@article{gu_li_yu_wang_zhou_liu_xue_2024, title={FENDI: Toward High-Fidelity Entanglement Distribution in the Quantum Internet}, volume={9}, ISSN={["1558-2566"]}, DOI={10.1109/TNET.2024.3450271}, journal={IEEE-ACM TRANSACTIONS ON NETWORKING}, author={Gu, Huayue and Li, Zhouyu and Yu, Ruozhou and Wang, Xiaojian and Zhou, Fangtong and Liu, Jianqing and Xue, Guoliang}, year={2024}, month={Sep} } @article{han_xue_li_xing_yu_wei_xue_2024, title={FMPTCP: Achieving High Bandwidth Utilization and Low Latency in Data Center Networks}, volume={72}, ISSN={["1558-0857"]}, DOI={10.1109/TCOMM.2023.3323670}, abstractNote={The utilization of Multi-path TCP (MPTCP) has been demonstrated to provide superior transport-layer support for data center networks (DCNs) due to its exceptional resource utilization and load-balancing capabilities. However, the substantial path diversity can make it challenging to utilize network resources to their full potential in DCNs. This paper focuses on studying the resource allocation issue of MPTCP from a resource optimization perspective. Based on theoretical analysis, we propose FMPTCP, which uses a feedback-based congestion control algorithm (FCC) and a feedback-based multi-path routing algorithm (FMP) to jointly achieve high bandwidth utilization and low round-trip time (RTT) in DCNs. The FCC algorithm utilizes probabilistic explicit congestion notification (ECN) to provide feedback on path congestion degree, and uses a gradient descent method to adjust the congestion window for optimal resource utilization and load balancing under a fixed routing topology. On the other hand, the FMP algorithm employs a hop-by-hop feedback mechanism to notify in-network congestion and path delay information, allowing for transparent multi-path routing for MPTCP flows. Our extensive simulations demonstrate that FMPTCP enables effective network resource utilization, which not only enhances overall throughput but also reduces transmission latency for DCNs.}, number={1}, journal={IEEE TRANSACTIONS ON COMMUNICATIONS}, author={Han, Jiangping and Xue, Kaiping and Li, Jian and Xing, Yitao and Yu, Ruozhou and Wei, David S. L. and Xue, Guoliang}, year={2024}, month={Jan}, pages={317–333} } @article{wang_yu_yang_xue_gu_li_zhou_2023, title={Fence: Fee-Based Online Balance-Aware Routing in Payment Channel Networks}, volume={10}, ISSN={["1558-2566"]}, DOI={10.1109/TNET.2023.3324136}, abstractNote={Scalability is a critical challenge for blockchain-based cryptocurrencies. Payment channel networks (PCNs) have emerged as a promising solution for this challenge. However, channel balance depletion can significantly limit the capacity and usability of a PCN. Specifically, frequent transactions that result in unbalanced payment flows from two ends of a channel can quickly deplete the balance on one end, thus blocking future payments from that direction. In this paper, we propose Fence, an online balance-aware fee setting algorithm to prevent channel depletion and improve PCN sustainability and long-term throughput. In our algorithm, PCN routers set transaction fees based on the current balance and level of congestion on each channel, in order to incentivize payment senders to utilize paths with more balance and less congestion. Our algorithm is guided by online competitive algorithm design, and achieves an asymptotically tight competitive ratio with constant violation in a unidirectional PCN. We further prove that no online algorithm can achieve a finite competitive ratio in a general PCN. Extensive simulations under a real-world PCN topology show that Fence achieves high throughput and keeps network channels balanced, compared to state-of-the-art PCN routing algorithms.}, journal={IEEE-ACM TRANSACTIONS ON NETWORKING}, author={Wang, Xiaojian and Yu, Ruozhou and Yang, Dejun and Xue, Guoliang and Gu, Huayue and Li, Zhouyu and Zhou, Fangtong}, year={2023}, month={Oct} } @article{wang_chen_he_yu_du_qian_2023, title={UFinAKA: Fingerprint-Based Authentication and Key Agreement With Updatable Blind Credentials}, volume={9}, ISSN={["1558-2566"]}, url={http://dx.doi.org/10.1109/tnet.2023.3311130}, DOI={10.1109/TNET.2023.3311130}, abstractNote={Authentication and key agreement are two basic functionalities to guarantee secure network communications, which are naturally integrated as an Authentication and Key Agreement (AKA) protocol. AKAs usually either need a dedicated device to store a cryptographic key or require the user to remember a password. In recent years, AKAs built on biometrics, e.g., human fingerprints, have gained research attention since they avoid these issues. Unlike keys or passwords that can be updated, biometrics are at greater risk that cannot be reused once disclosed. However, existing mechanisms either explicitly expose the biometrics to the server or consume a massive amount of resources. This paper proposes UFinAKA, a privacy-preserving fingerprint-based authentication and key agreement system with updatable blind credentials. UFinAKA explores a fingerprint-based blind credential authentication scheme as a building block such that the server has no access to the fingerprint data hidden within the credential. Furthermore, UFinAKA provides an updatable fingerprint-based credentials AKA protocol, which allows the server to update the blind credentials and guarantees anonymous fingerprint authentication to mitigate further leakage when the server is corrupted. We perform security analysis and experimental evaluation on UFinAKA. The evaluation results show that UFinAKA requires only linear computation overhead for the client, a single round of interaction, and roughly linear computation and storage cost for the server. The running time of UFinAKA is at least 4 times faster than the state-of-the-art solutions, and the storage cost of these solutions is at least 100 times more than UFinAKA.}, journal={IEEE-ACM TRANSACTIONS ON NETWORKING}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Wang, Mei and Chen, Jing and He, Kun and Yu, Ruozhou and Du, Ruiying and Qian, Zhihao}, year={2023}, month={Sep} } @inproceedings{wang_yu_yang_gu_li_2024, title={VeriEdge: Verifying and Enforcing Service Level Agreements for Pervasive Edge Computing}, booktitle={IEEE INFOCOM}, author={Wang, Xiaojian and Yu, Ruozhou and Yang, Dejun and Gu, Huayue and Li, Zhouyu}, year={2024}, pages={1–10} } @article{chen_xue_yu_wu_wang_2024, title={A Vehicular Trust Blockchain Framework With Scalable Byzantine Consensus}, volume={23}, ISSN={["1558-0660"]}, url={http://dx.doi.org/10.1109/tmc.2023.3294968}, DOI={10.1109/TMC.2023.3294968}, abstractNote={The maturing blockchain technology has gradually promoted decentralized data storage from cryptocurrencies to other applications, such as trust management, resulting in new challenges based on specific scenarios. Taking the mobile trust blockchain within a vehicular network as an example, many users require the system to process massive traffic information for accurate trust assessment, preserve data reliably, and respond quickly. While existing vehicular blockchain systems ensure immutability, transparency, and traceability, they are limited in terms of scalability, performance, and security. To address these issues, this paper proposes a novel decentralized vehicle trust management solution and a well-matched blockchain framework that provides both security and performance. The paper primarily addresses two issues: i) To provide accurate trust evaluation, the trust model adopts a decentralized and peer-review-based trust computation method secured by trusted execution environments (TEEs). ii) To ensure reliable trust management, a multi-shard blockchain framework is developed with a novel hierarchical Byzantine consensus protocol, improving efficiency and security while providing high scalability and performance. The proposed scheme combines the decentralized trust model with a multi-shard blockchain, preserving trust information through a hierarchical consensus protocol. Finally, real-world experiments are conducted by developing a testbed deployed on both local and cloud servers for performance measurements.}, number={5}, journal={IEEE TRANSACTIONS ON MOBILE COMPUTING}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Chen, Xiao and Xue, Guoliang and Yu, Ruozhou and Wu, Haiqin and Wang, Dawei}, year={2024}, month={May}, pages={4440–4452} } @inproceedings{li_gu_wang_yu_2023, title={Dynamic Queuing Analysis and Buffer Management for Entanglement Swapping Buffers with Noise}, url={http://dx.doi.org/10.1145/3610251.3610551}, DOI={10.1145/3610251.3610551}, abstractNote={Entanglement swapping is a core operation in a quantum network. It consumes a pair of entanglements to build a remote entanglement between two parties without direct interaction. In a buffered quantum network, unpaired entanglements can be stored in a quantum buffer for future uses. However, suffering from noises in the quantum buffer, fidelities of buffered entanglements degrade exponentially over time. Entanglements with low fidelity are no longer suitable for certain quantum applications and ought to be discarded. This paper analyzes the dynamic queuing process for a pair of link-level quantum buffers in entanglement swapping. By modeling the quantum buffer pair as a double-sided queue, we derive a closed-form buffering time distribution for every incoming entanglement with respect to the real-time buffer backlog. The distribution reveals the probability that entanglement will be discarded due to low fidelity and helps us design an active buffer management policy that controls the buffer backlog with negligible impact on the entanglement swapping throughput. A discrete-time simulator is developed to demonstrate the correctness of our analysis result and validate the effectiveness of our proposed policy.