IMDGuard: Protect Implantable Medical Devices

Qun Li
Recent studies have revealed security vulnerabilities in implantable medical devices (IMDs). Security design for IMDs is challenging due to the requirement that IMDs remain operable in an emergency when appropriate security credentials may be unavailable. We designed and evaluated IMDGuard, a secure scheme for heart-related IMDs to fulfill this requirement. IMDGuard incorporates two novel techniques to provide appropriate protection for IMDs. One is an ECG based secure key establishment without prior shared secrets, and the other is an access control mechanism resilient to adversary spoofing attacks.

Project Homepage

Armstrong: Making Cell Phone More Secure

Qun Li
Smartphones are one of the hottest growth sectors in our economy right now. We rely more and more on phones for almost everything including e-mail, document editing, online banking, gaming, and other numerous applications. While the phones are becoming very powerful, the risk of viruses, malware and identity theft increases greatly. While a lot of work has been done on PC, the investigation on cell phone is in its infancy. In this project, we aim at developing operating system support to make cell phones more secure and efficient.

Project Homepage

EfficientRFID: Efficient RFID protocol Design

Qun Li and Weizhen Mao
Internet of things captures the vision that every object in the world can be tagged and connected through wireless or wired networks. RFID is one of most important enabling technologies in Internet of things. A wide range of problems arise in RFID applications (e.g., inventory control, supply chain, asset tracking, animal tracking, contactless payment). We have accomplished a number of results in RFID tag population estimation, RFID reading performance improvement, and secure RFID query and search protocol. In this project, we aim to further investigate a number of topics including making RFID reading protocol more efficient and preserving privacy in RFID systems.

Project Homepage

SmartAP: Designing a Better AP Association Protocol

Qun Li
In Wireless Local Area Networks (WLANs), the Access Point (AP) selection of a client heavily influences the performance of its own and others. Through theoretical analysis, we revealed that previously proposed association protocols are not effective in maximizing the minimal throughput among all clients. Accordingly, we proposed an online AP association strategy that not only achieves a minimal throughput (among all clients) that is provably close to the optimum, but also works effectively in practice with a reasonable computational overhead. The association protocol applying this strategy was implemented on the commercial hardware and compatible with legacy APs without any modification. we demonstrate its feasibility and performance through both real experiments and intensive simulations.

Project Homepage

AutoECG: ECG Automatic Analysis System

Qun Li
The automatic analysis of ECG signals is very important to diagnose cardiac diseases, especially for individuals with cardiac problems. We are trying to build an automatic ECG analysis system, which includes an ECG sensor, a PDA, a database and an in-home provider. The ECG sensor implements a wavelet-transform based algorithm and detects abnormal signals associated with cardiac diseases. The PDA, which is connected with the sensor, serves a relay station that connects to the database and an in-home provider. The ECG sensor will trigger an alert if it detects abnormal signals, and at the same time the doctor who possesses the in-home provider will be aware of the alert, validate it and provide immediate assist to the patient.

Project Homepage

DeSybil: Defending against Sybil Attacks using Social Networks

Qun Li
Distributed systems are vulnerable to sybil attacks, in which the adversary creates many bogus identities, called sybil identities, and compromises the running of the system or pollutes the system with fake information. The sybil identities can "suppress" the honest identities in a variety of tasks, including online content ranking, DHT routing, file sharing, reputation systems, and Byzantine failure defenses. Sybil attacks can be mitigated by assuming the existence of a trusted central authority. This authority can rate limit the introduction of fake identities by requiring the users to provide some credentials, like social security numbers, or by requiring payment. However, such requirements will prevent the users from accepting these systems in that they impose additional burdens on users. A central authority can also easily be the target of denial-of-service attacks and thus reduce the reliability of the entire system. In this project we are investigating using social networks to mitigate sybil attacks.

Project Homepage

Paxos++: State Machine Replication Protocols in WANs

Qun Li
In distributed systems, state machine replication is the most general approach to provide a highly available service. With this approach, a reliable service is implemented by replicating it on several failure-independent replicas, where replicas consistently change their states by applying deterministic commands from an agreed sequence. A consensus instance is used to decide on each command in the sequence. Chubby, the distributed lock service used by the Google File System, is a typical example of services that use state machine replications. With the rapid development of wide-area services such as web services, a fundamental research question is how to provide efficient general state machine replication in the wide area that only assumes the servers and the clients are spread across a wide-area network. The goal of this project is to design and evaluate state machine replication protocols in WANs.

Project Homepage

CarProof: Secure and Privacy-Preserved Data Collection in ITS Systems

Qun Li
 Intelligent Transportation Systems (ITS) are gaining more and more attentions in the recent decade. A common category of applications in these ITS systems is that data about vehicles, drivers and road conditions are reported from vehicles to the ITS system operators for real time traffic control, roads maintenance and new traffic management strategies development. Meanwhile, privacy concerns from vehicle drives have become a major obstacle that hinders the deployment of such applications. In this project, we study how to provide a secure and privacy-preserved environment for such data collection applications.


Project Homepage

ETCH: Efficient Distributed Spectrum Allocation in DSA Networks

Qun Li
 Dynamic spectrum access (DSA) is a promising technique that solves the spectrum scarcity problem and increases network capacity. In DSA networks, unlicensed users (i.e. secondary users) are granted the right of accessing licensed spectrum while the licensed users (i.e., primary users) are not using them. In other words, DSA opens the door towards much larger spectrums for secondary users, but the secondary users must stop using these spectrums when they sense that the spectrum's primary users appear. In this project, we study how to efficiently allocate radio spectrum between secondary users in a distributed manner so as to reduce communication setup time and increase communication throughput.

Project Homepage

RogueDetector: Client-side Rogue AP Detection

Qun Li
This project aims to prevent attacks from a category of rogue access points (APs) that pretend to be legitimate APs to lure users to connect to them. According to 802.11 standard, when multiple APs exist nearby, a WLAN user will always choose the AP with strongest signal to associate. To attract users, therefore, a rogue AP needs to be close to users so that its signal could be stronger than other legitimate APs. Once an innocent client is connected to a rogue AP, the adversary can manipulate and monitor the incoming and outgoing traffic of the client, and further launch different kinds of attacks. For instance, the adversary can easily launch phishing attacks by redirecting the user’s web page request to a fake one to steal the user’s sensitive information such as bank account and password. We demonstrate a pure user-centric rogue AP detection algorithm that is compatible with the existing network protocols.

Project Homepage

VANET: Vehicular Network Communication Protocol Design

Qun Li
Vehicular networks (VANET) have attracted significant attention in recent years with the vision of vehicular communication being able to provide information regarding traffic (congestion, collision ahead), highway conditions (potholes, cracks on the road, ice on the road, a blind spot ahead), and traveler support (local updated maps, parking areas, gas station locations). There are basically three types of communication in a vehicular network: inter-vehicle communication,  vehicle-to-roadside communication, and hybrid vehicular communication. We have built a testbed for the three types of communications. In this project, our goal is to design secure and efficient communication protocols for this type of networks.

Project Homepage