Search

Your search keyword '"Mahdi Aiash"' showing total 55 results
Start Over Author "Mahdi Aiash" Database OpenAIRE
55 results on '"Mahdi Aiash"'

1. An Introduction of a Modular Framework for Securing 5G Networks and Beyond

Author

Ed Kamya Kiyemba Edris, Mahdi Aiash, and Jonathan Loo

Subjects
network services, access, security, framework, device to device, communication, 5G, General Medicine
Abstract

Fifth Generation Mobile Network (5G) is a heterogeneous network in nature, made up of multiple systems and supported by different technologies. It will be supported by network services such as device-to-device (D2D) communications. This will enable the new use cases to provide access to other services within the network and from third-party service providers (SPs). End-users with their user equipment (UE) will be able to access services ubiquitously from multiple SPs that might share infrastructure and security management, whereby implementing security from one domain to another will be a challenge. This highlights a need for a new and effective security approach to address the security of such a complex system. This article proposes a network service security (NSS) modular framework for 5G and beyond that consists of different security levels of the network. It reviews the security issues of D2D communications in 5G, and it is used to address security issues that affect the users and SPs in an integrated and heterogeneous network such as the 5G enabled D2D communications network. The conceptual framework consists of a physical layer, network access, service and D2D security levels. Finally, it recommends security mechanisms to address the security issues at each level of the 5G-enabled D2D communications network.

Published
2022

2. DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Author

Jonathan Loo, Ed Kamya Kiyemba Edris, Mahdi Aiash, and Seeling, Patrick

Subjects
formal methods, Computer science, data sharing, applied pi calculus, Access control, 02 engineering and technology, 0203 mechanical engineering, network services, federated identity, ProVerif, 0202 electrical engineering, electronic engineering, information engineering, Information-security, business.industry, security protocol, 020302 automobile design & engineering, 020206 networking & telecommunications, Provisioning, General Medicine, Information security, Cryptographic protocol, Service provider, Data sharing, Cellular network, authorization, Distributed-computing, Federated identity, business, 5G, data caching, Computer-networking, Computer network
Abstract

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Published
2021

3. Modeling and verifying a resource allocation algorithm for secure service migration for commercial cloud systems

Author

Florian Kammueller, Gayathri Karthick, Mahdi Aiash, and Glenford Mapp

Subjects
Service (business), Authentication, business.industry, Computer science, Quality of service, Cloud computing, Cryptography, 02 engineering and technology, Cryptographic protocol, Computational Mathematics, Artificial Intelligence, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Resource allocation, 020201 artificial intelligence & image processing, business, Key exchange, Computer network
Abstract

Cloud computing is the delivery of on‐demand computing resources. It shares the resources or provides vir‐utilization that enables single user to access various Cloud services such as CPU, memory, storage devices, network, and so on. However, more commercial cloud services offered by several cloud service providers (CSPs) are available in the market place. Most CSPs must, therefore, deal with the dynamic resource allocation where the mobile services are migrating from one cloud to another cloud environment to provide heterogeneous resources based on user needs. There is still a lack of heuristics that are able to check requested resources and available resources to allocate and deallocate before it begins the secure service migration. We proposed a resource allocation security protocol that allows resources to be allocated and migrated efficiently in a secure service migration between cloud infrastructures. Furthermore, formal methods can be used for protocols to verify the desired properties, detecting attacks and producing accurate outcomes. This article presents formal modeling and verification of this abstract protocol using ProVerif cryptographic tool to validate the security properties such as secrecy of resources, authentication from both parties and key exchange in order to securely migrate resources in commercial cloud environments.

Published
2021

5. Formal verification of authentication and service authorization protocols in 5G-enabled device-to-device communications using ProVerif

Author

Jonathan Loo, Mahdi Aiash, and Ed Kamya Kiyemba Edris

Subjects
Security analysis, formal methods, TK7800-8360, Computer Networks and Communications, Computer science, Access control, D2D, 02 engineering and technology, Cyber-security, Encryption, ProVerif, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Integrated Encryption Scheme, Authentication, business.industry, security protocol, 020206 networking & telecommunications, Service provider, Cryptographic protocol, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Cellular network, authentication, authorization, 020201 artificial intelligence & image processing, Electronics, business, 5G, Computer network
Abstract

Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols.

Published
2021

6. Security in Network Services Delivery for 5G Enabled D2D Communications: Challenges and Solutions

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects
Security analysis, User equipment, Computer science, business.industry, Service delivery framework, Network service, Cellular network, Service discovery, Core network, Service provider, business, Computer network
Abstract

Due to the increasing data traffic in mobile network, fifth generation (5G) will use Device to Device (D2D) communications as the underlay technology to offload traffic from the 5G core network (5GC) and push content to the edge closer to the users by taking advantage of proximity and storage features of User Equipment (UE). This will be supported by Networks Services (NS) provided by 5G, it will also enable new use cases that will provide the accessibility to other services in the Home network (HN) and third-party service provider (SP). Mobile Network Operators (MNO) will use NS such as D2D communications and content-centric networking (CCN) to deliver content-based services efficiently to UE. Both D2D and CCN have known security issues and their integration brings new security challenges. In this article, we present an integrated network service delivery (NSD) framework for 5G enabled D2D communications that leverages on NS for service discovery, content delivery, and protection of data. We also present a comprehensive investigation of security and privacy in D2D communications and service-oriented network, highlighting the vulnerabilities and threats on the network. We also evaluate the security requirements of NSD to deliver NS securely to D2D users based on X.805 security framework using the eight security dimensions and level abstraction approach for a systematic and comprehensive approach. Finally, we recommend security solution approaches for the secure NS access and sharing of data between users in 5G enabled D2D communications network.

Published
2021

7. Formal verification and analysis of primary authentication based on 5G-AKA protocol

Author

Mahdi Aiash, Jonathan Loo, and Ed Kamya Kiyemba Edris

Subjects
Security analysis, Authentication, Computer science, 3rd Generation Partnership Project 2, Cellular network, Cryptographic protocol, Computer security, computer.software_genre, Protocol (object-oriented programming), Formal verification, computer, 5G
Abstract

Fifth generation mobile network (5G) is intended to solve future constraints for accessing network services. The user and network operator depend on security assurances provided by the Authentication and Key Agreement protocols (AKA) used. For 5G network, the AKA has been standardized and 5GAKA protocol is one of the primary authentication methods that have been defined. This paper models the protocol and provides comprehensive formal analysis on 5G-AKA protocol as specified by The Third Generation Partnership Project (3GPP) standard. Using ProVerif a security protocol verification tool, we perform a full systematic evaluation of the 5G-AKA protocol based on the latest 5G specifications. We present security assumptions and properties that assists on the analysis based on two taxonomies, we find out that some important security properties are not achieved and related work ignored some crucial protocol flaws. Finally, we make some recommendations to address the issues found by our security analysis.

Published
2020

8. The Case for Federated Identity Management in 5G Communications

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects
Authentication, Computer science, business.industry, Service provider, Computer security, computer.software_genre, Identity management, User experience design, Network service, Cellular network, Single sign-on, Federated identity, business, computer
Abstract

The heterogeneous nature of fifth generation mobile network (5G) makes the access and provision of network services very difficult and raises security concerns. With multi-users and multi-operators, Service-Oriented Authentication (SOA) and authorization mechanisms are required to provide quick access and interaction between network services. The users require seamless access to services regardless of the domain, type of connectivity or security mechanism used. Hence a need for Identity and Access Management (IAM) mechanism to complement the improved user experience promised in 5G. Federated Identity Management (FIdM) a feature of IAM, can provide a user with use Single Sign On (SSO) to access services from multiple Service Providers (SP). This addresses security requirements such as authentication, authorization and user’s privacy from the end user perspectives, however 5G networks access lacks such solution. We propose a Network Service Federated Identity (NS-FId) model that address these security requirements and complements the 5G Service-\ud Based Architecture (SBA). We present different scenarios and applications of the proposed model. We also discuss the benefits of identity management in 5G.