}, booktitle={Proceedings of the 1st Workshop on Quantum Networks and Distributed Quantum Computing}, publisher={ACM}, author={Li, Zhouyu and Gu, Huayue and Wang, Xiaojian and Yu, Ruozhou}, year={2023}, month={Sep} } @inproceedings{yu_gu_wang_zhou_xue_yang_2023, title={EA-Market: Empowering Real-Time Big Data Applications with Short-Term Edge SLA Leases}, url={http://dx.doi.org/10.1109/icccn58024.2023.10230160}, DOI={10.1109/icccn58024.2023.10230160}, abstractNote={Edge computing promises to bring low-latency and high-throughput computing, but the limited edge resources may cause frequent congestion and lead to unstable and unpredictable performance. To ensure performance guarantee, application owners can establish Service-Level Agreements (SLAs) with the edge provider for resource reservation or priority usage. But it is cost-inefficient for application owners to lease long-term SLAs based on peak demands, as demands can fluctuate, and the leased resources may be idle or underutilized at most times. This paper studies market mechanism design for short-term edge SLA leases, focusing on real-time big data applications with throughput and latency goals. Applications submit short-term SLA requests to serve users with guaranteed performance during peak hours. As SLA requests arrive over time, the edge provider dynamically provisions edge resources to fulfill the requests, while charging application owners based on the current demands. We design EA-Market, an online combinatorial auction mechanism that achieves a competitive social welfare, while guaranteeing truthfulness, budget balance, individual rationality, and computational efficiency. Notably, our mechanism enables each application owner to bid without knowledge of the edge infrastructure, and gives edge provider full control over resource provisioning to fulfill the requests. We perform theoretical analysis and simulations to evaluate the efficacy of our mechanism.}, booktitle={2023 32nd International Conference on Computer Communications and Networks (ICCCN)}, publisher={IEEE}, author={Yu, Ruozhou and Gu, Huayue and Wang, Xiaojian and Zhou, Fangtong and Xue, Guoliang and Yang, Dejun}, year={2023}, month={Jul} } @inproceedings{gu_yu_li_wang_zhou_2023, title={ESDI: Entanglement Scheduling and Distribution in the Quantum Internet}, url={http://dx.doi.org/10.1109/icccn58024.2023.10230193}, DOI={10.1109/icccn58024.2023.10230193}, abstractNote={Quantum entanglement distribution between remote nodes is key to many promising quantum applications. Existing mechanisms have mainly focused on improving throughput and fidelity via entanglement routing or single-node scheduling. This paper considers entanglement scheduling and distribution among many source-destination pairs with different requests over an entire quantum network topology. Two practical scenarios are considered. When requests do not have deadlines, we seek to minimize the average completion time of the communication requests. If deadlines are specified, we seek to maximize the number of requests whose deadlines are met. Inspired by optimal scheduling disciplines in conventional single-queue scenarios, we design a general optimization framework for entanglement scheduling and distribution called ESDI, and develop a probabilistic protocol to implement the optimized solutions in a general buffered quantum network. We develop a discrete-time quantum network simulator for evaluation. Results show the superior performance of ESDI compared to existing solutions.}, booktitle={2023 32nd International Conference on Computer Communications and Networks (ICCCN)}, publisher={IEEE}, author={Gu, Huayue and Yu, Ruozhou and Li, Zhouyu and Wang, Xiaojian and Zhou, Fangtong}, year={2023}, month={Jul} } @article{han_xue_li_zhuang_li_yu_xue_sun_2023, title={EdAR: An Experience-Driven Multipath Scheduler for Seamless Handoff in Mobile Networks}, volume={22}, ISSN={["1558-2248"]}, url={http://dx.doi.org/10.1109/twc.2023.3246082}, DOI={10.1109/twc.2023.3246082}, abstractNote={Multipath TCP (MPTCP) improves the bandwidth utilization in wireless network scenarios, since it can simultaneously utilize multiple interfaces for data transmission. However, with the fast growth of mobile devices and applications, link interruptions caused by handoffs still lead to drastic performance degradation in such scenarios. Typically, a series of packet losses on part of the links will block the transmission of the entire connection when handoff occurs. This paper proposes an Experience-driven Adaptive Redundant packet scheduler (EdAR) for MPTCP, aiming at achieving seamless handoffs in mobile networks. EdAR enables flexibly scheduling redundant packets with an experience-driven learning-based approach in the face of drastic network environment changes for multipath performance enhancement. To enable accurate learning and prediction, both the network environment and the best course of actions are jointly learned via a Deep Reinforcement Learning (DRL) agent, which we design with a hybrid structure to deal with the complexity of system states. Furthermore, both offline and online learning are utilized to allow the agent to adapt to different and changing network environments. Evaluation results show that EdAR outperforms the state-of-the-art MPTCP schedulers in most network scenarios. Specifically in mobile networks with frequent handoffs, EdAR brings $2\times $ improvement in terms of the overall goodput.}, number={10}, journal={IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Han, Jiangping and Xue, Kaiping and Li, Jian and Zhuang, Rui and Li, Ruidong and Yu, Ruozhou and Xue, Guoliang and Sun, Qibin}, year={2023}, month={Oct}, pages={6839–6852} } @article{gu_li_yu_wang_zhou_liu_xue_2023, title={FENDI: Toward High-Fidelity Entanglement Distribution in the Quantum Internet}, volume={1}, url={http://arxiv.org/abs/2301.08269}, author={Gu, Huayue and Li, Zhouyu and Yu, Ruozhou and Wang, Xiaojian and Zhou, Fangtong and Liu, Jianqing and Xue, Guoliang}, year={2023}, month={Jan}, pages={1–13} } @inproceedings{li_yu_das_zhang_gu_wang_zhou_sabir_ahmed_zafar_2023, title={INSPIRE: Instance-Level Privacy-Preserving Transformation for Vehicular Camera Videos}, url={http://dx.doi.org/10.1109/icccn58024.2023.10230162}, DOI={10.1109/icccn58024.2023.10230162}, abstractNote={The wide spread of vehicular cameras has raised broad privacy concerns. Ubiquitous vehicular cameras capture bystanders like people or cars nearby without their awareness. To address privacy concerns, most existing works either blur out direct identifiers such as vehicle license plates and human faces, or obfuscate whole video frames. However, the former solution is vulnerable to re-identification attacks based on general features, and the latter severely impacts utility of the transformed videos. In this paper, we propose an INStance-level PrIvacy-pREserving (INSPIRE) video transformation framework for vehicular camera videos. INSPIRE leverages deep neural network models to detect and replace sensitive object instances in vehicular videos with their non-existent counterparts. We design INSPIRE as a modular framework to enable flexible customization of protected instance categories and their protection modules. An implementation of INSPIRE focused on protecting people and cars is described, which we tested on six re-identification datasets and three real-world vehicular video datasets to evaluate its privacy protection and utility preservation capability. Results show that INSPIRE can thwart 97% of re-identification attacks for people and cars while maintaining a 0.75 object detection mean average precision on transformed instances. We also demonstrate experimentally that INSPIRE is robust against model inversion attacks. Compared to solutions that provide comparable privacy protection, INSPIRE achieves relatively 1.76 times higher counting accuracy and 31.61% higher object detection mean average precision.}, booktitle={2023 32nd International Conference on Computer Communications and Networks (ICCCN)}, publisher={IEEE}, author={Li, Zhouyu and Yu, Ruozhou and Das, Anupam and Zhang, Shaohu and Gu, Huayue and Wang, Xiaojian and Zhou, Fangtong and Sabir, Aafaq and Ahmed, Dilawer and Zafar, Ahsan}, year={2023}, month={Jul} } @inproceedings{pelletier_yu_rouskas_liu_2023, title={Qubit Recycling in Entanglement Distillation}, url={https://arxiv.org/abs/2307.05702}, booktitle={IEEE International Conference on Quantum Computing and Engineering (QCE)}, publisher={IEEE}, author={Pelletier, Stuart and Yu, Ruozhou and Rouskas, George and Liu, Jianqing}, year={2023}, month={Sep} } @article{zhou_yu_li_gu_wang_2022, title={FedAegis: Edge-Based Byzantine-Robust Federated Learning for Heterogeneous Data}, ISSN={["2576-6813"]}, DOI={10.1109/GLOBECOM48099.2022.10000981}, abstractNote={This paper studies how an edge-based federated learning algorithm called FedAegis can be designed to be ro-bust under both heterogeneous data distributions and Byzantine adversaries. The divergence of local data distributions leads to suboptimal results for the training process of federated learning, and the Byzantine adversaries aim to prevent the training process from converging in a distributed learning system. In this paper, we show that an edge-based hierarchical federated learning architecture can help tackle this dilemma by utilizing edge nodes geographically close to clusters of local devices. By combining a distributionally robust global loss function with a local Byzantine-robust aggregation rule, FedAegis can defend against remote Byzantine adversaries who cannot manipulate local devices' connections to edge nodes, meanwhile accounting for global data heterogeneity across benign local devices. Experiments with the MNIST, FMNIST and CIFAR-IO datasets show that our proposed algorithm can achieve convergence and high accuracy under heterogeneous data and various attack scenarios, while state-of-the-art defenses and robustness mechanisms are non-converging or have reduced average and/or worst-case accuracy.