Wildflower superbloom at Antelope Valley California Poppy Reserve, 2017
Previously: at Cadillac Mt, Acadia NP.

Zengwen Yuan
Ph.D. Candidate in Computer Science at UCLA

3277 Boelter Hall
Computer Science Department
University of California, Los Angeles
Los Angeles, CA 90095

Email: zyuan [at] cs.ucla.edu

I am a Ph.D. candidate in Computer Science at the University of California, Los Angeles, advised by Prof. Songwu Lu. I am a member of the Wireless Networking Group (WiNG) at UCLA. I received B.S. from Shanghai Jiao Tong University, under the supervision of Prof. Xinbing Wang.

My research interests include: 5G cellular networks, mobile computing, wireless networking, and security. You can find my CV here. Google Scholar

What's New

October 2017
Tick won the MobiCom 2017 Best Community Paper Award!
October 2017
Our paper on analyzing cloud service dependency analysis using LSTM is accepted by IEEE BigData 2017.
September 2017
MobileInsight 3.1 is released.
September 2017
Checkout our 1-min introduction videos from our newest MobiCom'17 work: Tick and DPCM.
June 2017
MobileInsight 3.0 is released! Checkout our new website and GitHub repos!
June 2017
I passed Oral Qualifying Exam and am now a Ph.D. candidate.
June 2017
New works accepted to ACM MobiCom'17: reducing LTE control plane latency (DPCM), programmable low-latency SDR system (Tick).
January 2017
I passed the Written Qualifying Exam in the Fall 2016 quarter.
October 2016
MobileInsight won the MobiCom 2016 Best Community Paper Award.
June 2016
I started my internship at IBM T. J. Watson Research Center.
June 2016
MobileInsight is accepted to ACM MobiCom '16.
May 2016
DiscoverFriends to appear in Wireless Communications and Mobile Computing. [Code Release] [Media Coverage]
April 2016
MobileInsight 2.0 stable version is released.
December 2015
iCellular is accepted to USENIX NSDI '16; VoLTE* is accepted to ACM HotMobile '16.
October 2015
Media coverage of our VoLTE work:
The Verge: Researchers discover new attacks amid VoLTE rollout
RCRWireless News: Researchers hack VoLTE, get free data
September 2015
I moved to Los Angeles and started my Ph.D. study at UCLA!
August 2015
"Insecurity of Voice Solution VoLTE in LTE Mobile Networks" accepted to ACM CCS '15.
July 2015
I graduated (with Honors) from Shanghai Jiao Tong University.

Research Highlights

DPCM

We design DPCM, which reduces data access latency through parallel processing approaches and exploiting device-side state replica. Check our latest DPCM work [MobiCom '17].

MobileInsight

MobileInsight [MobiCom '16] is a cross-platform software package for cellular network monitoring and analysis on end device..

iCellular
iCellular [NSDI '16] provides customized multi-carrier cellular network access on end devices. It supports Google Project Fi (Nexus 6P, 6, and 5X). Code will be released soon.

Publications

Conference Papers

C9

A Control-Plane Perspective on Reducing Data Access Latency in LTE Networks MobiCom '17

Yuanjie Li*, Zengwen Yuan*, Chunyi Peng (*: co-primary authors)
Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking (MobiCom '17), acceptance rate: 35/189 = 18.5%

Control-plane operations are indispensable to providing data access to mobile devices in the 4G LTE networks. They provision necessary control states at the device and network nodes to enable data access. However, the current design may suffer from long data access latency even under good radio conditions. The fundamental problem is that, data-plane packet delivery cannot start or resume until all control-plane procedures are completed, and these control procedures run sequentially by design at the device and network nodes. In this work, we show both are more than necessary under popular usage cases. We design DPCM, which reduces data access latency through parallel processing approaches and exploiting device-side state replica. We implement DPCM and validate its effectiveness with extensive evaluations.
@inproceedings{Li:2017:CPR:3117811.3117838, author = {Li, Yuanjie and Yuan, Zengwen and Peng, Chunyi}, title = {A Control-Plane Perspective on Reducing Data Access Latency in LTE Networks}, booktitle = {Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking}, series = {MobiCom '17}, year = {2017}, isbn = {978-1-4503-4916-1}, location = {Snowbird, Utah, USA}, pages = {56--69}, numpages = {14}, url = {http://doi.acm.org/10.1145/3117811.3117838}, doi = {10.1145/3117811.3117838}, acmid = {3117838}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {4G/5G network, control plane, device-side state replica, latency, parallel processing}, }
C8