Published
2020

9. Network Service Federated Identity (NS- FId) Protocol for Service Authorization in 5G Network

Author

Ed Kamya Kiyemba Edris, Mahdi Aiash, and Jonathan Loo

Subjects
business.industry, Computer science, Network service, Cellular network, Single sign-on, Provisioning, Federated identity, Service provider, business, Heterogeneous network, Mobile network operator, Computer network
Abstract

Fifth generation mobile network (5G) will make network services available anywhere from multiple Service Providers (SP) and its provisioning raises security concerns. The users will require seamless connectivity and secure access to these services. Mobile Network Operator (MNO) will want to provide services to users and be able to share infrastructure resources with other MNOs. This requires robust authentication and authorization mechanisms that can provide secure access and provisioning of service to multiple users and providers in heterogeneous network. Therefore, Federated Identity (FId) with Single Sign On (SSO) could be used for seamless access and provisioning to network services in 5G. So, we propose Network Service Federated Identity (NS-FId) protocol, a federated protocol that provides secure access to services from multiple SPs and provides SSO to users. We formally verify and analyse the proposed NSFId protocol using ProVerif. We also conduct a security analysis of the protocol’s security properties.

Published
2020

10. Investigating network services abstraction in 5G enabled device-to-device (D2D) communications

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects
050101 languages & linguistics, business.industry, Computer science, 05 social sciences, 02 engineering and technology, Energy consumption, Network service, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Underlay, Latency (engineering), business, Mobile device, 5G, Computer network, Abstraction (linguistics)
Abstract

The increased demand of data rate by mobile users has led to the evolution of mobile network technologies from the fourth generation to fifth generation (5G). 5G mobile network will support various technologies that will be able to provide low latency, offload traffic and connect vertical industries. Device-to-device (D2D) communications will be used as the underlay technology for 5G network in the offloading of traffic from the cellular network and pushing content closer to the user. With D2D communication, various network services can be implemented to improve spectral efficiency and reduce energy consumption of mobile devices. This paper gives a brief overview of D2D communication and discusses different D2D applications. It proposes a network services abstraction and suggests the mapping of existing studies with the network service abstraction which can be used in the harnessing the development and implementation of D2D communication applications in 5G network. The paper also highlights possible future research for D2D communication in 5G network.

Published
2019

11. Formalization and Analysis of a Resource Allocation Security Protocol for Secure Service Migration

Author

Glenford Mapp, Gayathri Karthick, Mahdi Aiash, and Florian Kammueller

Subjects
Authentication, business.industry, Computer science, Quality of service, 020206 networking & telecommunications, 02 engineering and technology, Cryptographic protocol, Internet security, Computer security, computer.software_genre, Server, 0202 electrical engineering, electronic engineering, information engineering, Session key, 020201 artificial intelligence & image processing, business, computer, Key exchange, Cryptographic nonce
Abstract

The advent of virtual machine technology for example, VMware, and container technology, such as Docker, have made the migration of services between different Cloud Systems possible. This enables the development of mobile services that can ensure low latencies between servers and their mobile clients resulting in better QOS. Though there are many mechanisms in place to support for mobile services, a key component that is missing is the development of security protocols that allow the safe transfer of servers to different Cloud environments. In this paper, we propose a Resource Allocation Security Protocol for secure service migration. We explore two approaches; In the first approach, the protocol is developed and formally verified by Automated Validation of Internet Security Protocols and Applications tool. The protocol satisfies the security properties of secrecy and authentication. In addition, nonces are used for replay protection and to ensure freshness. In the second approach, a secure symmetrical session key is used to do the safe transfer and an automatic cryptographic protocol verifier ProVerif is employed to verify secrecy, authentication and key exchange.

Published
2018

13. Mobile femtocell utilisation in LTE vehicular environment: vehicular penetration loss elimination and performance enhancement

Author

Aboubaker Lasebae, Mahdi Aiash, Robert Colson, Rand Raheem, and Jonathan Loo

Subjects
business.industry, Computer science, Mobile computing, 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Base station, 0203 mechanical engineering, User equipment, Automotive Engineering, 0202 electrical engineering, electronic engineering, information engineering, Femtocell, Wireless, Path loss, Macrocell, Electrical and Electronic Engineering, business, Intelligent transportation system, Computer-networking, Computer network
Abstract

Mobile computing is fast becoming a vital part of everyday life in which User Equipment (UE) demand being reachable anywhere and at anytime, as they spend much time travelling from one place to another, often by trains or buses. The ultimate aim of passengers is the ability to be connected to the Internet while they are moving from one place to another with their mobile devices. Providing indoor coverage on trains and buses directly with outdoor Base Stations (BSs) may not be a good solution due to the high density of use and path losses in the LTE network. This limitation can result in poor signal quality inside the train, and offering broadband services is not always possible. Clearly improvement to broadband access on buses and trains could be achieved by installing more BSs close to railway and bus routes and terminals. However, this solution is not ideal for the Internet Service Providers (ISPs) due to the high investment needed to deploy many more BSs. In addition, such a solution will introduce additional complexity by increasing the number of Handovers (HOs). This issue has focused the research community effort on developing solutions that take advantage of the existing wireless infrastructure without increasing the number of BSs. One method being considered is the development of more efficient methods and technologies to manage the UE's mobility in seamless ways. In this paper we propose adoption of Mobile Femtocell (Mobile-Femto) technology as a solution to mitigate the Vehicular Penetration Loss (VPL) and Path Loss, with consequent improvement to the vehicular UE's performance in LTE networks. Our results, using a Matlab simulation model, showed a noticeable improvement in the achieved Ergodic capacity by 5% under a VPL of 40 dB while 90% of vehicular UEs spectral efficiency has improved by 1.3 b/cu under a VPL of 25 dB. In addition, 80% of vehicular UEs have improved their throughput and SINR by 300 kb/s and 4 dB respectively after implementing the Mobile-Femto into the Macrocell in LTE networks.

Published
2017

14. Software defined networking for wireless sensor networks: a survey

Author

Quoc-Tuan Vien, Mahdi Aiash, and Muhammad Ali Hassan

Subjects
Engineering, OpenFlow, business.industry, Distributed computing, Networking hardware, Network management, Key distribution in wireless sensor networks, Forwarding plane, General Earth and Planetary Sciences, business, Software-defined networking, Wireless sensor network, General Environmental Science, Computer network, Active networking
Abstract

One main feature of Software Defined Networking (SDN) is the basic principle of decoupling a device’s control plane from its data plane. This simplifies network management and gives network administrators a remarkable control over the network elements. As the control plane for each device within the network is now implemented on a separate controller, this reliefs individual devices from the overhead caused by complex routing. Specifically, this feature has been shown to be extremely beneficial in the case of resource-constrained Wireless Sensor Networks (WSNs). By keeping the control logic away from the low-powered nodes, the WSNs can resolve their major issues of resource underutilisation and counter-productivity. This paper highlights the importance of adopting the SDN in the WSNs as a relatively new networking paradigm. This is introduced through a comprehensive survey on relevant networking paradigms and protocols supported by a critical evaluation of the advantages and disadvantages of these mechanisms. Furthermore, open research issues and challenges are pointed out shedding a light on future innovations in this field.

