Zengwen Yuan
Ph.D. Student in Computer Science at UCLA

}

We design and implement MobileInsight, a software tool that collects, analyzes and exploits runtime network information from operational cellular networks. MobileInsight runs on commercial off-the-shelf phones without extra hardware or additional support from operators. It exposes protocol messages on both control plane and (below IP) data plane from the 3G/4G chipset. It provides in-device protocol analysis and operation logic inference. It further offers a simple API, through which developers and researchers obtain access to low-level network information for their mobile applications. We have built three showcases to illustrate how MobileInsight is applied to cellular network research.

@inproceedings{Li:2016:MEA:2973750.2973751, author = {Li, Yuanjie and Peng, Chunyi and Yuan, Zengwen and Li, Jiayao and Deng, Haotian and Wang, Tao}, title = {Mobileinsight: Extracting and Analyzing Cellular Network Information on Smartphones}, booktitle = {Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking}, series = {MobiCom '16}, year = {2016}, isbn = {978-1-4503-4226-1}, location = {New York City, New York}, pages = {202--215}, numpages = {14}, url = {http://doi.acm.org/10.1145/2973750.2973751}, doi = {10.1145/2973750.2973751}, acmid = {2973751}, publisher = {ACM}, address = {New York, NY, USA}, }

The CAP theorem exposes the fundamental tradeoffs among three key properties of strong consistency, availability and partition tolerance in distributed networked systems. In this position paper, we take the CAP perspective on 4G mobility control. We view the control-plane management for mobility support as a distributed signaling system. We show that the impossibility result of the CAP theorem also holds for mobility control: It is impossible for any mobility control to guarantee sequential consistency, high service availability, and partition tolerance simultaneously. Unfortunately, the current 4G system adopts its mobility scheme with the notion of sequential consistency. Our empirical study further confirms that, the incurred data unavailability (i.e., data service suspension) time is comparable to that induced by wireless connectivity setup. We argue that the desirable mobility control for the upcoming 5G networks should take a paradigm shift. We discuss our early effort on re-examining the consistency notion for higher availability and fault tolerance.

@inproceedings{Li:2016:CMC:2980115.2980120, author = {Li, Yuanjie and Yuan, Zengwen and Peng, Chunyi and Lu, Songwu}, title = {CAP on Mobility Control for 4G LTE Networks}, booktitle = {Proceedings of the 3rd Workshop on Hot Topics in Wireless}, series = {HotWireless '16}, year = {2016}, isbn = {978-1-4503-4251-3}, location = {New York City, New York}, pages = {33--37}, numpages = {5}, url = {http://doi.acm.org/10.1145/2973750.2980120}, doi = {10.1145/2973750.2980120}, acmid = {2980120}, publisher = {ACM}, address = {New York, NY, USA}, }

Exploiting multi-carrier access offers a promising direction to boost access quality in mobile networks. However, our experiments show that, the current practice does not achieve the full potential of this approach because it has not utilized fine-grained, cellular-specific domain knowledge. In this work, we propose iCellular, which exploits low-level cellular information at the device to improve multi-carrier access. Specifically, iCellular is proactive and adaptive in its multi-carrier selection by leveraging existing end-device mechanisms and standards-complaint procedures. It performs adaptive monitoring to ensure responsive selection and minimal service disruption, and enhances carrier selection with online learning and runtime decision fault prevention. It is readily deployable on smartphones without infrastructure/hardware modifications. We implement iCellular on commodity phones and harness the efforts of Project Fi to assess multi-carrier access over two US carriers: T-Mobile and Sprint. Our evaluation shows that, iCellular boosts the devices with up to 3.74x throughput improvement, 6.9x suspension reduction, and 1.9x latency decrement over the state-of-the-art selection scheme, with moderate CPU, memory and energy overheads.

@inproceedings {194982, title = {iCellular: Device-Customized Cellular Network Access on Commodity Smartphones}, booktitle = {13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)}, year = {2016}, month = Mar, address = {Santa Clara, CA}, url = {https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/li-yuanjie}, publisher = {USENIX Association}, }

VoLTE is the designated voice solution to the LTE network. Its early deployment is ongoing worldwide. In this work, we report an assessment on VoLTE. We show that VoLTE offers no categorically better quality than popular VoIP applications in all tested scenarios except some congested scenarios. Given the high cost on infrastructure upgrade, we argue that VoLTE, in its current form, might not warrant the deployment effort. We sketch VoLTE*, a lightweight voice solution from which all parties of users, LTE carriers, and VoIP service providers may benefit.

@inproceedings{Tu:2016:VLV:2873587.2873604, author = {Tu, Guan-Hua and Li, Chi-Yu and Peng, Chunyi and Yuan, Zengwen and Li, Yuanjie and Zhao, Xiaohu and Lu, Songwu}, title = {VoLTE*: A Lightweight Voice Solution to 4G LTE Networks}, booktitle = {Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications}, series = {HotMobile '16}, year = {2016}, isbn = {978-1-4503-4145-5}, location = {St. Augustine, Florida, USA}, pages = {3--8}, numpages = {6}, url = {http://doi.acm.org/10.1145/2873587.2873604}, doi = {10.1145/2873587.2873604}, acmid = {2873604}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {cellular networks, voice, volte*}, }

VoLTE (Voice-over-LTE) is the designated voice solution to the LTE mobile network, and its worldwide deployment is underway. It reshapes call services from the traditional circuit-switched telecom telephony to the packet-switched Internet VoIP. In this work, we conduct the first study on VoLTE security before its full rollout. We discover several vulnerabilities in both its control-plane and data-plane functions, which can be exploited to disrupt both data and voice in operational networks. In particular, we find that the adversary can easily gain free data access, shut down continuing data access, or subdue an ongoing call, etc. We validate these proof-of-concept attacks using commodity smartphones (rooted and unrooted) in two Tier-1 US mobile carriers. Our analysis reveals that, the problems stem from both the device and the network. The device OS and chipset fail to prohibit non-VoLTE apps from accessing and injecting packets into VoLTE control and data planes. The network infrastructure also lacks proper access control and runtime check.