The Tick Programmable Low-Latency SDR System MobiCom '17

Haoyang Wu, Tao Wang, Zengwen Yuan, Chunyi Peng, Zhiwei Li, Zhaowei Tan, Boyan Ding, Xiaoguang Li, Yuanjie Li, Jun Liu, and Songwu Lu
Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking (MobiCom '17), acceptance rate: 35/189 = 18.5%
Best Community Paper Award

Tick is a new SDR system that provides programmability and ensures low latency at both PHY and MAC. It supports modular design and element-based programming, similar to the Click router framework. It uses an accelerator-rich architecture, where an embedded processor executes control flows and handles various MAC events. User-defined accelerators offload those tasks, which are either computation-intensive or communication-heavy, or require fine-grained timing control, from the processor, and accelerate them in hardware. Tick applies a number of hardware and software co-design techniques to ensure low latency, including multi-clock-domain pipelining, field-based processing pipeline, separation of data and control flows, etc. We have implemented Tick and validated its effectiveness through extensive evaluations as well as two prototypes of 802.11ac SISO/MIMO and 802.11a/g full-duplex.
@inproceedings{Wu:2017:TPL:3117811.3117834, author = {Wu, Haoyang and Wang, Tao and Yuan, Zengwen and Peng, Chunyi and Li, Zhiwei and Tan, Zhaowei and Ding, Boyan and Li, Xiaoguang and Li, Yuanjie and Liu, Jun and Lu, Songwu}, title = {The Tick Programmable Low-Latency SDR System}, booktitle = {Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking}, series = {MobiCom '17}, year = {2017}, isbn = {978-1-4503-4916-1}, location = {Snowbird, Utah, USA}, pages = {101--113}, numpages = {13}, url = {http://doi.acm.org/10.1145/3117811.3117834}, doi = {10.1145/3117811.3117834}, acmid = {3117834}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {802.11, 802.11ac, MAC, PHY, full-duplex, low latency, programmability, software-defined radio}, }
C7

Towards Automated Intelligence in 5G Systems ICCCN '17

Haotian Deng, Qianru Li, Yuanjie Li, Songwu Lu, Chunyi Peng, Taqi Raza, Zhaowei Tan, Zengwen Yuan, Zhehui Zhang (in alphabetical order)
Proceedings of the 26th International Conference on Computer Communications and Networks (ICCCN '17)

In this paper, we call for a paradigm shift away from the wireless-access focused research efforts on 5G networked systems. We believe that the architectural limitations should share equal blame on issues of performance, reliability, and security. We thus identify architectural weakness on both sides of the mobile clients and the 4G network infrastructure. Our recent findings show that, contrary to commonly held perceptions, many design and operational issues arise not due to poor wireless link qualities. Instead, they are rooted in such architectural downsides. To address these issues, we further propose a new approach of enabling automated intelligence inside the 4G/5G network systems. We next describe our ongoing efforts along two dimensions: empowering date-driven smart clients and constructing verifiable network infrastructure. We report some early results and discuss possible next steps.
@inproceedings{8038472, author={Haotian Deng and Qianru Li and Yuanjie Li and Songwu Lu and Chunyi Peng and Taqi Raza and Zhaowei Tan and Zengwen Yuan and Zhehui Zhang}, booktitle={2017 26th International Conference on Computer Communication and Networks (ICCCN)}, title={Towards Automated Intelligence in 5G Systems}, year={2017}, volume={}, number={}, pages={1-9}, keywords={Communication system security;Internet;Mobile communication;Mobile computing;Protocols;Switches;Wireless communication}, doi={10.1109/ICCCN.2017.8038472}, ISSN={}, month={July},}
C6