Published
2017

15. Mobility management for vehicular user equipment in LTE/mobile femtocell networks

Author

Mahdi Aiash, Rand Raheem, Jonathan Loo, and Aboubaker Lasebae

Subjects
Information Systems and Management, Computer science, business.industry, Strategy and Management, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 020302 automobile design & engineering, Link adaptation, 02 engineering and technology, Outage probability, Management Science and Operations Research, Management Information Systems, LTE Advanced, Signalling, 0203 mechanical engineering, Handover, User equipment, 0202 electrical engineering, electronic engineering, information engineering, Femtocell, business, Mobility management, Information Systems, Computer network
Abstract

Vehicular User Equipment (UE) performance during mobility faces two issues relating to signaling and transmission, namely Handover (HO) and link adaptation. This paper shows that both processes are experiencing degradation during mobility and that vehicular UEs suffer from call drops and loss of connections. Therefore, this work presents an effective technique using Mobile-Femtos to improve vehicular UEs' HO process and link quality. Results show that vehicular UEs attached to a Mobile-Femto achieved better signalling and Link Ergodic capacity and as a consequence the outage probability was reduced. The achieved results indicated that deploying Mobile-Femtos under 25dB Vehicular Penetration Loss (VPL) has improved the vehicular UE Link Ergodic capacity by 1% and reduced the signal outage probability by 1.8% compared to the eNB direct transmission. Consequently, Drop Calls Probability (DCP) and Block Calls Probability (BCP) have been reduced by 7% and 14% respectively compared to the direct transmission from the eNB.

Published
2017

16. A formal analysis of authentication protocols for mobile devices in next generation networks

Author

Mahdi Aiash

Subjects
Computer Networks and Communications, Computer science, business.industry, Distributed computing, Mutual authentication, Computer Science Applications, Theoretical Computer Science, Variety (cybernetics), Computational Theory and Mathematics, Authentication protocol, Server, Next-generation network, business, Mobile device, Software, Computer network
Abstract

Next Generation Networks comprise a wide variety of access technologies such as 2G/3G, WLAN as well as the Long-Term Evolution LTE networks. In this environment, mobile devices are expected to store sensitive data and represent users to access the underlying networks and connect to a wide variety of sensitive servers. It is crucial, in this sense, for end users to trust their mobile devices and for all transactions using them to be secure. Therefore, a number of communication frameworks in Next Generation Networks have been working on designing device authentication protocols that achieve mutual authentication between users and mobile terminals. This paper analyses some of these protocols and introduces two new device authentication protocols, verifies them using formal methods approach and discusses how they achieved desired security proprieties. The performance analysis highlights another advantage of the proposed protocols. Copyright © 2014 John Wiley & Sons, Ltd.

Published
2014

17. Introducing a novel authentication protocol for secure services in heterogeneous environments using Casper/FDR

Author

Mahdi Aiash and Jonathan Loo

Subjects
Computer Networks and Communications, business.industry, Computer science, Quality of service, Information security, Computer security, computer.software_genre, Network Access Control, Authentication protocol, Server, Next-generation network, Session (computer science), Electrical and Electronic Engineering, business, computer, Heterogeneous network, Computer network
Abstract

Next generation network is a convergence of networks such as 2G/3G, WLAN as well as the recently implemented Long Term Evolution networks. Future mobile devices will switch between these different networks to maintain the connectivity with end servers. However, to support these heterogeneous environments, there is a need to consider a new design of the network infrastructure, where currently closed systems such as 3G will have to operate in an open environment. Security is a key issue in this open environment; after authenticating the mobile terminal to access the network, there is a requirement for service-level mechanisms to protect the session between the mobile terminal and the remote service provider. Furthermore, because mobile terminals switch between networks of different characteristics in terms of coverage, quality of service and security, there is a need for reassessing the security of the same session over the different networks to comply with the changes at the network level due to the mobility. Therefore, this paper introduces a service-level authentication and key agreement protocol to secure the session between the mobile terminal and the end server. The proposed protocol considers user mobilities in a heterogeneous environment and reassesses the session's security level in case of handover. The proposed protocol has been verified using formal methods approach based on the well-established Casper/FDR compilers. Copyright © 2013 John Wiley & Sons, Ltd.

Published
2013

18. On the Investigation of Cloud-Based Mobile Media Environments With Service-Populating and QoS-Aware Mechanisms

Author

Fragkiskos Sardis, Jonathan Loo, Mahdi Aiash, Glenford Mapp, and Alexey Vinel

Subjects
Vertical handover, Computer science, Service delivery framework, Mobile computing, Services computing, Cloud computing, Mobile Web, Communications system, Public land mobile network, Intelligent Network, Customer Service Assurance, Utility computing, Mobile station, Media Technology, Mobile database, Mobile payment, Mobile search, Mobile technology, Quality of experience, Electrical and Electronic Engineering, Radio access network, Access network, business.industry, Quality of service, IMT Advanced, Provisioning, Mobile business development, Mobile QoS, Service provider, Computer Science Applications, Mobile media, Signal Processing, Location-based service, Resource allocation, The Internet, business, Mobile device, Computer network
Abstract

Recent advances in mobile devices and network technologies have set new trends in the way we use computers and access networks. Cloud Computing, where processing and storage resources are residing on the network is one of these trends. The other is Mobile Computing, where mobile devices such as smartphones and tablets are believed to replace personal computers by combining network connectivity, mobility, and software functionality. In the future, these devices are expected to seamlessly switch between different network providers using vertical handover mechanisms in order to maintain network connectivity at all times. This will enable mobile devices to access Cloud Services without interruption as users move around. Using current service delivery models, mobile devices moving from one geographical location to another will keep accessing those services from the local Cloud of their previous network, which might lead to moving a large volume of data over the Internet backbone over long distances. This scenario highlights the fact that user mobility will result in more congestion on the Internet. This will degrade the Quality of Service and by extension, the Quality of Experience offered by the services in the Cloud and especially multimedia services that have very tight temporal constraints in terms of bandwidth and jitter. We believe that a different approach is required to manage resources more efficiently, while improving the Quality of Service and Quality of Experience of mobile media services. This paper introduces a novel concept of Cloud-Based Mobile Media Service Delivery in which services run on localized public Clouds and are capable of populating other public Clouds in different geographical locations depending on service demands and network status. Using an analytical framework, this paper argues that as the demand for specific services increases in a location, it might be more efficient to move those services closer to that location. This will prevent the Internet backbone from experiencing high traffic loads due to multimedia streams and will offer service providers an automated resource allocation and management mechanism for their services.

Published
2013

19. Interference management for co-channel mobile Femtocells technology in LTE networks

Author

Mahdi Aiash, Aboubaker Lasebae, Jonathan Loo, and Rand Raheem

Subjects
Vehicular ad hoc network, computer_science, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Co-channel interference, 020206 networking & telecommunications, 02 engineering and technology, Interference (wave propagation), User equipment, 0202 electrical engineering, electronic engineering, information engineering, Femtocell, Overhead (computing), 020201 artificial intelligence & image processing, Macrocell, business, Computer-networking, Power control, Computer network
Abstract

The dense deployment of Femtocells within the Macrocell's coverage is expected to dominate the future of Long Term Evolution (LTE) networks. While Mobile Femtocells (Mobile-Femtos) could be the solution for vehicular networks when there is a need to improve the vehicular User Equipment (UE) performance by mitigating the impact of penetration loss and path-loss issues. The deployed Femtocells have operated in a co-channel deployment due to the scarcity of spectrums. This issue causes interference between Femtocells and Macrocells as well it causes extra overhead on the LTE networks because of the co-tire interference between adjacent Femtocells. In this paper two interference scenarios are considered, the interference between Mobile-Femto and Macrocell, and the interference between the Mobile Femtos themselves. Therefore, to avoid the generated interference between Femtocells, the controlled transmission powers as well as the coverage planning techniques have been discussed. While in the worst-case scenarios, a frequency reuse scheme has been proposed to avoid the generated interference effectively and dynamically between the Mobile-Femtos as well as their UEs and between the Macrocell UEs.

