My research interests span multiple areas, including Censorship, Cybersecurity, Network, Privacy. I would like to discuss about censorship circumventions, zero-trust security, zero-knowledge proof, hardware security and general cybersecurity topics.

Censorship

When I talk about censorship I mainly refer to the censorship that happens in the cyberspace. I believe censorship is harmful overall. First it discourages people from getting enough informations that comes from different sources and viewpoints, therefore amplifies the ignorance. And Censorship may make people more vulnerable to false information by having less exposure to fake news. More importantly censorship will put the crowd under governments full-control. A biased government could simply use its propaganda to manipulate the entire population under its ruling when censorship coverage is considered complete.

While governments seek to expand their influence in the cyberspace, netizens should be aware of these potential risks brought in by their governments.

This is one of the major research fields of mine. I think my interest in censorship (and especially its circumventions) could be largely based on the fact that I am from the most CENSORED country in the world (yeah you know it).

Hardware Security

Modern computers could be vulnerable in hardware level. And some hardwares created to provide security functionalities could be insecured itself.

Hardware security has been receiving more and more attention since we suffered from Meltdown and Spectre, which is good. But yet it requires more attention and the idea of hardware security should be shared among every Computer Engineer.

Zero-trust Security and Zero-knowledge Prooof

First to be clear, these two fields are 2 distinguished, separate research fields. The only reason they are put together is that I do think they could be combined for a more robust access control model.

Trust is vulnerable, I don’t remember who said that. But it is true. Any non-volatile trust credentials could be stolen by an attacker and after that it would be challenging to distinguish a stolen credential from an untainted one.

But adding more authentication doesn’t help that much. The attacker, once obtain the ownership of the authentication factor, could easily authenticate as the user. For example, a man-in-the-middle(MITM) could easily intercept the password used to login as the user. To be honest, the trust established based on the fact that the other party has a certain text phrase (so-called password) isn’t wise. But if the authentication process contains knowledge, then it may be intercepted by someone listening.

So the idea is quite clear that the Zero-trust Security should be guarded by Zero-knowledge Proof in order to be practical and complete.