MobileInsight: Extracting and Analyzing Cellular Network Information on Smartphones MobiCom '16

Yuanjie Li, Chunyi Peng, Zengwen Yuan, Jiayao Li, Haotian Deng, Tao Wang
Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking (MobiCom '16), acceptance rate: 32/226 = 14.2%
Best Community Paper Award

We design and implement MobileInsight, a software tool that collects, analyzes and exploits runtime network information from operational cellular networks. MobileInsight runs on commercial off-the-shelf phones without extra hardware or additional support from operators. It exposes protocol messages on both control plane and (below IP) data plane from the 3G/4G chipset. It provides in-device protocol analysis and operation logic inference. It further offers a simple API, through which developers and researchers obtain access to low-level network information for their mobile applications. We have built three showcases to illustrate how MobileInsight is applied to cellular network research.
@inproceedings{Li:2016:MEA:2973750.2973751, author = {Li, Yuanjie and Peng, Chunyi and Yuan, Zengwen and Li, Jiayao and Deng, Haotian and Wang, Tao}, title = {Mobileinsight: Extracting and Analyzing Cellular Network Information on Smartphones}, booktitle = {Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking}, series = {MobiCom '16}, year = {2016}, isbn = {978-1-4503-4226-1}, location = {New York City, New York}, pages = {202--215}, numpages = {14}, url = {http://doi.acm.org/10.1145/2973750.2973751}, doi = {10.1145/2973750.2973751}, acmid = {2973751}, publisher = {ACM}, address = {New York, NY, USA}, }
C5

CAP on Mobility Control for 4G LTE Networks HotWireless '16

Yuanjie Li, Zengwen Yuan, Chunyi Peng, Songwu Lu
Proceedings of the 3rd Workshop on Hot Topics in Wireless (ACM HotWireless '16), invited paper

The CAP theorem exposes the fundamental tradeoffs among three key properties of strong consistency, availability and partition tolerance in distributed networked systems. In this position paper, we take the CAP perspective on 4G mobility control. We view the control-plane management for mobility support as a distributed signaling system. We show that the impossibility result of the CAP theorem also holds for mobility control: It is impossible for any mobility control to guarantee sequential consistency, high service availability, and partition tolerance simultaneously. Unfortunately, the current 4G system adopts its mobility scheme with the notion of sequential consistency. Our empirical study further confirms that, the incurred data unavailability (i.e., data service suspension) time is comparable to that induced by wireless connectivity setup. We argue that the desirable mobility control for the upcoming 5G networks should take a paradigm shift. We discuss our early effort on re-examining the consistency notion for higher availability and fault tolerance.
@inproceedings{Li:2016:CMC:2980115.2980120, author = {Li, Yuanjie and Yuan, Zengwen and Peng, Chunyi and Lu, Songwu}, title = {CAP on Mobility Control for 4G LTE Networks}, booktitle = {Proceedings of the 3rd Workshop on Hot Topics in Wireless}, series = {HotWireless '16}, year = {2016}, isbn = {978-1-4503-4251-3}, location = {New York City, New York}, pages = {33--37}, numpages = {5}, url = {http://doi.acm.org/10.1145/2973750.2980120}, doi = {10.1145/2973750.2980120}, acmid = {2980120}, publisher = {ACM}, address = {New York, NY, USA}, }
C4

iCellular: Device-Customized Cellular Network Access on Commodity Smartphones NSDI '16

Yuanjie Li, Haotian Deng, Chunyi Peng, Zengwen Yuan, Guan-Hua Tu, Jiayao Li, Songwu Lu
Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI '16), acceptance rate: 45/228 = 19.7%