}, journal={2022 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM 2022)}, author={Zhou, Fangtong and Yu, Ruozhou and Li, Zhouyu and Gu, Huayue and Wang, Xiaojian}, year={2022}, pages={3005–3010} } @article{yu_dutta_liu_2022, title={On Topology Design for the Quantum Internet}, volume={36}, ISSN={["1558-156X"]}, DOI={10.1109/MNET.001.2200170}, abstractNote={Imagine a Quantum Internet where people can freely establish physically secure communication channels or migrate quantum programs between anywhere in the world. What would it look like? Despite the very exciting recent advances around building prototypes of quantum networks, little is known about how lab-scale prototypes can be expanded into a global infrastructure that is as capacitated, robust, and cost-efficient as the digital Internet right now. Part of the difficulty lies in our lack of understanding of how the structure of a quantum network affects its capacity and performance when serving multi-commodity quantum communication demands. This article studies the problem of designing high-performance network topologies for the quantum Internet. Utilizing abstract models of the basic quantum network operations and an optimal entanglement distribution protocol, we characterize the capacity and performance of various candidate topologies for the quantum Internet, in terms of the rate of entanglement distribution between source-destination pairs and the fidelity of entangled pairs, respectively. We discuss the implications of our preliminary results, and propose directions for further investigation. As the feasibility of largescale quantum network deployment continues to increase, we hope this article can draw attention to these macroscopic design problems, such as topology design, which potentially have a profound influence on how the entire technology evolves, just as we have observed with the digital Internet in the past decades.}, number={5}, journal={IEEE NETWORK}, author={Yu, Ruozhou and Dutta, Rudra and Liu, Jianqing}, year={2022}, pages={64–70} } @article{yu_xue_2023, title={Principles and Practices for Application-Network Co-Design in Edge Computing}, volume={37}, ISSN={["1558-156X"]}, url={http://dx.doi.org/10.1109/mnet.128.2200430}, DOI={10.1109/MNET.128.2200430}, abstractNote={Edge computing promises low-latency and high-throughput real-time processing to enable critical and life-changing future applications such as fully autonomous driving and metaverse, and is receiving wide interest from application designers, service providers and academic researchers. As for now, however, the full power of edge computing has yet been unleashed, as stakeholders face difficulty in realizing the promised services and hence investment and efforts waver. This article describes a new conceptual framework, called the application-network co-design approach, to align and direct efforts across application, computing and networking domains towards fully fledged edge computing. At a high level, we introduce current practices and efforts in edge computing, identify limitations of existing efforts, present the overarching goal and principles of the co-design approach, and discuss existing and future prerequisite technologies for implementing the approach. We illustrate the principles and process of the co-design approach with two compelling edge applications: autonomous driving and virtual/augmented reality for metaverse.}, number={5}, journal={IEEE NETWORK}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Yu, Ruozhou and Xue, Guoliang}, year={2023}, month={Sep}, pages={137–144} } @article{sun_xue_yu_2023, title={TAFS: A Truthful Auction for IoT Application Offloading in Fog Computing Networks}, volume={10}, ISSN={["2327-4662"]}, url={http://dx.doi.org/10.1109/jiot.2022.3143101}, DOI={10.1109/JIOT.2022.3143101}, abstractNote={Emerging as an alternative to cloud computing, fog computing is expected to provide low-latency, high-throughput, reliable services for ever-growing Internet of Things (IoT) applications, especially real-time applications with strict responsiveness requirements. By offloading time-critical and computation-intensive applications to proximal fog nodes (FNs), both application response time and network congestion can be markedly reduced. However, the FNs commonly suffer from limited resources compared to cloud computing nodes and, hence, may not serve all application users with guaranteed performance. The dynamic and heterogeneous nature of FNs also brings difficulty and overhead to fog computing resource management. These issues are addressed in the present study with the design of a double auction mechanism, namely, truthful auction for the fog system (TAFS), which provides incentives for FNs to satisfy as many application demands as possible with guaranteed performance. TAFS takes into account the latency tolerance of application users during the FN assignment and resource allocation to satisfy real-time requirements. We theoretically prove that TAFS satisfies several desired economic properties, including truthfulness, individual rationality, and budget balance. The performance of TAFS is evaluated through simulation experiments.}, number={4}, journal={IEEE INTERNET OF THINGS JOURNAL}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Sun, Lijun and Xue, Guoliang and Yu, Ruozhou}, year={2023}, month={Feb}, pages={3252–3263} } @article{wang_gu_li_zhou_yu_yang_2022, title={Why Riding the Lightning? Equilibrium Analysis for Payment Hub Pricing}, ISSN={["1550-3607"]}, DOI={10.1109/ICC45855.2022.9839171}, abstractNote={Payment Channel Network (PCN) is an auspicious solution to the scalability issue of the blockchain, improving transaction throughput without relying on on-chain transactions. In a PCN, nodes can set prices for forwarding payments on behalf of other nodes, which motivates participation and improves network stability. Analyzing the price setting behaviors of PCN nodes plays a key role in understanding the economic properties of PCNs, but has been under-studied in the literature. In this paper, we apply equilibrium analysis to the price-setting game between two payment hubs in the PCN with limited channel capacities and partial overlap demand. We analyze existence of pure Nash Equilibriums (NEs) and bounds on the equilibrium revenue under various cases, and propose an algorithm to find all pure NEs. Using real data, we show bounds on the price of anarchy/stability and average transaction fee under realistic network conditions, and draw conclusions on the economic advantage of the PCN for making payment transfers by cryptocurrency users.}, journal={IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC 2022)}, author={Wang, Xiaojian and Gu, Huayue and Li, Zhouyu and Zhou, Fangtong and Yu, Ruozhou and Yang, Dejun}, year={2022}, pages={5409–5414} } @article{zhang_yang_xue_yu_2021, title={Counter-Collusion Smart Contracts for Watchtowers in Payment Channel Networks}, ISSN={["0743-166X"]}, DOI={10.1109/INFOCOM42981.2021.9488831}, abstractNote={Payment channel networks (PCNs) are proposed to improve the cryptocurrency scalability by settling off-chain transactions. However, PCN introduces an undesirable assumption that a channel participant must stay online and be synchronized with the blockchain to defend against frauds. To alleviate this issue, watchtowers have been introduced, such that a hiring party can employ a watchtower to monitor the channel for fraud. However, a watchtower might profit from colluding with a cheating counterparty and fail to perform this job. Existing solutions either focus on heavy cryptographic techniques or require a large collateral. In this work, we leverage smart contracts through economic approaches to counter collusions for watchtowers in PCNs. This brings distrust between the watchtower and the counterparty, so that rational parties do not collude or cheat. We provide detailed analyses on the contracts and rigorously prove that the contracts are effective to counter collusions with minimal on-chain operations. In particular, a watchtower only needs to lock a small collateral, which incentivizes participation of watchtowers and users. We also provide an implementation of the contracts in Solidity and execute them on Ethereum to demonstrate the scalability and efficiency of the contracts.}, journal={IEEE CONFERENCE ON COMPUTER COMMUNICATIONS (IEEE INFOCOM 2021)}, author={Zhang, Yuhui and Yang, Dejun and Xue, Guoliang and Yu, Ruozhou}, year={2021} } @article{yu_lo_zhou_xue_2021, title={Data-Driven Edge Resource Provisioning for Inter-Dependent Microservices with Dynamic Load}, ISSN={["2576-6813"]}, DOI={10.1109/GLOBECOM46510.2021.9685155}, abstractNote={This paper studies how to provision edge computing and network resources for complex microservice-based applications (MSAs) in face of uncertain and dynamic geo-distributed demands. The complex inter-dependencies between distributed microservice components make load balancing for MSAs extremely challenging, and the dynamic geo-distributed demands exacerbate load imbalance and consequently congestion and performance loss. In this paper, we develop an edge resource provisioning model that accurately captures the inter-dependencies between microservices and their impact on load balancing across both computation and communication resources. We also propose a robust formulation that employs explicit risk estimation and optimization to hedge against potential worst-case load fluctuations, with controlled robustness-resource trade-off. Utilizing a data-driven approach, we provide a solution that provides risk estimation with measurement data of past load geo-distributions. Simulations with real-world datasets have validated that our solution provides the important robustness crucially needed in MSAs, and performs superiorly compared to baselines that neglect either network or inter-dependency constraints.}, journal={2021 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)}, author={Yu, Ruozhou and Lo, Szu-Yu and Zhou, Fangtong and Xue, Guoliang}, year={2021} } @article{yu_yang_zhang_2021, title={Edge-Assisted Collaborative Perception in Autonomous Driving: A Reflection on Communication Design}, DOI={10.1145/3453142.3491413}, abstractNote={Collaborative perception enables autonomous driving vehicles to share sensing or perception data via broadcast-based vehicle-to-everything (V2X) communication technologies such as Cellular-V2X (C-V2X), hoping to enable accurate perception in face of inaccurate perception results by each individual vehicle. Nevertheless, the V2X communication channel remains a significant bottleneck to the performance and usefulness of collaborative perception due to limited bandwidth and ad hoc communication scheduling. In this paper, we explore challenges and design choices for V2X-based collaborative perception, and propose an architecture that lever-ages the power of edge computing such as road-side units for central communication scheduling. Using NS-3 simulations, we show the performance gap between distributed and centralized C-V2X scheduling in terms of achievable throughput and communication efficiency, and explore scenarios where edge assistance is beneficial or even necessary for collaborative perception.