Your search keyword '"Golam Kayas"' showing total 5 results

1. CATComp: A Compression-Aware Authorization Protocol for Resource-Efficient Communications in IoT Networks

Author

Golam Kayas, S. M. Riazul Islam, Ragib Hasan, Jamie Payton, Mahmud Hossain, and Yasser Karim

Subjects

Computer Networks and Communications, Computer science, business.industry, Authorization, Computer Science Applications, Resource (project management), Hardware and Architecture, Compression (functional analysis), Signal Processing, business, Internet of Things, Protocol (object-oriented programming), Information Systems, Computer network

Published

2022

2. SUPnP: Secure Access and Service Registration for UPnP-Enabled Internet of Things

Author

Golam Kayas, S. M. Riazul Islam, Jamie Payton, and Mahmud Hossain

Subjects

Service (systems architecture), Computer Networks and Communications, Computer science, business.industry, Access method, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Computer security model, Computer Science Applications, Protocol stack, Hardware and Architecture, Signal Processing, Universal Plug and Play, Overhead (computing), business, Protocol (object-oriented programming), Information Systems, Buffer overflow, Computer network

Abstract

The service-oriented nature of the Universal Plug-and-Play (UPnP) protocol supports the creation of flexible, open, and dynamic systems. As such, it is widely used in Internet-of-Things (IoT) deployments. However, the protocol’s service access mechanism does not consider security from the first principles and is therefore vulnerable to various attacks. In this article, we present an in-depth analysis of the service advertisement, discovery, and access methods of the UPnP protocol stack and identify security issues in an IoT network. Our analysis shows that adversaries can perform resource exhaustion, buffer overflow, reflection, and amplification attacks by exploiting the vulnerabilities of the UPnP protocol. To address these issues, we propose a capability-based security model for UPnP to ensure secure discovery, advertisement, and access of the UPnP services that considers the resource limitations of IoT devices. Our analysis shows the effectiveness of the proposed model against potential attacks, and our experimental evaluation highlights the feasibility of implementing our Secure UPnP (SUPnP) protocol in a network of IoT devices, incurring minimal network and performance overhead.

Published

2021

3. An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions

Author

Mahmud Hossain, Golam Kayas, Jamie Payton, and S. M. Riazul Islam

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, business.industry, Rapid expansion, Computer science, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Domain (software engineering), 020204 information systems, Universal Plug and Play, 0202 electrical engineering, electronic engineering, information engineering, Internet of Things, business, Communications protocol, Cryptography and Security (cs.CR), Protocol (object-oriented programming), computer

Abstract

Advances in the development and increased availability of smart devices ranging from small sensors to complex cloud infrastructures as well as various networking technologies and communication protocols have supported the rapid expansion of Internet of Things deployments. The Universal Plug and Play (UPnP) protocol has been widely accepted and used in the IoT domain to support interactions among heterogeneous IoT devices, in part due to zero configuration implementation which makes it feasible for use in large-scale networks. The popularity and ubiquity of UPnP to support IoT systems necessitate an exploration of security risks associated with the use of the protocol for IoT deployments. In this work, we analyze security vulnerabilities of UPnP-based IoT systems and identify attack opportunities by the adversaries leveraging the vulnerabilities. Finally, we propose prospective solutions to secure UPnP-based IoT systems from adversarial operations.

Published

2020

4. VSDM: A Virtual Service Device Management Scheme for UPnP-Based IoT Networks

Author

Golam Kayas, Mahmud Hossain, Jamie Payton, and S. M. Riazul Islam

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Scheme (programming language), Service (systems architecture), business.industry, Computer science, 010401 analytical chemistry, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, 0104 chemical sciences, Computer Science - Networking and Internet Architecture, Universal Plug and Play, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Delegation (computing), Internet of Things, business, Protocol (object-oriented programming), computer, computer.programming_language, Computer network

Abstract

The ubiquitous nature of IoT devices has brought new and exciting applications in computing and communication paradigms. Due to its ability to enable auto-configurable communication between IoT devices, pervasive applications, and remote clients, the use of the Universal Plug and Play (UPnP) protocol is widespread. However, the advertisement and discovery mechanism of UPnP incurs significant overhead on resource-constrained IoT devices. In this paper, we propose a delegation-based approach that extends the UPnP protocol by offloading the service advertisement and discovery-related overhead from resource-limited IoT devices to the resource-rich neighbours of a UPnP-enabled IoT network. Our experimental evaluations demonstrate that the proposed scheme shows significant improvement over the basic UPnP, reducing energy consumption and network overhead.

Published

2020

5. A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples

Author

Qiang Zeng, Chiu C. Tan, Chenglong Fu, Xiaojiang Du, Jianhai Su, Jie Wu, Lannan Luo, and Golam Kayas

Subjects

Image domain, business.industry, Computer science, Transferability, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Machine learning, computer.software_genre, Adversarial system, Trustworthiness, 0202 electrical engineering, electronic engineering, information engineering, N-version programming, Artificial intelligence, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Classifier (UML), computer

Abstract

Adversarial examples (AEs) are crafted by adding human-imperceptible perturbations to inputs such that a machine-learning based classifier incorrectly labels them. They have become a severe threat to the trustworthiness of machine learning. While AEs in the image domain have been well studied, audio AEs are less investigated. Recently, multiple techniques are proposed to generate audio AEs, which makes countermeasures against them urgent. Our experiments show that, given an audio AE, the transcription results by Automatic Speech Recognition (ASR) systems differ significantly (that is, poor transferability), as different ASR systems use different architectures, parameters, and training datasets. Based on this fact and inspired by Multiversion Programming, we propose a novel audio AE detection approach MVP-Ears, which utilizes the diverse off-the-shelf ASRs to determine whether an audio is an AE. We build the largest audio AE dataset to our knowledge, and the evaluation shows that the detection accuracy reaches 99.88%. While transferable audio AEs are difficult to generate at this moment, they may become a reality in future. We further adapt the idea above to proactively train the detection system for coping with transferable audio AEs. Thus, the proactive detection system is one giant step ahead of attackers working on transferable AEs.

Published

2019