@inproceedings{Li:2015:IVS:2810103.2813618, author = {Li, Chi-Yu and Tu, Guan-Hua and Peng, Chunyi and Yuan, Zengwen and Li, Yuanjie and Lu, Songwu and Wang, Xinbing}, title = {Insecurity of Voice Solution VoLTE in LTE Mobile Networks}, booktitle = {Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security}, series = {CCS '15}, year = {2015}, isbn = {978-1-4503-3832-5}, location = {Denver, Colorado, USA}, pages = {316--327}, numpages = {12}, url = {http://doi.acm.org/10.1145/2810103.2813618}, doi = {10.1145/2810103.2813618}, acmid = {2813618}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {LTE, attack, cellular networks, defense, volte},}

Multiple-Input Multiple-Output (MIMO) technology has become an efficient way to improve the capacity and reliability of wireless networks. Traditional MIMO schemes are designed mainly for the scenario of contiguous spectrum ranges. However, in cognitive radio networks, the available spectrum is discontiguous, making traditional MIMO schemes inefficient for spectrum usage. This motivates the design of new MIMO schemes that apply to networks with discontiguous spectrum ranges. In this paper, we propose a scheme called VSMC MIMO, which enables MIMO nodes to transmit variable numbers of streams in multiple discontinuous spectrum ranges. This scheme can largely improve the spectrum utilization and meanwhile maintain the same spatial multiplexing and diversity gains as traditional MIMO schemes. To implement this spectral-efficient scheme on cooperative MIMO relays in cognitive radio networks, we propose a joint relay selection and spectrum allocation algorithm and a corresponding MAC protocol for the system. We also build a testbed by the Universal Software Radio Peripherals (USRPs) to evaluate the performances of the proposed scheme in practical networks. The experimental results show that VSMC MIMO can efficiently utilize the discontiguous spectrum and greatly improve the throughput of cognitive radio networks.

@inproceedings{7218599, author={Chao Kong and Zengwen Yuan and Xushen Han and Feng Yang and Xinbing Wang and Tao Wang and Songwu Lu}, booktitle={2015 IEEE Conference on Computer Communications (INFOCOM)}, title={VSMC MIMO: A spectral efficient scheme for cooperative relay in cognitive radio networks}, year={2015}, pages={2137-2145}, keywords={MIMO communication;access protocols;cognitive radio;cooperative communication;diversity reception;multiplexing;radio spectrum management;relay networks (telecommunication);software radio;telecommunication network reliability;MAC protocol;USRP;VSMC MIMO scheme;cognitive radio network;contiguous spectrum range;cooperative relay;diversity gain;joint relay selection and spectrum allocation algorithm;multiple discontiguous spectrum range;multiple input multiple output technology;spatial multiplexing;spectral efficient scheme;spectrum utilization;universal software radio peripheral;wireless network reliability;Antennas;Cognitive radio;MIMO;Receivers;Relays;Resource management;Throughput}, doi={10.1109/INFOCOM.2015.7218599}, month={April},}

MobileInsight is a software tool that collects, analyzes and exploits runtime, fine-grained cellular network information over commodity phones. It is our first step to help developers and researchers understand the closed, large-scale cellular network system. It exposes the below-IP protocol messages to the user space, provides protocol analysis, and offers APIs for mobile applications to obtain low-level network information. We have built showcases to illustrate how MobileInsight can be applied to cellular network research.

@article{Li:2017:MAC:3103535.3103548, author = {Li, Yuanjie and Peng, Chunyi and Yuan, Zengwen and Deng, Haotian and Li, Jiayao and Wang, Tao}, title = {MobileInsight: Analyzing Cellular Network Information on Smartphones}, journal = {GetMobile: Mobile Comp. and Comm.}, issue_date = {March 2017}, volume = {21}, number = {1}, month = may, year = {2017}, issn = {2375-0529}, pages = {39--42}, numpages = {4}, url = {http://doi.acm.org/10.1145/3103535.3103548}, doi = {10.1145/3103535.3103548}, acmid = {3103548}, publisher = {ACM}, address = {New York, NY, USA}, }

This paper presents a secure communication application called DiscoverFriends. Its purpose is to securely communicate to a group of online friends while bypassing their respective social networking servers under a mobile ad hoc network environment. DiscoverFriends leverages Bloom filters and a hybrid encryption technique with a self-organized public-key management scheme to securely identify friends and provide authentication. Additionally, DiscoverFriends enables anonymous location check-ins by utilizing a new cryptographic primitive called Function Secret Sharing. Finally, to the best of our knowledge, DiscoverFriends implements and evaluates the first Android multi-hop WiFi Direct protocol using IPv6.

@article {WCM:WCM2708, author = {Joy, Joshua and Chung, Eric and Yuan, Zengwen and Li, Jiayao and Zou, Leqi and Gerla, Mario}, title = {DiscoverFriends: secure social network communication in mobile ad hoc networks}, journal = {Wireless Communications and Mobile Computing}, volume = {16}, number = {11}, issn = {1530-8677}, url = {http://dx.doi.org/10.1002/wcm.2708}, doi = {10.1002/wcm.2708}, pages = {1401--1413}, keywords = {mobile communication, ad hoc networks, social computing, security}, year = {2016}, note = {wcm.2708}, }