Published
2016

20. A Progressive Approach to Design Authentication Protocols for Mobile Heterogeneous Networks

Author

Mahdi Aiash, Tayeb Kenaza, Jonathan Loo, Gill Whitney, and Aboubaker Lasebae

Subjects
Authentication, business.industry, Computer science, Distributed computing, 010401 analytical chemistry, Mobile computing, 020206 networking & telecommunications, 02 engineering and technology, 01 natural sciences, WiMAX, 0104 chemical sciences, Authentication protocol, Threat model, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Mobile telephony, business, Heterogeneous network, Computer network
Abstract

Heterogeneous networks is a convergence of different wireless and mobile networks such as WiMax, 3G and LTE. These technologies need to cooperate to provide users with any time anywhere connectivity, hence the support for this heterogeneous environment is required. The wide scale deployment of such heterogeneous networks will result in a radical change in the network infrastructure, where current closed systems such as 3G will have to operate in an open and heterogeneous environment and interoperate with other network technologies. This raises a serious security issue in terms of authenticating and authorizing mobile terminals on these various networks. This paper presents a progressive approach for designing Authentication and Key Agreement protocol in heterogeneous networks. The protocol is formally verified using formal methods approach and its security features are validated using a number of relevant threat models.

Published
2016

21. Enhancing the SVDD Accuracy in Intrusion Detection Systems by Removing External Voids

Author

Abennour Labed, Tayeb Kenaza, Mahdi Aiash, and Khadidja Bennaceur

Subjects
Computer science, Boundary (topology), 02 engineering and technology, Intrusion detection system, Hypersphere, computer.software_genre, Electronic mail, Support vector machine, Kernel (linear algebra), 020204 information systems, Distortion, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Anomaly detection, Data mining, computer
Abstract

This work aims to improve the accuracy of the SVDD-based Intrusion Detection Systems. In this study we are interested by approaches using only one-class classification, namely the class of normal user sessions. Sessions are modeled by vectors of points in a finite features space. The goal of using the SVDD in anomaly detection is to find the hypersphere with a minimal volume that encloses the entire scatter of points (i.e. the normal sessions). This paper discusses the general case where the shape of the scatter is arbitrary. In this case some voids can occur between the scatter and the boundary of the hypersphere, and mainly cause a distortion of the data description that reduces the accuracy of the detection. The objective of this work is to study and highlight the best techniques that help removing voids and thus improving the accuracy of the SVDD. Experimental results show that choosing the appropriate techniques and parameters can significantly improve the accuracy of the SVDD.

Published
2016

22. A specification-based IDS for detecting attacks on RPL-based network topology

Author

Kok Keong Chai, Anhtuan Le, Mahdi Aiash, and Jonathan Loo

Subjects
Routing protocol, RPL, computer_science, Computer science, 02 engineering and technology, Intrusion detection system, Cyber-security, IDS, Network topology, topology attacks, Network simulation, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Network performance, Information-security, 6LoWPAN, internal threats, lcsh:T58.5-58.64, specification-based, lcsh:Information technology, business.industry, Node (networking), 020206 networking & telecommunications, Scalability, 020201 artificial intelligence & image processing, business, Information Systems, Computer network
Abstract

Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network.

Published
2016

23. On preserving privacy in cloud computing using ToR

Author

Mahdi Aiash, Mamoun Alazab, and A. Carnielli

Subjects
Router, Engineering, business.industry, Internet privacy, Cloud computing, Virtualization, computer.software_genre, Computer security, Credit card, Phone, Social media, The Internet, business, computer, Anonymity
Abstract

The Internet allows for an efficient, inexpensive collection of information without surfers’ consents. This includes surfers’ preferences, interests or even credit card information. Furthermore, it is well known that some oppressive governments filter the information that can digitally reach their countries. Also, there are evidences that certain governments spy on citizens and organizations through intercepting phone calls, activities on social media and blogs. For Internet browsing, several methods of privacy-preserving and anonymizers have been developed. An example of such a technology is The Onion Router (ToR) network, which has been proven to guarantee users’ anonymity and privacy while they are browsing the Internet. However, with the wide deployment of virtualization solutions and the tremendous migration to cloud-based services, many online services have moved onto the cloud. This situation complicates the issue of preserving a client’s privacy and anonymity and raises a “question mark” as to the efficiency of current anonymizers in this new environment. To the best of our knowledge, few studies have been conducted to analyze the compatibility between the ToR network and this new emerging infrastructure. This paper presents a qualitative analysis of the feasibility and efficiency of the ToR in cloud infrastructure and the possibility of integrating these technologies.

Published
2016

24. 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach

Author

Jonathan Loo, Anhtuan Le, Yuan Luo, Mahdi Aiash, and Aboubaker Lasebae

Subjects
Routing protocol, Computer Networks and Communications, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Local area network, Intrusion detection system, Internet security, Computer security, computer.software_genre, IPv6, The Internet, Electrical and Electronic Engineering, business, 6LoWPAN, Wireless sensor network, computer, Computer network
Abstract

Fuelled to bring the Internet of Things concept to real life, the Internet Engineering Task Force is working on 6LoWPAN, in which the standard allows a vast number of smart objects to be deployed in local wireless sensor networks (WSNs) using the huge address space of IPv6 for data and information harvesting through the Internet. From the security point of view, 6LoWPAN/WSN will be open to security threats from the local network itself and the Internet. Cryptography techniques applied as the front line of defence or deterrent can easily be broken because of the weak secure nature of LoWPAN devices and the wireless environment. Compromised nodes could lead to insider attacks without being detected by any cryptography checking. An intrusion detection system (IDS) is, primarily needed as a second line of defence to monitor the network operations and raise an alarm in case of any anomaly. This paper analyses potential security threats in 6LoWPAN and reviews the current countermeasures, in particular, the IDS-based solutions for countering insider/internal threats. Additionally, it discovers three novel QoS-related security threats, namely rank attack, local repair attack, and resource depleting attack, which are more seriously affecting the routing protocol for low-power and lossy network, the routing protocol used to establish 6LoWPAN network topology. A new two-layer IDS concept is introduced as a countermeasure method for securing the routing protocol for low-power and lossy network-built network topology from the internal QoS attacks. Potential research works are also presented to provide baseline reference to researchers in this field. Copyright © 2012 John Wiley & Sons, Ltd.

