Your search keyword '"Mahdi Aiash"' showing total 2 results

1. Formal verification of authentication and service authorization protocols in 5G-enabled device-to-device communications using ProVerif

Author

Jonathan Loo, Mahdi Aiash, and Ed Kamya Kiyemba Edris

Subjects

Security analysis, formal methods, TK7800-8360, Computer Networks and Communications, Computer science, Access control, D2D, 02 engineering and technology, Cyber-security, Encryption, ProVerif, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Integrated Encryption Scheme, Authentication, business.industry, security protocol, 020206 networking & telecommunications, Service provider, Cryptographic protocol, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Cellular network, authentication, authorization, 020201 artificial intelligence & image processing, Electronics, business, 5G, Computer network

Abstract

Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols.

Published

2021

2. A specification-based IDS for detecting attacks on RPL-based network topology

Author

Kok Keong Chai, Anhtuan Le, Mahdi Aiash, and Jonathan Loo

Subjects

Routing protocol, RPL, computer_science, Computer science, 02 engineering and technology, Intrusion detection system, Cyber-security, IDS, Network topology, topology attacks, Network simulation, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Network performance, Information-security, 6LoWPAN, internal threats, lcsh:T58.5-58.64, specification-based, lcsh:Information technology, business.industry, Node (networking), 020206 networking & telecommunications, Scalability, 020201 artificial intelligence & image processing, business, Information Systems, Computer network

Abstract

Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network.

Published

2016