}, journal={2021 ACM/IEEE 6TH SYMPOSIUM ON EDGE COMPUTING (SEC 2021)}, author={Yu, Ruozhou and Yang, Dejun and Zhang, Hao}, year={2021}, pages={371–375} } @article{wang_chen_wu_yu_zhao_2020, title={A Blockchain-based Vehicle-trust Management Framework Under a Crowdsourcing Environment}, ISSN={["2324-898X"]}, DOI={10.1109/TrustCom50675.2020.00266}, abstractNote={Vehicular crowdsourcing networks (VCNs) enable vehicles to provide or obtain traffic-related services in a costefficient and flexible manner. Therefore, it is crucial to provide trusted management in VCNs for high reliability towards both service producers and consumers. However, most recent VCN platforms rely on a third party to manage crowdsourcing services which might be not fully trusted by users. For the issue, this paper proposes a blockchain-based trust management scheme for VCNs to provide a decentralized and trusted service management. A comprehensive trust evaluation model (TEM) is designed to quantify the trust degree of each vehicular node, and a vehicle-trust blockchain framework called VTchain is proposed to preserve the trust values of nodes while guaranteeing transparency and trustworthiness. Particularly, we leverage a trusted execution environment (TEE) to provide secure trust evaluation to tackle possible untrusted road-side units. In addition, we introduce TEM-based Proof of Trust to support blockchain maintenance, which works together with an efficient consensus algorithm Zyzzyva for improved scalability. Finally, extensive experiments are conducted by developing a testbed deployed on cloud servers for measurements.}, journal={2020 IEEE 19TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2020)}, author={Wang, Dawei and Chen, Xiao and Wu, Haiqin and Yu, Ruozhou and Zhao, Yishi}, year={2020}, pages={1950–1955} } @inproceedings{kilari_yu_misra_xue_2020, title={EARS: Enabling Private Feedback Updates in Anonymous Reputation Systems}, url={http://dx.doi.org/10.1109/cns48642.2020.9162328}, DOI={10.1109/cns48642.2020.9162328}, abstractNote={Reputation systems, designed to remedy the lack of information quality and assess credibility of information sources, have become an indispensable component of many online systems. A typical reputation system works by tracking all information originating from a source, and the feedback to the information with its attribution to the source. The tracking of information and the feedback, though essential, could violate the privacy of users who provide the information and/or the feedback, which could both cause harm to the users’ online well-being, and discourage them from participation. Anonymous reputation systems have been designed to protect user privacy by ensuring anonymity of the users. Yet, current anonymous reputation systems suffer from several limitations, including but not limited to a)lack of support for core functionalities such as feedback update, b) lack of protocol efficiency for practical deployment, and c) reliance on a fully trusted authority. This paper proposes EARS, an anonymous reputation system that ensures user anonymity while supporting all core functionalities (including feedback update) of a reputation system both efficiently and practically, and without the need of a fully trusted central authority. We present security analysis of EARS against multiple types of attacks that could potentially violate user anonymity, such as feedback duplication, bad mouthing, and ballot stuffing. We also present evaluation of the efficiency and scalability of our system based on implementations.}, booktitle={2020 IEEE Conference on Communications and Network Security (CNS)}, publisher={IEEE}, author={Kilari, Vishnu Teja and Yu, Ruozhou and Misra, Satyajayant and Xue, Guoliang}, year={2020}, month={Jun} } @article{kilari_yu_misra_xue_2020, title={Robust Revocable Anonymous Authentication for Vehicle to Grid Communications}, volume={21}, DOI={10.1109/tits.2019.2948803}, abstractNote={Electric vehicles can place a significant load on the power grid due to their unscheduled charging events. One way of improving power grid stability is to schedule electric vehicle charging in advance. Before a charging visit, the electric vehicle provides necessary information to request for charging at a charging station, which prepares and reserves the energy before the visit. However, the reported information can cause privacy leakage of the electric vehicle user. Anonymous information reporting can protect user privacy, but also enables attacks on the charging station by unauthorized users. An anonymous authentication system can address these issues, but cannot detect misbehaviors by authenticated users. One remedy to this is revocable anonymity-based authentication, which can revoke the anonymity of malicious users after their misbehaviors. However, we show that such a system is still vulnerable to application-level Denial of Service attacks, where a malicious user requests for large amounts of energy simultaneously from many charging stations, preventing these stations from serving other users. To address this, we improve upon an existing revocable anonymity-based authentication framework. We propose a permit-based mechanism, where each electric vehicle is only issued with one blind signature-based permit at a time. A request is valid only if it contains a valid and unused permit, which protects the system from the application-level Denial of Service attacks. Security analysis and experiments demonstrate that our framework, while ensuring user anonymity and being robust to the aforementioned attack, is also scalable and lightweight.}, number={11}, journal={IEEE Transactions on Intelligent Transportation Systems (T-ITS)}, author={Kilari, Vishnu T. and Yu, Ruozhou and Misra, Satyajayant and Xue, Guoliang}, year={2020}, month={Nov}, pages={4845–4857} } @inproceedings{robust resource provisioning in time-varying edge networks_2020, DOI={10.1145/3397166.3409146}, abstractNote={Edge computing is one of the revolutionary technologies that enable high-performance and low-latency modern applications, such as smart cities, connected vehicles, etc. Yet its adoption has been limited by factors including high cost of edge resources, heterogeneous and fluctuating demands, and lack of reliability. In this paper, we study resource provisioning in edge computing, taking into account these different factors. First, based on observations from real demand traces, we propose a time-varying stochastic model to capture the time-dependent and uncertain demand and network dynamics in an edge network. We then apply a novel robustness model that accounts for both expected and worst-case performance of a service. Based on these models, we formulate edge provisioning as a multi-stage stochastic optimization problem. The problem is NP-hard even in the deterministic case. Leveraging the multi-stage structure, we apply nested Benders decomposition to solve the problem. We also describe several efficiency enhancement techniques, including a novel technique for quickly solving the large number of decomposed subproblems. Finally, we present results from real dataset-based simulations, which demonstrate the advantages of the proposed models, algorithm and techniques.}, booktitle={Twenty-First International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing (MobiHoc)}, year={2020}, month={Oct} } @inproceedings{load balancing for interdependent iot microservices_2019, url={http://dx.doi.org/10.1109/infocom.2019.8737450}, DOI={10.1109/infocom.2019.8737450}, abstractNote={Advances in virtualization technologies and edge computing have inspired a new paradigm for Internet-of-Things (IoT) application development. By breaking a monolithic application into loosely coupled microservices, great gain can be achieved in performance, flexibility and robustness. In this paper, we study the important problem of load balancing across IoT microservice instances. A key difficulty in this problem is the interdependencies among microservices: the load on a successor microservice instance directly depends on the load distributed from its predecessor microservice instances. We propose a graph-based model for describing the load dependencies among microservices. Based on the model, we first propose a basic formulation for load balancing, which can be solved optimally in polynomial time. The basic model neglects the quality-of-service (QoS) of the IoT application. We then propose a QoS-aware load balancing model, based on a novel abstraction that captures a realization of the application’s internal logic. The QoS-aware load balancing problem is NP-hard. We propose a fully polynomial-time approximation scheme for the QoS-aware problem. We show through simulation experiments that our proposed algorithm achieves enhanced QoS compared to heuristic solutions.}, booktitle={IEEE INFOCOM 2019 - IEEE Conference on Computer Communications}, year={2019}, month={Apr} } @inproceedings{p4pcn: privacy-preserving path probing for payment channel networks_2019, url={http://dx.doi.org/10.1109/globecom38437.2019.9014080}, DOI={10.1109/globecom38437.2019.9014080}, abstractNote={Recent advances in security and cryptography have enabled new paradigms for secure networking in various scenarios. The payment channel network (PCN) is a notable example, which has emerged from the combination of the traditional credit network in economics and the latest blockchain technology. PCN provides a secure and efficient way for conducting payments, by addressing both the intrinsic financial risk of the credit network and the scalability issue of the blockchain. A crucial challenge in PCN is routing, i.e., to find a set of paths that fulfill a payment request. Due to the fully distributed and dynamic nature of PCN, existing routing algorithms utilize active probing to improve routing success probability. However, while the payment itself is privacy-preserving through existing protocols, the probing process can leak sensitive information including the location of the sender or the recipient. In this paper, we address the privacy of the users in the path probing process, filling in the last piece of the privacy puzzle in PCN. We propose P4PCN, a cryptographic protocol for anonymous active probing without knowing the identities or public keys of the intermediate nodes, while hiding the locations of sender and recipient as well as any path-related information. Our protocol is lightweight and scales with the number of hops a probe explores. We confirm its performance via real-world implementation and simulation experiments.