Exploiting multi-carrier access offers a promising direction to boost access quality in mobile networks. However, our experiments show that, the current practice does not achieve the full potential of this approach because it has not utilized fine-grained, cellular-specific domain knowledge. In this work, we propose iCellular, which exploits low-level cellular information at the device to improve multi-carrier access. Specifically, iCellular is proactive and adaptive in its multi-carrier selection by leveraging existing end-device mechanisms and standards-complaint procedures. It performs adaptive monitoring to ensure responsive selection and minimal service disruption, and enhances carrier selection with online learning and runtime decision fault prevention. It is readily deployable on smartphones without infrastructure/hardware modifications. We implement iCellular on commodity phones and harness the efforts of Project Fi to assess multi-carrier access over two US carriers: T-Mobile and Sprint. Our evaluation shows that, iCellular boosts the devices with up to 3.74x throughput improvement, 6.9x suspension reduction, and 1.9x latency decrement over the state-of-the-art selection scheme, with moderate CPU, memory and energy overheads.
@inproceedings {194982, title = {iCellular: Device-Customized Cellular Network Access on Commodity Smartphones}, booktitle = {13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)}, year = {2016}, month = Mar, address = {Santa Clara, CA}, url = {https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/li-yuanjie}, publisher = {USENIX Association}, }
C3

VoLTE*: A Lightweight Voice Solution to 4G LTE Networks HotMobile '16

Guan-Hua Tu, Chi-Yu Li, Chunyi Peng, Zengwen Yuan, Yuanjie Li, Xiaohu Zhao, Songwu Lu
Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications (HotMobile '16), acceptance rate: 18/55 = 32.7%

VoLTE is the designated voice solution to the LTE network. Its early deployment is ongoing worldwide. In this work, we report an assessment on VoLTE. We show that VoLTE offers no categorically better quality than popular VoIP applications in all tested scenarios except some congested scenarios. Given the high cost on infrastructure upgrade, we argue that VoLTE, in its current form, might not warrant the deployment effort. We sketch VoLTE*, a lightweight voice solution from which all parties of users, LTE carriers, and VoIP service providers may benefit.
@inproceedings{Tu:2016:VLV:2873587.2873604, author = {Tu, Guan-Hua and Li, Chi-Yu and Peng, Chunyi and Yuan, Zengwen and Li, Yuanjie and Zhao, Xiaohu and Lu, Songwu}, title = {VoLTE*: A Lightweight Voice Solution to 4G LTE Networks}, booktitle = {Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications}, series = {HotMobile '16}, year = {2016}, isbn = {978-1-4503-4145-5}, location = {St. Augustine, Florida, USA}, pages = {3--8}, numpages = {6}, url = {http://doi.acm.org/10.1145/2873587.2873604}, doi = {10.1145/2873587.2873604}, acmid = {2873604}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {cellular networks, voice, volte*}, }
C2

Insecurity of Voice Solution VoLTE in LTE Mobile Networks CCS '15

Chi-Yu Li, Guan-Hua Tu, Chunyi Peng, Zengwen Yuan, Yuanjie Li, Songwu Lu, Xinbing Wang
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15), acceptance rate: 128/646 = 19.8%

VoLTE (Voice-over-LTE) is the designated voice solution to the LTE mobile network, and its worldwide deployment is underway. It reshapes call services from the traditional circuit-switched telecom telephony to the packet-switched Internet VoIP. In this work, we conduct the first study on VoLTE security before its full rollout. We discover several vulnerabilities in both its control-plane and data-plane functions, which can be exploited to disrupt both data and voice in operational networks. In particular, we find that the adversary can easily gain free data access, shut down continuing data access, or subdue an ongoing call, etc. We validate these proof-of-concept attacks using commodity smartphones (rooted and unrooted) in two Tier-1 US mobile carriers. Our analysis reveals that, the problems stem from both the device and the network. The device OS and chipset fail to prohibit non-VoLTE apps from accessing and injecting packets into VoLTE control and data planes. The network infrastructure also lacks proper access control and runtime check.
@inproceedings{Li:2015:IVS:2810103.2813618, author = {Li, Chi-Yu and Tu, Guan-Hua and Peng, Chunyi and Yuan, Zengwen and Li, Yuanjie and Lu, Songwu and Wang, Xinbing}, title = {Insecurity of Voice Solution VoLTE in LTE Mobile Networks}, booktitle = {Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security}, series = {CCS '15}, year = {2015}, isbn = {978-1-4503-3832-5}, location = {Denver, Colorado, USA}, pages = {316--327}, numpages = {12}, url = {http://doi.acm.org/10.1145/2810103.2813618}, doi = {10.1145/2810103.2813618}, acmid = {2813618}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {LTE, attack, cellular networks, defense, volte},}
C1

