture, Named Data Networking must provide effective security support: data authenticity, confidentiality, and availability. This poster focuses on supporting data confidentiality via encryption. The main challenge is to provide an easy-to-use key management mechanism that ensures only authorized parties are given the access to protected data. We describe the design of name-based access control (NAC) which provides automated key management by developing systematic naming conventions for both data and cryptographic keys. We also discuss an enhanced version of NAC that leverages attribute-based encryption mechanisms (NAC-ABE) to improve the flexibility of data access control and reduce communication, storage, and processing overheads.

2017-09-11
Afanasyev, Alexander, Halderman, J. Alex, Ruoti, Scott, Seamons, Kent, Yu, Yingdi, Zappala, Daniel, Zhang, Lixia.  2016.  Content-based Security for the Web. Proceedings of the 2016 New Security Paradigms Workshop. :49–60.

The World Wide Web has become the most common platform for building applications and delivering content. Yet despite years of research, the web continues to face severe security challenges related to data integrity and confidentiality. Rather than continuing the exploit-and-patch cycle, we propose addressing these challenges at an architectural level, by supplementing the web's existing connection-based and server-based security models with a new approach: content-based security. With this approach, content is directly signed and encrypted at rest, enabling it to be delivered via any path and then validated by the browser. We explore how this new architectural approach can be applied to the web and analyze its security benefits. We then discuss a broad research agenda to realize this vision and the challenges that must be overcome.

2017-08-18
Afanasyev, Alexander, Halderman, J. Alex, Ruoti, Scott, Seamons, Kent, Yu, Yingdi, Zappala, Daniel, Zhang, Lixia.  2016.  Content-based Security for the Web. Proceedings of the 2016 New Security Paradigms Workshop. :49–60.

The World Wide Web has become the most common platform for building applications and delivering content. Yet despite years of research, the web continues to face severe security challenges related to data integrity and confidentiality. Rather than continuing the exploit-and-patch cycle, we propose addressing these challenges at an architectural level, by supplementing the web's existing connection-based and server-based security models with a new approach: content-based security. With this approach, content is directly signed and encrypted at rest, enabling it to be delivered via any path and then validated by the browser. We explore how this new architectural approach can be applied to the web and analyze its security benefits. We then discuss a broad research agenda to realize this vision and the challenges that must be overcome.