}, booktitle={2019 IEEE Global Communications Conference (GLOBECOM)}, year={2019}, month={Dec} } @article{yu_xue_zhang_2019, title={Provisioning QoS-Aware and Robust Applications in Internet of Things: A Network Perspective}, volume={27}, ISSN={1063-6692 1558-2566}, url={http://dx.doi.org/10.1109/tnet.2019.2936015}, DOI={10.1109/TNET.2019.2936015}, abstractNote={The Internet-of-Things (IoT) has inspired numerous new applications ever since its invention. Nevertheless, its development and utilization have always been restricted by the limited resources in various application scenarios. In this paper, we study the problem of resource provisioning for real-time IoT applications, i.e., applications that process concurrent data streams from data sources in the network. We investigate joint application placement and data routing to support IoT applications that have both quality-of-service and robustness requirements. We formulate four versions of the provisioning problem, spanning across two important classes of real-time applications (parallelizable and non-parallelizable), and two provisioning scenarios (single application and multiple applications). All versions are proved to be NP-hard. We propose fully polynomial-time approximation schemes for three of the four versions, and a randomized algorithm for the forth. Through simulation experiments, we analyze the impact of parallelizability and robustness on the provisioning performance, and show that our proposed algorithms can greatly improve the quality-of-service of the IoT applications.}, number={5}, journal={IEEE/ACM Transactions on Networking}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Yu, Ruozhou and Xue, Guoliang and Zhang, Xiang}, year={2019}, month={Oct}, pages={1931–1944} } @inproceedings{application provisioning in fog computing-enabled internet-of-things: a network perspective_2018, url={http://dx.doi.org/10.1109/infocom.2018.8486269}, DOI={10.1109/infocom.2018.8486269}, abstractNote={S-The emergence of the Internet-of-Things (IoT) has inspired numerous new applications. However, due to the limited resources in current IoT infrastructures and the stringent quality-of-service requirements of the applications, providing computing and communication supports for the applications is becoming increasingly difficult. In this paper, we consider IoT applications that receive continuous data streams from multiple sources in the network, and study joint application placement and data routing to support all data streams with both bandwidth and delay guarantees. We formulate the application provisioning problem both for a single application and for multiple applications, with both cases proved to be NP-hard. For the case with a single application, we propose a fully polynomial-time approximation scheme. For the multi-application scenario, if the applications can be parallelized among multiple distributed instances, we propose a fully polynomial-time approximation scheme; for general non-parallelizable applications, we propose a randomized algorithm and analyze its performance. Simulations show that the proposed algorithms greatly improve the quality-of-service of the IoT applications compared to the heuristics.}, booktitle={IEEE INFOCOM 2018 - IEEE Conference on Computer Communications}, year={2018}, month={Apr} } @inproceedings{coinexpress: a fast payment routing mechanism in blockchain-based payment channel networks_2018, url={http://dx.doi.org/10.1109/icccn.2018.8487351}, DOI={10.1109/icccn.2018.8487351}, abstractNote={Although cryptocurrencies have witnessed explosive growth in the past year, they have also raised many concerns, among which a crucial one is the scalability issue of blockchain-based cryptocurrencies. Suffering from the large overhead of global consensus and security assurance, even leading cryptocurrencies can only handle up to tens of transactions per second, which largely limits their applications in real- world scenarios. Among many proposals to improve cryptocurrency scalability, one of the most promising and mature solutions is the payment channel network (PCN), which offers off-chain settlement of transactions with minimal involvement of expensive blockchain operations. In this paper, we investigate the problem of payment routing in PCN. We suggest crucial design goals in PCN routing, and propose a novel distributed dynamic routing mechanism called CoinExpress. Through extensive simulations, we have shown that our proposed mechanism is able to achieve outstanding payment acceptance ratio with low routing overhead.}, booktitle={2018 27th International Conference on Computer Communication and Networks (ICCCN)}, year={2018}, month={Jul} } @inproceedings{deploying robust security in internet of things_2018, url={http://dx.doi.org/10.1109/cns.2018.8433219}, DOI={10.1109/cns.2018.8433219}, abstractNote={Popularization of the Internet-of-Things (IoT) has brought widespread concerns on IoT security, especially in face of several recent security incidents related to IoT devices. Due to the resource-constrained nature of many IoT devices, security offloading has been proposed to provide good-enough security for IoT with minimum overhead on the devices. In this paper, we investigate the inevitable risk associated with security offloading: the unprotected and unmonitored transmission from IoT devices to the offloaded security mechanisms. An important challenge in modeling the security risk is the dynamic nature of IoT due to demand fluctuations and infrastructure instability. We propose a stochastic model to capture both the expected and worst-case security risks of an IoT system. We then propose a framework to efficiently address the optimal robust deployment of security mechanisms in IoT. We use results from extensive simulations to demonstrate the superb performance and efficiency of our approach compared to several other algorithms.}, booktitle={2018 IEEE Conference on Communications and Network Security (CNS)}, year={2018}, month={May} } @article{the fog of things paradigm: road toward on-demand internet of things_2018, url={http://dx.doi.org/10.1109/mcom.2018.1701140}, DOI={10.1109/mcom.2018.1701140}, abstractNote={In this article, we introduce the concept of FoT, a paradigm for on-demand IoT. On-demand IoT is an IoT platform where heterogeneous connected things can be accessed and managed via a uniform platform based on real-time demands. Realizing such a platform faces challenges including heterogeneity, scalability, responsiveness, and robustness, due to the large-scale and complex nature of an IoT environment. The FoT paradigm features the incorporation of fog computing power, which empowers not only the IoT applications, but more importantly the scalable and efficient management of the system itself. FoT utilizes a flat-structured virtualization plane and a hierarchical control plane, both of which extend to the network edge and can be reconfigured in real time, to achieve various design goals. In addition to describing the detailed design of the FoT paradigm, we also highlight challenges and opportunities involved in the deployment, management, and operation of such an on-demand IoT platform. We hope this article can shed some light on how to build and maintain a practical and extensible control back-end to enable large-scale IoT that empowers our connected world.}, journal={IEEE Communications Magazine}, year={2018}, month={Sep} } @inproceedings{transmitting and sharing: a truthful double auction for cognitive radio networks_2018, url={http://dx.doi.org/10.1109/icc.2018.8422505}, DOI={10.1109/icc.2018.8422505}, abstractNote={The scarcity of spectrum channels resides in the limited bandwidth resource and the exploding demand from spectrum-based services and devices. To help ease this scarcity, the concept of cognitive radio networks (CRNs) is proposed, where licensed spectrum holders (primary users) may lease their channels to unlicensed users (secondary users). Many CRN auctions are thus designed to incentivize primary users (PUs) to share their idle channels with secondary users (SUs). Most of these auctions assume that a transmitting PU does not lease its channel to SUs; if it leases its channel to SUs, it does not transmit itself. To further utilize the resource, researchers have studied the scenario where a transmitting PU is allowed to lease its channels to SUs if the transmissions of the SUs do not undermine the transmission of the PU. However, the study assumes that there is only one PU who owns the licensed channels, whereas in practice, channels may be contributed by multiple PUs. This prevents the result of the study from being directly applied to the multi-PU scenario, as the potential competitions among the PUs are neglected. We extend the scenario to the CRN with multiple PUs and propose TDSA-PS as a Truthful Double Spectrum Auction with transmitting Primary users Sharing. We prove that TDSA-PS is truthful, individually rational, budget-balanced, and computationally efficient.}, booktitle={2018 IEEE International Conference on Communications (ICC)}, year={2018}, month={May} } @inproceedings{an approach to qos-based task distribution in edge computing networks for iot applications_2017, url={http://dx.doi.org/10.1109/ieee.edge.2017.50}, DOI={10.1109/ieee.edge.2017.50}, abstractNote={Abstract-Internet of Things (IoT) is emerging as part ofthe infrastructures for advancing a large variety of applicationsinvolving connection of many intelligent devices, leadingto smart communities. Due to the severe limitation on thecomputing resources of IoT devices, it is common to offloadtasks of various applications requiring substantial computingresources to computing systems with sufficient computingresources, such as servers, cloud systems, and/or data centersfor processing. However, the offloading method suffers fromthe difficulties of high latency and network congestion in theIoT infrastructures. Recently edge computing has emergedto reduce the negative impacts of these difficulties. Yet, edgecomputing has its drawbacks, such as the limited computingresources of some edge computing devices and the unbalancedload among these devices. In order to effectively explorethe potential of edge computing to support IoT applications,it is necessary to have efficient task management in edgecomputing networks. In this paper, an approach is presented toperiodically distributing incoming tasks in the edge computingnetwork so that the number of tasks, which can be processedin the edge computing network, is increased, and the qualityof-service (QoS) requirements of the tasks completed in theedge computing network are satisfied. Simulation results arepresented to show the improvement of using this approach onthe increase of the number of tasks to be completed in the edgecomputing network.