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks INFOCOM '15

Chao Kong, Zengwen Yuan, Xushen Han, Feng Yang, Xinbing Wang, Tao Wang, Songwu Lu
2015 IEEE Conference on Computer Communications (INFOCOM '15), acceptance rate: 316/1640 = 19.3%

Multiple-Input Multiple-Output (MIMO) technology has become an efficient way to improve the capacity and reliability of wireless networks. Traditional MIMO schemes are designed mainly for the scenario of contiguous spectrum ranges. However, in cognitive radio networks, the available spectrum is discontiguous, making traditional MIMO schemes inefficient for spectrum usage. This motivates the design of new MIMO schemes that apply to networks with discontiguous spectrum ranges. In this paper, we propose a scheme called VSMC MIMO, which enables MIMO nodes to transmit variable numbers of streams in multiple discontinuous spectrum ranges. This scheme can largely improve the spectrum utilization and meanwhile maintain the same spatial multiplexing and diversity gains as traditional MIMO schemes. To implement this spectral-efficient scheme on cooperative MIMO relays in cognitive radio networks, we propose a joint relay selection and spectrum allocation algorithm and a corresponding MAC protocol for the system. We also build a testbed by the Universal Software Radio Peripherals (USRPs) to evaluate the performances of the proposed scheme in practical networks. The experimental results show that VSMC MIMO can efficiently utilize the discontiguous spectrum and greatly improve the throughput of cognitive radio networks.
@inproceedings{7218599, author={Chao Kong and Zengwen Yuan and Xushen Han and Feng Yang and Xinbing Wang and Tao Wang and Songwu Lu}, booktitle={2015 IEEE Conference on Computer Communications (INFOCOM)}, title={VSMC MIMO: A spectral efficient scheme for cooperative relay in cognitive radio networks}, year={2015}, pages={2137-2145}, keywords={MIMO communication;access protocols;cognitive radio;cooperative communication;diversity reception;multiplexing;radio spectrum management;relay networks (telecommunication);software radio;telecommunication network reliability;MAC protocol;USRP;VSMC MIMO scheme;cognitive radio network;contiguous spectrum range;cooperative relay;diversity gain;joint relay selection and spectrum allocation algorithm;multiple discontiguous spectrum range;multiple input multiple output technology;spatial multiplexing;spectral efficient scheme;spectrum utilization;universal software radio peripheral;wireless network reliability;Antennas;Cognitive radio;MIMO;Receivers;Relays;Resource management;Throughput}, doi={10.1109/INFOCOM.2015.7218599}, month={April},}

Journal Article

J2

MobileInsight: Analyzing Cellular Network Information on Smartphones GetMobile

Yuanjie Li, Chunyi Peng, Zengwen Yuan, Haotian Deng, Jiayao Li, Tao Wang
GetMobile: Mobile Computing and Communications, Volume 21 Issue 1 (March 2017): 39--42.

MobileInsight is a software tool that collects, analyzes and exploits runtime, fine-grained cellular network information over commodity phones. It is our first step to help developers and researchers understand the closed, large-scale cellular network system. It exposes the below-IP protocol messages to the user space, provides protocol analysis, and offers APIs for mobile applications to obtain low-level network information. We have built showcases to illustrate how MobileInsight can be applied to cellular network research.
@article{Li:2017:MAC:3103535.3103548, author = {Li, Yuanjie and Peng, Chunyi and Yuan, Zengwen and Deng, Haotian and Li, Jiayao and Wang, Tao}, title = {MobileInsight: Analyzing Cellular Network Information on Smartphones}, journal = {GetMobile: Mobile Comp. and Comm.}, issue_date = {March 2017}, volume = {21}, number = {1}, month = may, year = {2017}, issn = {2375-0529}, pages = {39--42}, numpages = {4}, url = {http://doi.acm.org/10.1145/3103535.3103548}, doi = {10.1145/3103535.3103548}, acmid = {3103548}, publisher = {ACM}, address = {New York, NY, USA}, }
J1

DiscoverFriends: Secure Social Network Communication in Mobile Ad Hoc Networks WCMC

Joshua Joy, Eric Chung, Zengwen Yuan, Leqi Zou, Jiayao Li, Mario Gerla
Wireless Communications and Mobile Computing 16, no. 11 (2016): 1401--1413.