Published
2012

25. A security framework for node-to-node communications based on the LISP architecture

Author

Jonathan Loo, Mahdi Aiash, Mohammad Muneer Kallash, and Aboubaker Lasebae

Subjects
Security framework, Computer Networks and Communications, Semantics (computer science), Computer science, business.industry, Node (networking), Formal methods, Lisp, Architecture, Safety, Risk, Reliability and Quality, business, Law, computer, Protocol (object-oriented programming), Formal verification, computer.programming_language, Computer network
Abstract

The locator/ID separation protocol (LISP) is a routing architecture that provides new semantics for IP addressing to support communications between peripheral networks of different technologies. Securing the LISP architecture has been investigated in the literature, while securing communications in peripheral networks is left to individual technologies. The authors in this paper advocate the need for a comprehensive solution to secure communications based on LISP. Therefore, the paper introduces a new node-to-node authentication and key agreement protocol. The protocol is formally verified using formal method based on Casper/FDR. Furthermore, the paper demonstrates how to integrate the proposed protocol with existing LISP’s security mechanisms in a form of a security framework.

Published
2018

26. U-sphere: strengthening scalable flat-name routing for decentralized networks

Author

Jernej Kos, Mahdi Aiash, Jonathan Loo, and Denis Trček

Subjects
Routing protocol, Computer Networks and Communications, business.industry, Computer science, Node (networking), Distributed computing, Routing (electronic design automation), Network topology, business, Protocol (object-oriented programming), Hash table, Computer network
Abstract

Supporting decentralized peer-to-peer communication between users is crucial for maintaining privacy and control over personal data. State-of-the-art protocols mostly rely on distributed hash tables (DHTs) in order to enable user-to-user communication. They are thus unable to provide transport address privacy and guaranteed low path stretch while ensuring sub-linear routing state together with tolerance of insider adversaries. In this paper we present U-Sphere, a novel location-independent routing protocol that is tolerant to Sybil adversaries and achieves low O (1) path stretch while maintaining View the MathML source per-node state. Departing from DHT designs, we use a landmark-based construction with node color groupings to aid flat name resolution while maintaining the stretch and state bounds. We completely remove the need for landmark-based location directories and build a name-record dissemination overlay that is able to better tolerate adversarial attacks under the assumption of social trust links established between nodes. We use large-scale emulation on both synthetic and actual network topologies to show that the protocol successfully achieves the scalability goals in addition to mitigating the impact of adversarial attacks.

Published
2015

28. Supporting Communication in Information Centric Networks Using the Location/ID Split Protocol and Time Released Caching

Author

Glenford Mapp, Mahdi Aiash, and Mohammad Muneer Kallash

Subjects
Routing protocol, Zone Routing Protocol, Computer science, computer.internet_protocol, Resource Reservation Protocol, business.industry, Internet layer, Wireless Routing Protocol, law.invention, Internet protocol suite, law, Server, Interior gateway protocol, Internet Protocol, The Internet, business, computer, Information exchange, Computer network
Abstract

The vast majority of current Internet usage is data retrieval and information exchange. As a result, the focus has been shifted from the current location-based system to an Information-Centric system, where information can be cached and accessed from anywhere within the network rather than from the end hosts only. To support this functionality, data must be uniquely identified regardless of the location. Current research efforts in the area of Information-Centric Networks presume the existence of a Convergence Layer protocol that facilitates the functionalities of forwarding, while data caching takes place on a higher-plane. Therefore, this paper proposes a convergence layer protocol, based on the Location/ID Separation Protocol which uses two numbering spaces for data. Unlike other Information Centric architectures in the literature, the proposed approach introduces new procedures to deal with in-network data caching and forwarding separately.

Published
2015

29. Challenges and solutions for secure information centric networks: a case study of the NetInf architecture

Author

Jonathan Loo and Mahdi Aiash

Subjects
Network architecture, Computer Networks and Communications, business.industry, Computer science, Scale (chemistry), Context (language use), Computer security, computer.software_genre, Computer Science Applications, User experience design, Hardware and Architecture, Threat model, The Internet, business, computer
Abstract

A large number of emerging Internet applications require information dissemination across different organizational boundaries, heterogeneous platforms, and a large, dynamic population of publishers and subscribers. A new information-centric network architecture called Network of Information (NetInf) has been developed in the context of the FP7 EU-funded 4WARD project. This architecture can significantly improve large scale information distribution. Furthermore, it supports future mobile networks in situations with intermittent and heterogeneous connectivity and connects the digital with the physical world to enable better user experience. However, NetInf is still in an early stage of implementation and its security is yet to be evaluated. The security concern of NetInf is a major factor for its wide-scale adoption. Therefore, this paper uses the X.805 security standard to analyse the security of the NetInf architecture. The analysis highlights the main source of threats and potential security services to tackle them. The paper also defines a threat model in the form of possible attacks against the NetInf architecture.

Published
2015

30. Will ToR Achieve Its Goals in the 'Future Internet'? An Empirical Study of Using ToR with Cloud Computing

Author

Antonio Carnielli and Mahdi Aiash

Subjects
Router, Cloud computing security, Computer science, business.industry, Internet privacy, Cloud computing, Computer security, computer.software_genre, Software deployment, Server, ComputingMilieux_COMPUTERSANDSOCIETY, The Internet, business, Software-defined networking, Mobile device, computer, Anonymity
Abstract

With the wide development and deployment of mobile devices and gadgets, a larger number of users go online in so many aspects of their daily lives. The challenge is to enjoy the conveniences of online activities while limiting privacy scarifies. In response to the increasing number of online-hacking scandals, mechanisms for protecting users privacy continue to evolve. An example of such mechanisms is the Onion Router (ToR), a free software for enabling online anonymity and resisting censorship. Despite the fact that ToR is a dominant anonymizerin the current Internet, the emergence of new communication and inter-networking trends such as Cloud Computing, Software Defined Networks and Information Centric Networks places a question mark whether ToR will fulfil its promises with these trend of the "Future Internet". This paper aims at answering the question by implementing ToR on a number of Cloud platforms and discussing the security properties of ToR.

Published
2015

31. Introducing a Hybrid Infrastructure and Information-Centric Approach for Secure Cloud Computing

Author

Robert Colson, Mohammad Muneer Kallash, and Mahdi Aiash

Subjects
Cloud computing security, Computer science, business.industry, Software as a service, Cloud computing, Information security, Computer security model, Computer security, computer.software_genre, Asset (computer security), Security information and event management, Storage area network, Converged infrastructure, Information security management, Security service, Software security assurance, Cloud testing, Security through obscurity, Security convergence, Network security policy, business, computer
Abstract

Security has been considered as the key concern of adopting cloud computing. This could be ascribed to the customers' lack of control over their confidential data once in the cloud and to the absence of trust in cloud providers. Unfortunately, the research efforts in the area of cloud security have not yet succeeded to give the required "peace of mind" to cloud customers. Therefore, in an attempt to figure out the main loopholes in cloud security, this paper questions the fundamental principles of the security approaches in the cloud. The paper highlights two main drawbacks, the first is due to a potential incompatibility among security measures, while the other is due to the focus on securing the infrastructure rather than the data itself. Therefore, the paper advocates the need for integrating information-centric security approaches, and hence presents a novel security framework that adopts both infrastructure and information-centric security services.