}, booktitle={2017 IEEE International Conference on Edge Computing (EDGE)}, year={2017}, month={Jun} } @article{countermeasures against false-name attacks on truthful incentive mechanisms for crowdsourcing_2017, url={http://dx.doi.org/10.1109/jsac.2017.2659229}, DOI={10.1109/jsac.2017.2659229}, abstractNote={The proliferation of crowdsourcing brings both opportunities and challenges in various fields, such as environmental monitoring, healthcare, and so on. Often, the collaborative efforts from a large crowd of users are needed in order to complete crowdsourcing jobs. In recent years, the design of crowdsourcing incentive mechanisms has drawn much interest from the research community, where auction is one of the commonly adopted mechanisms. However, few of these auctions consider the robustness against false-name attacks (a.k.a. sybil attacks), where dishonest users generate fake identities to increase their utilities without devoting more efforts. To provide countermeasures against such attacks, we have designed a Truthful Auction with countermeasures against False-name Attacks (TAFA) as an auction-based incentive mechanism for crowdsourcing. We prove that TAFA is truthful, individually rational, budget-balanced, and computationally efficient. We also prove that TAFA provides countermeasures against false-name attacks, such that each user is better off not generating any false name. Extensive performance evaluations are conducted and the results further confirm our theoretical analysis.}, journal={IEEE Journal on Selected Areas in Communications}, year={2017}, month={Feb} } @article{hsdran: hierarchical software-defined radio access network for distributed optimization_2018, url={http://dx.doi.org/10.1109/tvt.2017.2691735}, DOI={10.1109/tvt.2017.2691735}, abstractNote={The drastic growth of mobile traffic greatly challenges the capacity of mobile infrastructures. Dense deployment of low-power small cells helps alleviate the congestion in the radio access network, yet it also introduces large complexity for network management. Software-defined radio access network has been proposed to tackle the added complexity. However, existing software-defined solutions rely on a fully centralized control plane to make decisions for the whole network, which greatly limits the scalability and responsiveness of the control plane. In this paper, we propose a hierarchical software-defined radio access network architecture. The proposed architecture leverages the hierarchical structure of radio access networks, deploying additional local controllers near the network edge. Utilizing the intrinsic locality in radio access networks, it offloads control tasks from the central controller to local controllers with limited overhead introduced. Under the architecture, a distributed optimization framework is proposed, and a typical optimization problem is studied to illustrate the effectiveness of the proposed architecture and framework. Both analysis and experiments validate that the proposed architecture and framework can improve the network objective during the optimization, meanwhile balancing load and improving scalability and responsiveness.}, journal={IEEE Transactions on Vehicular Technology}, year={2018}, month={Sep} } @article{qos-aware and reliable traffic steering for service function chaining in mobile networks_2017, url={http://dx.doi.org/10.1109/jsac.2017.2760158}, DOI={10.1109/jsac.2017.2760158}, abstractNote={The ever-increasing mobile traffic has inspired deployment of capacity and performance enhancing network services within mobile networks. Owing to recent advances in network function virtualization, such network services can be flexibly and cost-efficiently deployed in the mobile network as software components, avoiding the need for costly hardware deployment. Nevertheless, this complicates network planning by bringing the need for service function chaining. In this paper, we study mobile network planning through a software-defined approach, considering both quality-of-service and reliability of different classes of traffic. We define and formulate the traffic steering problem for service function chaining in mobile networks, which turns out to be $\mathcal {NP}$ -hard. We then develop a fast approximation scheme for the problem, and evaluate its performance via extensive simulation experiments. The results show that our algorithm is near-optimal, and achieves much better performance compared with baseline algorithms.}, journal={IEEE Journal on Selected Areas in Communications}, year={2017}, month={Nov} } @inproceedings{robust incentive tree design for mobile crowdsensing_2017, url={http://dx.doi.org/10.1109/icdcs.2017.145}, DOI={10.1109/icdcs.2017.145}, abstractNote={With the proliferation of smart mobile devices (smart phone, tablet, and wearable), mobile crowdsensing becomes a powerful sensing and computation paradigm. It has been put into application in many fields, such as spectrum sensing, environmental monitoring, healthcare, and so on. Driven by promising incentives, the power of the crowd grants crowdsensing an advantage in mobilizing users who perform sensing tasks with the embedded sensors on the smart devices. Auction is one of the commonly adopted crowdsensing incentive mechanisms to incentivize users for participation. However, it does not consider the incentive for user solicitation, where in crowdsensing, such incentive would ease the tension when there is a lack of crowdsensing users. To deal with this issue, we aim to design an auction-based incentive tree to offer rewards to users for both participation and solicitation. Meanwhile, we want the incentive mechanism to be robust against dishonest behavior such as untruthful bidding and sybil attacks, to eliminate malicious price manipulations. We design RIT as a Robust Incentive Tree mechanism for mobile crowdsensing which combines the advantages of auctions and incentive trees. We prove that RIT is truthful and sybil-proof with probability at least H, for any given H in (0,1). We also prove that RIT satisfies individual rationality, computational efficiency, and solicitation incentive. Simulation results of RIT further confirm our analysis.}, booktitle={2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS)}, year={2017}, month={Jun} } @inproceedings{survivable and bandwidth-guaranteed embedding of virtual clusters in cloud data centers_2017, url={http://dx.doi.org/10.1109/infocom.2017.8056945}, DOI={10.1109/infocom.2017.8056945}, abstractNote={Cloud computing has emerged as a powerful and elastic platform for internet service hosting, yet it also draws concerns of the unpredictable performance of cloud-based services due to network congestion. To offer predictable performance, the virtual cluster abstraction of cloud services has been proposed, which enables allocation and performance isolation regarding both computing resources and network bandwidth in a simplified virtual network model. One issue arisen in virtual cluster allocation is the survivability of tenant services against physical failures. Existing works have studied virtual cluster backup provisioning with fixed primary embeddings, but have not considered the impact of primary embeddings on backup resource consumption. To address this issue, in this paper we study how to embed virtual clusters survivably in the cloud data center, by jointly optimizing primary and backup embeddings of the virtual clusters. We formally define the survivable virtual cluster embedding problem. We then propose a novel algorithm, which computes the most resource-efficient embedding given a tenant request. Since the optimal algorithm has high time complexity, we further propose a faster heuristic algorithm, which is several orders faster than the optimal solution, yet able to achieve similar performance. Besides theoretical analysis, we evaluate our algorithms via extensive simulations.}, booktitle={IEEE INFOCOM 2017 - IEEE Conference on Computer Communications}, year={2017}, month={May} } @article{the critical network flow problem: migratability and survivability_2017, url={http://dx.doi.org/10.1109/tnet.2017.2747588}, DOI={10.1109/tnet.2017.2747588}, abstractNote={In this paper, we propose a new network abstraction, termed critical network flow, which models the bandwidth requirement of modern Internet applications and services. A critical network flow defines a conventional flow in a network with explicit requirement on its aggregate bandwidth, or the flow value as commonly termed. Unlike common bandwidth-guaranteed connections whose bandwidth is only guaranteed during normal operations, a critical network flow demands strictly enforced bandwidth guarantee during various transient network states, such as network reconfiguration or network failures. Such a demand is called the bandwidth criticality of a critical network flow, which is characterized both by its flow value and capability to satisfy bandwidth guarantee in the transient states.We study algorithmic solutions to the accommodation of critical network flows with different bandwidth criticalities, including the basic case with no transient network state considered, the case with network reconfiguration, and the case with survivability against link failures. We present a polynomial-time optimal algorithm for each case. For the survivable case, we further present a faster heuristic algorithm. We have conducted extensive experiments to evaluate our model and validate our algorithms.