This paper presents a secure communication application called DiscoverFriends. Its purpose is to securely communicate to a group of online friends while bypassing their respective social networking servers under a mobile ad hoc network environment. DiscoverFriends leverages Bloom filters and a hybrid encryption technique with a self-organized public-key management scheme to securely identify friends and provide authentication. Additionally, DiscoverFriends enables anonymous location check-ins by utilizing a new cryptographic primitive called Function Secret Sharing. Finally, to the best of our knowledge, DiscoverFriends implements and evaluates the first Android multi-hop WiFi Direct protocol using IPv6.
@article {WCM:WCM2708, author = {Joy, Joshua and Chung, Eric and Yuan, Zengwen and Li, Jiayao and Zou, Leqi and Gerla, Mario}, title = {DiscoverFriends: secure social network communication in mobile ad hoc networks}, journal = {Wireless Communications and Mobile Computing}, volume = {16}, number = {11}, issn = {1530-8677}, url = {http://dx.doi.org/10.1002/wcm.2708}, doi = {10.1002/wcm.2708}, pages = {1401--1413}, keywords = {mobile communication, ad hoc networks, social computing, security}, year = {2016}, note = {wcm.2708}, }

Teaching

CS 211
Network Protocol and Systems Software Design for Wireless and Mobile — Discussion 1, Fall 2017
CS 118
Computer Network Fundamentals — Discussion 1A, Winter 2017; Discussion 1C, Spring 2017
CS 31
Introduction to Computer Science — Discussion 1A, Fall 2016

Media Coverage

OSU CSE
Best community paper award at MobiCom 2016
The Stack
New wi-fi-based network keeps Facebook servers at bay
The Verge
Researchers discover new attacks amid VoLTE rollout
RCRWireless
Researchers hack VoLTE, get free data

Softwares

MobileInsight

MobileInsight spurs in-phone mobile network intelligence. It provides both mobile app and desktop version to sheds lights on mobile network to end users. MobileInsight is free and publicly available on GitHub. Check our official website for details.

Multi-hop
WiFi Direct

Multi-hop WiFi Direct provides an easy way to form multiple groups without external WiFi AP or Bluetooth. It is an ideal implementation platform for research of mobile ad hoc network (MANET), vehicular ad hoc network (VANET) or other related areas. Check our code release page and YouTube demo for more details. More features and routing algorithms are being added and will be included in the future release.

AceMap

AceMap is my undergraduate thesis work supervised by Prof. Xinbing Wang. It is an academic search system visualizing the relations of papers, topics and authors based on a large corpora of paper metadata. I was fortunate to work with Zhaowei Tan, Jiaming Shen, and Yunqi Guo to build the initial version of it.

Awards

October 2017
MobiCom 2017 Best Community Paper Award
October 2016
MobiCom 2016 Best Community Paper Award
September 2016
NSF Student Travel Grant
June 2015
Outstanding Graduates of Shanghai Jiao Tong University
November 2014
Shanghai Municipal Government Scholarship
December 2012
National Scholarship, Ministry of Education of China

Academic activity

Contact

Please contact me via email: base64 -d <<< "enl1YW5AY3MudWNsYS5lZHUNCg=="

Misc

If you are a Project Fi user and are not satisfied with its carrier switching performance, why not try our simple app, FiAssistant, to directly switch between T-Mobile, Sprint and U.S. Cellular? There are few other handy secret codes for you to use!

I am a big fan of classical music and I play piano in my leisure time. I also love photography and traveling. See some of the photos taken by me here.

You are the No. Web Counters th vistor of my homepage.