Published
2015

32. Investigating a Mobility-Aware QoS Model for Multimedia Streaming Rate Adaptation

Author

Glenford Mapp, Alexey Vinel, Mahdi Aiash, Fragkiskos Sardis, and Jonathan Loo

Subjects
Computer engineering. Computer hardware, computer_science, Article Subject, General Computer Science, Computer science, media_common.quotation_subject, Communications system, computer.software_genre, Rate adaptation, TK7885-7895, Wireless, Network performance, Quality (business), Electrical and Electronic Engineering, media_common, Multimedia, business.industry, Quality of service, Communication Systems, Systems, Variance (accounting), Telekommunikation, Signal Processing, Telecommunications, business, computer, Mobile device, Computer-networking, Kommunikationssystem, Computer network
Abstract

Supporting high quality multimedia streaming on wireless devices poses several challenges compared to wired networks due to the high variance in network performance encountered in the mobile environment. Although rate adaptation is commonly used in multimedia applications to compensate for fluctuations in network performance, it is a reactive mechanism which is not aware of the frequently changing connectivity that may occur on mobile devices. This paper proposed a performance evaluation model for multimedia streaming applications that is aware of user mobility and network performance. We presented an example of mathematical solution to the model and demonstrated the functionality using common mobility and connectivity examples that may be found in an urban environment. The proposed model is evaluated based on this functionality and how it may be used to enhance application performance. © 2015 Fragkiskos Sardis et al.

Published
2015

33. A formally verified access control mechanism for information centric networks

Author

Mahdi Aiash and Jonathan Loo

Subjects
computer_science, business.industry, Computer science, Capability based access control, Authorization, Access control, Computer security, computer.software_genre, Formal methods, World Wide Web, Data access, Data integrity, Architecture, business, computer, Mechanism (sociology), Computer-networking
Abstract

Communications in Information-Centric Networking place more attention on WHAT data are being exchanged rather than WHO are exchanging them. A well-established approach of information centric networks is the Network of Information (NetInf) architecture, developed as part of the EU FP7 project SAIL. The security of NetInf has been fairly analysed in the literature. In particular, research efforts have been focusing on achieving data integrity and confidentially, source or publisher authenticity and authorization. This paper analyses some work in the literature to enforce authorized access to data in NetInf, highlights a potential security threat and proposes an enhancement to address the discovered threat. The new enhancement has been formally verified using formal method approach based on the Casper/FDR tool.

Published
2015

34. Dynamic Traffic Management for Interactive Cloud Services: Localising Traffic Based on Network Throughput and User Mobility

Author

Mahdi Aiash, Fragkiskos Sardis, Jonathan Loo, and Glenford Mapp

Subjects
computer_science, business.industry, Computer science, Quality of service, Floating car data, Cloud computing, Network traffic control, Mobile telephony, Traffic shaping, business, Mobile device, Traffic generation model, Computer-networking, Computer network
Abstract

Traffic localisation is an important aspect of traffic management on the Internet. The caching of content and its distribution from localised servers is one mechanism that enables traffic localisation and reduces transit costs for network providers while enhancing service performance. However, personalized, dynamic user content is often un-cacheable due to its nature. As we move towards a world of constantly connected mobile devices, these devices will focus more towards Cloud services as a means of adding capabilities that would otherwise be impossible to have in a small mobile package. This leaves us with the potential problem of having to deal with un-cacheable traffic from real-time interactive Cloud services that causes congestion on a global scale. In this paper we present a solution that considers the scenario of an interactive, personal service running on the Cloud and accessed by a mobile user. We attempt to localise traffic by moving the virtual machine in response to the user's estimated network dwell time. Results gathered from a prototype platform are presented as proof of the concept.

Published
2014

35. Dynamic edge-caching for mobile users: minimising inter-AS traffic by moving cloud services and VMs

Author

Fragkiskos Sardis, Jonathan Loo, Glenford Mapp, and Mahdi Aiash

Subjects
business.product_category, computer_science, Computer science, Cloud gaming, Mobile computing, Cloud computing, Network interface, computer.software_genre, Utility computing, Cloud testing, Internet access, Mobile database, Mobile search, Network performance, Mobile technology, Cloud computing security, business.industry, Wireless network, Quality of service, Provisioning, Virtualization, Mobile cloud computing, Software deployment, Virtual machine, business, Mobile device, computer, Computer-networking, Computer network, Live migration
Abstract

In recent years, Cloud technology has revolutionized the way services are delivered to end-users. The advent of truly mobile computing in the form of smart phones and tablets has also driven the demand for Cloud resources in order to compensate for the inherent lack of local resources on these devices. Furthermore, modern mobile devices are equipped with multiple network interfaces and in combination with the rapid deployment of wireless networks, it is expected that they will always have Internet connectivity and access to Cloud resources. In this paper we will focus on traffic management for interactive multimedia services accessed by a mobile user by means of dynamic migration of a Virtual Machine. Network performance measurements are taken from a network of virtualization-enabled hosts that perform live migrations of a Virtual Machine which hosts multimedia content. The data is used as input to an equation that determines whether a migration would be beneficial in terms of traffic localization based on a user's mobility characteristics and network usage patterns. The contribution of this paper lies in the proposed mechanism of managing traffic for interactive services in the context of mobile cloud computing. This helps alleviate the increased network costs introduced by dynamic migrations driven by Quality of Service parameters and may result in increased network traffic for the benefit of improved QoS.

Published
2014

36. A Secure Framework for Communications in Heterogeneous Networks

Author

Jonathan Loo, Glenford Mapp, Aboubaker Lasebae, and Mahdi Aiash

Subjects
Network architecture, business.industry, Wireless network, Network security, Computer science, Distributed computing, Service discovery, Core network, Wireless WAN, Intelligent computer network, Security service, Network Access Control, Cellular network, Wireless, Multi-frequency network, business, Heterogeneous network, Computer network
Abstract

Heterogeneous Networks represent an open architecture in which two different domains need to cooperate in order to provide ubiquitous connectivity. The first is network operators domain, where multiple network operators share the core network to provide network accessibility over a wide variety of wireless technologies such as WiFi and mobile network technologies. The other is the Application-Service Providers domain, which launches various services ranging from the normal video streaming to the most confidential E-Commerce services. This highlights the fact that any efficient security solution for heterogeneous networks has to consider the security in these different domains. Therefore, this paper introduces security framework that comprises two Authentication and Key Agreement protocols to secure transactions at the network and service levels. The proposed protocols have been formally verified using formal methods approach based on Casper/FDR tool.

Published
2014

37. Investigating the Impact of Live Migration on the Network Infrastructure in Enterprise Environments

Author

Mahdi Aiash, Fowzan Jiffry, and Jose Sinti

Subjects
Computer science, Full virtualization, Virtual machine, Component (UML), Service provider, Virtualization, computer.software_genre, Computer security, computer, Live migration, Data virtualization
Abstract

Live migration of virtual machines (VMs) enables the transfer of a running VM to a new hardware component with minimal and hardly noticeable interruption. It is an important feature of virtualization technology for maintenance, load-balancing and energy reduction, especially for data centers operators and cluster service providers. Recently, virtualization started to find its way into enterprise environments such as large and medium-sized IT companies. However, no feasibility study to highlight the pros and cons of such a trend has been conducted yet. In particular, a seamless live migration requires a reliable network connection and will have an impact on the network infrastructure. Therefore, this paper describes the design and set-up of our test bed to simulate a realistic implementation of virtualization in an enterprise environment. We tested three different scenarios of live migration and checked the impact of each scenario on the network infrastructure. Based on the implementation results, the paper introduces a list of recommendations for IT companies which might be interested in implementing virtualization and live migration.