}, journal={IEEE/ACM Transactions on Networking}, year={2017}, month={Dec} } @inproceedings{enhancing software-defined ran with collaborative caching and scalable video coding_2016, url={http://dx.doi.org/10.1109/icc.2016.7511029}, DOI={10.1109/icc.2016.7511029}, abstractNote={The ever increasing video demands from mobile users have posed great challenges to cellular networks. To address this issue, video caching in radio access networks (RANs) has been recognized as one of the enabling technologies in future 5G mobile networks, which brings contents near the end-users, reducing the transmission cost of duplicate contents, meanwhile increasing the Quality-of-Experience (QoE) of users. Inspired by the emerging software-defined networking technology, recent proposals have employed centralized collaborative caching among cells to further increase the caching capacity of the RAN. In this paper, we explore a new dimension in video caching in software-defined RANs to expand its capacity. We enable the controller with the capability to adaptively select the bitrates of videos received by users, in order to maximize the number and quality of video requests that can be served, meanwhile minimizing the transmission cost. To achieve this, we further incorporate Scalable Video Coding (SVC), which enables caching and serving sliced video layers that can serve different bitrates. We formulate the problem of joint video caching and scheduling as a reward maximization (cost minimization) problem. Based on the formulation, we further propose a 2-stage rounding-based algorithm to address the problem efficiently. Simulation results show that using SVC with collaborative caching greatly improves the cache capacity and the QoE of users.}, booktitle={2016 IEEE International Conference on Communications (ICC)}, year={2016}, month={May} } @inproceedings{non-preemptive coflow scheduling and routing_2016, url={http://dx.doi.org/10.1109/glocom.2016.7842029}, DOI={10.1109/glocom.2016.7842029}, abstractNote={As more and more data-intensive applications have been moved to the cloud, the cloud network has become the new performance bottleneck for cloud applications. To boost application performance, the concept of coflow has been proposed to bring application-awareness into the cloud network. A coflow consists of many individual data flows, and a coflow is completed only when all its component flows are transmitted. The network performance of a cloud application is dependent on the completion time of coflows, rather than the completion time of each individual flow. Existing coflow-aware optimization solutions employ flow preemption to reduce the completion time, which brings difficulty in practical implementation and non-negligible overhead. In this paper, we study the non-preemptive coflow scheduling and routing problem in the cloud network. We propose an offline optimization framework for coflow scheduling, as well as two subroutines for coflow routing using single-path routing and multi-path routing respectively. We also show that our proposed framework is easily extensible to the online scenario. Extensive evaluations show that the proposed solutions can greatly reduce coflow completion time compared to coflow-agnostic solutions, and are also computationally efficient.}, booktitle={2016 IEEE Global Communications Conference (GLOBECOM)}, year={2016}, month={Dec} } @inproceedings{qos correlation-aware service composition for unified network-cloud service provisioning_2016, url={http://dx.doi.org/10.1109/glocom.2016.7842186}, DOI={10.1109/glocom.2016.7842186}, abstractNote={Recent development in Cloud and networking technologies have stimulated unification of network and Cloud service provisioning, in which service composition plays a crucial role. While encouraging progress has been made toward network-Cloud service composition, the impact of correlated network and Cloud services on the QoS of composite services, however, has not been sufficiently studied. In this paper, we address the challenging problem of QoS correlation-aware network and Cloud service composition. Specifically, we formulate this problem as a multi-constraint optimal path problem and propose a novel algorithm to solve it. We also evaluate the performance of the proposed algorithm with extensive simulations. The experimental results show that the proposed algorithm is effective and efficient and it is able to yield service composition solutions with better QoS guarantees through considering QoS correlations among different services.}, booktitle={2016 IEEE Global Communications Conference (GLOBECOM)}, year={2016}, month={Dec} } @inproceedings{a sybil-proof and time-sensitive incentive tree mechanism for crowdsourcing_2015, url={http://dx.doi.org/10.1109/glocom.2015.7417272}, DOI={10.1109/glocom.2015.7417272}, abstractNote={Crowdsourcing incentive mechanism design has raised numerous interests from research communities in recent years. While most research focuses on contribution-based payment allocation, a solid crowdsourcing incentive mechanism should encourage users to both devote efforts to complete the task and refer other users to join into participation. In this paper, we adopt a data structure called incentive tree which has a unique advantage in incentivizing participants for solicitation. Furthermore, we consider the crowdsourcing scenario where the contribution model is submodular and time-sensitive, which is more realistic compared to the linear summation model adopted by previous works. Under this model, we design a reward mechanism based on the incentive tree, and prove that this mechanism satisfies several economic properties such as continuing contribution incentive, continuing solicitation incentive, θ-reward proportional to contribution, early contribution incentive, and sybil-proofness. We implemented our incentive mechanism and conducted extensive performance evaluations. The evaluation results confirm our theoretical analysis.}, booktitle={2015 IEEE Global Communications Conference (GLOBECOM)}, year={2015}, month={Dec} } @article{dcloud: deadline-aware resource allocation for cloud computing jobs_2016, url={http://dx.doi.org/10.1109/tpds.2015.2489646}, DOI={10.1109/tpds.2015.2489646}, abstractNote={With the tremendous growth of cloud computing, it is increasingly critical to provide quantifiable performance to tenants and to improve resource utilization for the cloud provider. Though many recent proposals focus on guaranteeing job performance (with a particular note on network bandwidth) in the cloud, they usually lack efficient utilization of cloud resource, or vice versa. In this paper we present DCloud, which leverages the (soft) deadlines of cloud computing jobs to enable flexible and efficient resource utilization in data centers. With the deadline requirement of a job guaranteed, DCloud employs both time sliding (postponing the launching time of a job) and bandwidth scaling (adjusting the bandwidth associated with VMs) in resource allocation, so as to better match the resource allocated to the job with the cloud's residual resource. Extensive simulations and testbed experiments show that DCloud can accept much more jobs than existing solutions, and significantly increase the cloud provider's revenue with less cost for individual tenants.}, journal={IEEE Transactions on Parallel and Distributed Systems}, year={2016}, month={Aug} } @article{joint scheduling and beamforming coordination in cloud radio access networks with qos guarantees_2016, url={http://dx.doi.org/10.1109/tvt.2015.2464278}, DOI={10.1109/tvt.2015.2464278}, abstractNote={The cloud radio access network (C-RAN) is a promising architecture for future radio access networks (RANs) due to its advantages in cost efficiency, flexibility, and utilization efficiency. To fully reap these benefits, this paper focuses on joint optimization of user grouping, virtual base station (VBS) clustering, and transmit beamforming in C-RAN downlink networks for maximizing the system utility, subject to the diverse quality-of-service (QoS) requirements of users and the power constraints of distributed remote radio heads (RRHs). To tackle the high computational complexity in solving the nonconvex combinatorial optimization problem, a two-stage solution is proposed. Specifically, a dynamic user-centric scheduling algorithm is developed to form user groups and cluster RRHs into VBSs by exploiting the nonuniform distribution of users. Then, an iterative transmit beamformer optimization algorithm is devised to coordinate the transmit beamforming among the VBSs to mitigate the intracell and intercell interference, hence further enhancing the overall system utility. Evaluation results demonstrate that the proposed algorithm achieves significant performance gain over various reference algorithms in terms of system utility, system throughput, and energy efficiency.}, journal={IEEE Transactions on Vehicular Technology}, year={2016}, month={Jul} } @article{keep your promise: mechanism design against free-riding and false-reporting in crowdsourcing_2015, url={http://dx.doi.org/10.1109/jiot.2015.2441031}, DOI={10.1109/jiot.2015.2441031}, abstractNote={Crowdsourcing is an emerging paradigm where users can have their tasks completed by paying fees, or receive rewards for providing service. A critical problem that arises in current crowdsourcing mechanisms is how to ensure that users pay or receive what they deserve. Free-riding and false-reporting may make the system vulnerable to dishonest users. In this paper, we design schemes to tackle these problems, so that each individual in the system is better off being honest and each provider prefers completing the assigned task. We first design a mechanism EFF which eliminates dishonest behavior with the help from a trusted third party for arbitration. We then design another mechanism DFF which, without the help from any third party, discourages dishonest behavior. We also prove that DFF is semi-truthful, which discourages dishonest behavior such as free-riding and false-reporting when the rest of the individuals are honest, while guaranteeing transaction-wise budget-balance and computational efficiency. Performance evaluation shows that within our mechanisms, no user could have a utility gain by unilaterally being dishonest.}, journal={IEEE Internet of Things Journal}, year={2015}, month={Dec} } @article{network function virtualization in the multi-tenant cloud_2015, url={http://dx.doi.org/10.1109/mnet.2015.7113224}, DOI={10.1109/mnet.2015.7113224}, abstractNote={With more and more tenants launching their applications on the cloud, various requirements have been posed regarding the cloud's performance, security, and management. In the face of tenant demands, the cloud provider deploys different hardware middleboxes, carrying out different network functions, and enhancing the cloud's capability in serving tenant requirements. While middleboxes are crucial to the cloud, concerns have been raised regarding their costs, manageability, and performance overhead. To tackle these problems, researchers have proposed an alternative to hardware middleboxes: network function virtualization. Software applications are deployed in place of hardware middleboxes, offering equivalent functionalities while greatly improving flexibility, manageability, and cost-efficiency. In this paper we discuss opportunities and challenges that network function virtualization brings to the multi-tenant cloud. We also propose a cloud architecture that exploits virtual network functions. Our contributions can serve as an enlightener for future efforts in this area.}, journal={IEEE Network}, year={2015}, month={May} } @inproceedings{tsa: a framework of truthful spectrum auctions under the physical interference model_2015, url={http://dx.doi.org/10.1109/icc.2015.7248904}, DOI={10.1109/icc.2015.7248904}, abstractNote={Auction is an effective method of allocating scarce spectrum resources in cognitive radio networks, where the primary users are sellers and the secondary users are buyers. In order for the buyers and sellers to act honestly during the auction, truthfulness has been identified as an important property. Current research focuses on the truthfulness and spatial reusability by either assuming that a conflict graph is given under the protocol model, or assuming that the grouping result is given under the physical interference model without power control. To fill this void, we design a framework of truthful double auctions, named TSA, for spectrum sharing in cognitive radio networks. TSA finds a feasible grouping profile such that users in the same group can be assigned to the same channel while each gets a satisfactory SINR value by an appropriate transmitting power allocation. We prove that TSA guarantees all the desired economic properties: individual rationality, budget-balance, computational efficiency, and truthfulness. Extensive performance evaluation also supports our theoretic analysis.}, booktitle={2015 IEEE International Conference on Communications (ICC)}, year={2015}, month={Jun} } @inproceedings{towards min-cost virtual infrastructure embedding_2015, url={http://dx.doi.org/10.1109/glocom.2015.7416953}, DOI={10.1109/glocom.2015.7416953}, abstractNote={Cloud computing has emerged as a prevailing platform for internet service hosting. To best utilize Cloud resources for profit making, Cloud providers rely on intelligent resource allocation algorithms when provisioning the virtualized environments for tenant service hosting. Conventional resource allocation proposals mainly focus on efficient allocation of the computing and storage resources, with little effort on ensuring the network performance of tenant services. To address this issue, a number of recent efforts abstract tenant services in the form of virtual infrastructures for resource allocation. A virtual infrastructure specifies the tenant's demand of both the computing resources for hosting virtual servers, and the network bandwidth for inter-virtual server communications. With the problem of resource allocation for virtual infrastructures being NP-hard in general networks, heuristic algorithms have been proposed for this problem. In this paper, we propose a novel optimization technique, named sequential rounding, to tackle the resource allocation problem for virtual infrastructures. The proposed technique extends the rounding technique used for the traditional virtual network embedding problem, while minimizing mapping conflicts introduced by the virtual infrastructure embed- ding problem. Experiments show that our proposed algorithm outperforms existing algorithms regarding both the acceptance ratio and average embedding cost of virtual requests.}, booktitle={2015 IEEE Global Communications Conference (GLOBECOM)}, year={2015}, month={Dec} } @inproceedings{truthful incentive mechanisms for crowdsourcing_2015, url={http://dx.doi.org/10.1109/infocom.2015.7218676}, DOI={10.1109/infocom.2015.7218676}, abstractNote={With the prosperity of smart devices, crowdsourcing has emerged as a new computing/networking paradigm. Through the crowdsourcing platform, service requesters can buy service from service providers. An important component of crowdsourcing is its incentive mechanism. We study three models of crowdsourcing, which involve cooperation and competition among the service providers. Our simplest model generalizes the well-known user-centric model studied in a recent Mobicom paper. We design an incentive mechanism for each of the three models, and prove that these incentive mechanisms are individually rational, budget-balanced, computationally efficient, and truthful.}, booktitle={2015 IEEE Conference on Computer Communications (INFOCOM)}, year={2015}, month={Apr} } @inproceedings{you better be honest: discouraging free-riding and false-reporting in mobile crowdsourcing_2014, url={http://dx.doi.org/10.1109/glocom.2014.7037593}, DOI={10.1109/glocom.2014.7037593}, abstractNote={Crowdsourcing is an emerging paradigm where users can pay for the services they need or receive rewards for providing services. One example in wireless networking is mobile crowdsourcing, which leverages a cloud computing platform for recruiting mobile users to collect data (such as photos, videos, mobile user activities, etc) for applications in various domains, such as environmental monitoring, social networking, healthcare, transportation, etc. However, a critical problem arises as how to ensure that users pay or receive what they deserve. Free-riding and false-reporting may make the system vulnerable to dishonest users. In this paper, we aim to design schemes to tackle these problems, so that each individual in the system is better off being honest. We first design a mechanism EFF which eliminates dishonest behavior with the help from a trusted third party for arbitration. We then design another mechanism DFF which, without the help from any third party, discourages free-riding and false-reporting. We prove that EFF eliminates the existence of free-riding and false-reporting, while guaranteeing truthfulness, individual rationality, budget-balance, and computational efficiency. We also prove that DFF is semi-truthful, which discourages dishonest behavior such as free-riding and false-reporting when the rest of the individuals are honest, while guaranteeing budget-balance and computational efficiency. Performance evaluation shows that within our mechanisms, no dishonest behavior could bring extra benefit for each individual.}, booktitle={2014 IEEE Global Communications Conference}, year={2014}, month={Dec} } @article{modeling and algorithms for qos-aware service composition in virtualization-based cloud computing_2013, url={http://dx.doi.org/10.1587/transcom.e96.b.10}, DOI={10.1587/transcom.e96.b.10}, abstractNote={Cloud computing is an emerging computing paradigm that may have a significant impact on various aspects of the development of information infrastructure. In a Cloud environment, different types of network resources need to be virtualized as a series of service components by network virtualization, and these service components should be further composed into Cloud services provided to end users. Therefore Quality of Service (QoS) aware service composition plays a crucial role in Cloud service provisioning. This paper addresses the problem on how to compose a sequence of service components for QoS guaranteed service provisioning in a virtualization-based Cloud computing environment. The contributions of this paper include a system model for Cloud service provisioning and two approximation algorithms for QoS-aware service composition. Specifically, a system model is first developed to characterize service provisioning behavior in virtualization-based Cloud computing, then a novel approximation algorithm and a variant of a well-known QoS routing procedure are presented to resolve QoS-aware service composition. Theoretical analysis shows that these two algorithms have the same level of time complexity. Comparison study conducted based on simulation experiments indicates that the proposed novel algorithm achieves better performance in time efficiency and scalability without compromising quality of solution. The modeling technique and algorithms developed in this paper are general and effective; thus are applicable to practical Cloud computing systems.}, journal={IEICE Transactions on Communications}, year={2013} } @inproceedings{qos-aware service selection in virtualization-based cloud computing_2012, url={http://dx.doi.org/10.1109/apnoms.2012.6356046}, DOI={10.1109/apnoms.2012.6356046}, abstractNote={Cloud computing is one of the most significant latest efforts in the field of information technology, which may change the way how information services are provisioned. In a Cloud environment, different types of resources need to be virtualized as a collection of Cloud services using virtualization technology. End-users in the Cloud are usually provided with customized Cloud services that involve not only different kinds of computing services but also the networks interconnecting those computing services. Therefore, a set of Cloud computing services and the networking services should be modeled as a composite customized Cloud service. In this paper, we present an improved model for Cloud service provisioning based on our previous Network-Cloud proposal, and propose a procedure with several QoS-aware service selection algorithms for composing different services offered by a Cloud. Our analysis with numerical experiments show that the presented algorithms can select services appropriately that deal with different requirements of service provisioning.}, booktitle={2012 14th Asia-Pacific Network Operations and Management Symposium (APNOMS)}, year={2012}, month={Sep} }