Published
2014

38. Secure Live Virtual Machines Migration: Issues and Solutions

Author

Glenford Mapp, Mahdi Aiash, and Orhan Gemikonakli

Subjects
Service (systems architecture), Computer science, Full virtualization, business.industry, Temporal isolation among virtual machines, Hypervisor, Fault tolerance, computer.software_genre, Virtualization, Virtual machine, Operating system, business, computer, Live migration, Computer network
Abstract

In recent years, there has been a huge trend towards running network intensive applications, such as Internet servers and Cloud-based service in virtual environment, where multiple virtual machines (VMs) running on the same machine share the machine's physical and network resources. In such environment, the virtual machine monitor (VMM) virtualizes the machine's resources in terms of CPU, memory, storage, network and I/O devices to allow multiple operating systems running in different VMs to operate and access the network concurrently. A key feature of virtualization is live migration (LM) that allows transfer of virtual machine from one physical server to another without interrupting the services running in virtual machine. Live migration facilitates workload balancing, fault tolerance, online system maintenance, consolidation of virtual machines etc. However, live migration is still in an early stage of implementation and its security is yet to be evaluated. The security concern of live migration is a major factor for its adoption by the IT industry. Therefore, this paper uses the X.805 security standard to investigate attacks on live virtual machine migration. The analysis highlights the main source of threats and suggests approaches to tackle them. The paper also surveys and compares different proposals in the literature to secure the live migration.

Published
2014

39. Exploring a New Security Framework for Cloud Storage Using Capabilities

Author

Malcolm Clarke, Brian Ondiege, Mahdi Aiash, and Glenford Mapp

Subjects
Engineering, Cloud computing security, business.industry, Cloud computing, Computer security model, Computer security, computer.software_genre, Security service, Software deployment, Server, business, computer, Wireless sensor network, Cloud storage
Abstract

We are seeing the deployment of new types of networks such as sensor networks for environmental and infrastructural monitoring, social networks such as facebook, and e-Health networks for patient monitoring. These networks are producing large amounts of data that need to be stored, processed and analysed. Cloud technology is being used to meet these challenges. However, a key issue is how to provide security for data stored in the Cloud. This paper addresses this issue in two ways. It first proposes a new security framework for Cloud security which deals with all the major system entities. Secondly, it introduces a Capability ID system based on modified IPv6 addressing which can be used to implement a security framework for Cloud storage. The paper then shows how these techniques are being used to build an e-Health system for patient monitoring.

Published
2014

40. Supporting communications in the IoTs using the location/ID split protocol: A security analysis

Author

Jonathan Loo, Ali Raheem, Aboubaker Lasebae, and Mahdi Aiash

Subjects
Routing protocol, Zone Routing Protocol, Computer science, computer.internet_protocol, business.industry, Internet layer, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Enhanced Interior Gateway Routing Protocol, Computer security, computer.software_genre, law.invention, IPv6, Internet protocol suite, Locator/Identifier Separation Protocol, law, Internet Protocol, business, computer, Computer network
Abstract

Communication on the `Internet of Things' is based on a machine-to-machine pattern, where devices will be globallyaddressed and identified. However, as the number of connected devices increases, the burden on the network infrastructure increases as well. One major challenge will be the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address this problem, an IETF working group, along with the research group at Cisco, are working on a Locator/ID Separation Protocol as a routing architecture that provides new semantics for IP addressing, in order to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. However, the Locator/ID Separation Protocol is still at an early stage of implementation and the protocol's security, in particular, is still in its infancy. Therefore, this paper will investigate the security issues that could occur from deploying the Locator/ID Separation Protocol in the Internet of Things. The investigation discovers a number of vulnerabilities that should be considered before moving to the implementation stage.

Published
2013

41. Security analysis of the constrained application protocol in the Internet of Things

Author

Thamer A. Alghamdi, Mahdi Aiash, and Aboubaker Lasebae

Subjects
business.industry, computer.internet_protocol, Computer science, Internet layer, Internet security, Constrained Application Protocol, law.invention, Protocol stack, Internet protocol suite, Security association, law, IPsec, Internet Protocol, business, computer, Computer network
Abstract

The concept of Internet of Things involves huge number of constrained devices such as wireless sensors to communicate in a machine-to-machine pattern. Based on the implementation scenario, such communication might take place over a public network such as the Internet, which is based on the TCP/IP stack. However, different research working groups argue that some of these stack protocols such as the Hyper Text Transfer Protocol (HTTP) might not be suitable for constrained devices. Therefore, the IETF Constrained RESTful Environments (CoRE) WG has proposed the Constrained Application Protocol (CoAP); an application layer protocol for constrained devices in the IoTs. The CoRE WG proposed using IPSec or DTLS to secure the CoAP communication at different levels of the protocol stack. However, to investigate the feasibility of such a proposal, we use the X.805 security standard to analyze the security aspects of such implementation. The analysis highlights the main security drawbacks and hence argues of the need for a new integrated security solution.

Published
2013

42. From fixed to mobile femtocells in LTE systems: Issues and challenges

Author

Aboubaker Lasebae, Rand Raheem, Jonathan Loo, and Mahdi Aiash

Subjects
LTE Advanced, Engineering, business.industry, Software deployment, Public transport, Femtocell, Train, Throughput, Enhanced Data Rates for GSM Evolution, Spectral efficiency, business, Telecommunications, Computer network
Abstract

This paper investigates the concept of Mobile Femtocell which is the extension of implementing Mobile Relays and Fixed Femtocells. Mobile Femtocells can be deployed in public transportation vehicles such as trains, buses or private cars that form its own cell inside vehicles to serve vehicular and mobile User Equipments. This study intends to help cell-edge users to have better signal strength. An investigation into Long Term Evolution cell-edge users' performance is being conducted by investigating the deployment of Mobile Femtocells in LTE system. The throughput for cell edge users can be improved by deploying Fixed/Mobile Femtocells. This paper is considering several scenarios namely; Fixed Femtocells with Fixed users, Mobile Femtocells with fixed users, Fixed Femtocells with mobile users and Finally Mobile Femtocells with mobile users. The achieved results via Matlab simulation showed that Mobile Femtocells' users have enjoyed better Quality of Services than Fixed Femtocells' users. The improved performance has been noticed through the improvement of the Mobile Femtocells UEs' spectral efficiency, throughput and SINR over the Fixed Femtocells' users.

Published
2013

43. A Formally Verified Initial Authentication and Key Agreement Protocol in Heterogeneous Environments Using Casper/FDR

Author

Mahdi Aiash

Subjects
Terminal (electronics), Wireless network, Computer science, Software deployment, business.industry, Convergence (routing), Cryptographic protocol, business, Protocol (object-oriented programming), WiMAX, Heterogeneous network, Computer network
Abstract

Future mobile networking will involve the convergence of different wireless networks such as 2G, 3G, WiMax and Long Term Evolution. The wide scale deployment of such heterogeneous networks will precipitate a radical change in the network infrastructure, where currently closed systems such as 3G will have to operate in an open environment. This brings to the fore certain security issues which must be addressed, the most important of which is the initial Authentication and Key Agreement to identify and authorize mobile nodes on these various networks. This paper proposes a new security protocol to authenticate the mobile terminal in heterogeneous networks.

Published
2013

44. Securing Address Registration in Location/ID Split Protocol Using ID-Based Cryptography

Author

Mahdi Aiash, Ameer Al-Nemrat, David Preston, Tsaoussidis, Vassilis, Kassler, Andreas, Koucheryavy, Yevgeni, and Mellouk, Abdelhamid

Subjects
Router, Computer science, business.industry, Cryptography, computer.software_genre, Numbering, ID-based cryptography, Locator/Identifier Separation Protocol, Scalability, Operating system, The Internet, Lisp, business, computer, Computer network, computer.programming_language
Abstract

The Locator/ID Separation Protocol (LISP) is a routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP separates the device identity from its location using two different numbering spaces. The LISP also, introduces a mapping system to match the two spaces. In the initial stage, each LISP-capable router needs to register with a Map Server, this is known as the Registration stage. However, this stage is vulnerable to masquerading and content poisoning attacks. Therefore, a new security method for protecting the LISP Registration stage is presented in this paper. The proposed method uses the ID-Based Cryptography (IBC) which allows the mapping system to authenticate the source of the data. The proposal has been verified using formal methods approach based on the well-developed Casper/FDR tool.

Published
2013

45. M-Sieve: A visualisation tool for supporting network security analysts: VAST 2012 Mini Challenge 1 award: 'Subject matter expert's award'

Author

Raymond Chen, Chris Rooney, Yongjun Zheng, Simon Attfield, Sharmin Choudhury, Louis Slabbert, Neesha Kodagoda, Kai Xu, Glenford Mapp, Mahdi Aiash, Aboubaker Lasebae, Phong H. Nguyen, and B. L. W. Wong

Subjects
World Wide Web, Visual analytics, Information visualization, Subject-matter expert, Computer science, Network security, business.industry, business, Data science, Interactive visualization, Filter (software), Visualization, Domain (software engineering)
Abstract

The Middlesex Spatial Interactive Visualisation Environment (M-Sieve) is a spatiotemporal visual analytics tool for exploring computer network activity. M-Sieve allows the user to filter and visualize data through facets to explore and find patterns. To help guide exploration, we developed a set of rules which are used to derive a variable we call the ‘Concern Level Assessment’ (CLA). The CLA is based on attributes of nodes on the network. The rules were developed by eliciting inferences from network security domain experts. The combination of M-Sieve and the CLA allowed us to address the problem presented by the VAST 2012 Competition — Mini Challenge 1.

Published
2012

46. A SURVEY ON AUTHENTICATION AND KEY AGREEMENT PROTOCOLS IN HETEROGENEOUS NETWORKS

Author

Glenford Mapp, Mahdi Aiash, and Aboubaker Lasebae

Subjects
FOS: Computer and information sciences, Ethernet, Computer Science - Cryptography and Security, Computer science, Core network, Computer security, computer.software_genre, Operator (computer programming), Order (exchange), Authentication and Key Agreement Protocols, Casper/FDR, Next Generation Networks, Heterogeneous Networks, Next-generation network, Open architecture, Cryptography and Security (cs.CR), computer, Heterogeneous network, Strengths and weaknesses
Abstract

Unlike current closed systems such as 2nd and 3rd generations where the core network is controlled by a sole network operator, multiple network operators will coexist and manage the core network in Next Generation Networks (NGNs). This open architecture and the collaboration between different network operators will support ubiquitous connectivity and thus enhances users’ experience. However, this brings to the fore certain security issues which must be addressed, the most important of which is the initial Authentication and Key Agreement (AKA) to identify and authorize mobile nodes on these various networks. This paper looks at how existing research efforts the HOKEY WG, Mobile Ethernet and 3GPP frameworks respond to this new environment and provide security mechanisms. The analysis shows that most of the research had realized the openness of the core network and tried to deal with it using different methods. These methods will be extensively analysed in order to highlight their strengths and weaknesses.

Published
2012
Full Text
View/download PDF

47. Integrating Mobility, Quality-of-service and Security in Future Mobile Networks

Author

Aboubaker Lasebae, Mahdi Aiash, Jonathan Loo, Glenford Mapp, and Raphael C.-W. Phan

Subjects
Vertical handover, Engineering, Service (systems architecture), Wireless network, business.industry, Quality of service, Network interface, Computer security, computer.software_genre, Software deployment, Server, Architecture, business, computer
Abstract

The development and deployment of wireless networks will mean that devices with multiple network interfaces will soon become commonplace. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using vertical handover techniques. However, different networks have different qualities-of-service so a Quality-of-Service Framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of service and security. Y-Comm is a new architecture that seeks to integrate these key requirements. This papers shows how these requirements are met in the design of this architecture.

Published
2012

48. A survey of potential architectures for communication in heterogeneous networks

Author

Raphael C.-W. Phan, Renata Maria Porto Vanni, Aboubaker Lasebae, Fragkiskos Sardis, Jonathan Loo, Mahdi Aiash, Mario Augusto, Edson dos Santos Moreira, and Glenford Mapp

Subjects
Public land mobile network, Mobility model, Security service, business.industry, Computer science, Server, Mobile computing, Mobile search, Mobile QoS, business, Heterogeneous network, Computer network
Abstract

An increasingly wireless world will mean that devices with multiple network interfaces will soon become commonplace. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using handover techniques. However, different networks have different Qualities-of-Service so a Quality-of-Service Framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of service and security. This paper provides an overview of potential architectures for communication in future networks. Our study shows that only a number of these architectures support this integration.

Published
2012

49. Exploiting location and contextual information to develop a comprehensive framework for proactive handover in heterogeneous environments

Author

N. Chinnam, Glenford Mapp, Ferdinand Apietu Katsriku, Edson dos Santos Moreira, R. M. Porto Vanni, Mahdi Aiash, Mario Augusto, and Roberto Rigolin F. Lopes

Subjects
Vertical handover, Article Subject, Computer Networks and Communications, business.industry, computer.internet_protocol, Computer science, Distributed computing, lcsh:QA75.5-76.95, MULTIMÍDIA INTERATIVA, Handover, Software deployment, Cellular network, Wireless, RADIUS, Context awareness, lcsh:Electronic computers. Computer science, Architecture, business, computer, Information Systems, Computer network
Abstract

The development and deployment of several wireless and cellular networks mean that users will demand to be always connected as they move around. Mobile nodes will therefore have several interfaces and connections will be seamlessly switched among available networks using vertical handover techniques. Proactive handover mechanisms can be combined with the deployment of a number of location-based systems that provide location information to a very high degree of accuracy in different contexts. Furthermore, this new environment will also allow contextual information such as user profiles as well as the availability of using location and contextual information to provide efficient handover mechanisms. Using location-based techniques, it is possible to demonstrate that the Time Before Vertical Handover as well as the Network Dwell Time can be accurately estimated. These techniques are dependent on accurately estimating the handover radius. This paper investigates how location and context awareness can be used to estimate the best handover radius. The paper also explores how such techniques may be integrated into the Y-Comm architecture which is being used to explore the development of future mobile networks. Finally, the paper highlights the use of ontological techniques as a mechanism for specifying and prototyping such systems.

Published
2012

50. A formally verified device authentication protocol using Casper/FDR

Author

Raphael C.-W. Phan, Glenford Mapp, Jonathan Loo, Mahdi Aiash, Aboubaker Lasebae, Min, Geyong, Wu, Yulei, Liu, Lei (Chris), Jin, Xiaolong, Jarvis, Stephen, and Al-Dubai, Ahmed Y.

Subjects
Network security, business.industry, Computer science, Mobile computing, Cryptographic protocol, Formal methods, Computer security, computer.software_genre, Authentication protocol, Next-generation network, business, Mobile device, Protocol (object-oriented programming), computer, Computer network
Abstract

For communication in Next Generation Networks, highly-developed mobile devices will enable users to store and manage a lot of credentials on their terminals. Furthermore, these terminals will represent and act on behalf of users when accessing different networks and connecting to a wide variety of services. In this situation, it is essential for users to trust their terminals and for all transactions using them to be secure. This paper analyses a number of the Authentication and Key Agreement protocols between the users and mobile terminals, then proposes a novel device authentication protocol. The proposed protocol is analysed and verified using a formal methods approach based on Casper/FDR compiler.

Published
2012

Catalog

Books, media, physical & digital resources
See catalog results