Your search keyword '"Mohamed Nabeel"' showing total 23 results

1. Following Passive DNS Traces to Detect Stealthy Malicious Domains Via Graph Inference

Author

Bei Guan, Mohamed Nabeel, Ting Yu, and Issa Khalil

Subjects

021110 strategic, defence & security studies, General Computer Science, Association rule learning, business.industry, Computer science, Domain Name System, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Phishing, Domain (software engineering), Set (abstract data type), Server, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), The Internet, Data mining, Safety, Risk, Reliability and Quality, business, computer

Abstract

Malicious domains, including phishing websites, spam servers, and command and control servers, are the reason for many of the cyber attacks nowadays. Thus, detecting them in a timely manner is important to not only identify cyber attacks but also take preventive measures. There has been a plethora of techniques proposed to detect malicious domains by analyzing Domain Name System (DNS) traffic data. Traditionally, DNS acts as an Internet miscreant’s best friend, but we observe that the subtle traces in DNS logs left by such miscreants can be used against them to detect malicious domains. Our approach is to build a set of domain graphs by connecting “related” domains together and injecting known malicious and benign domains into these graphs so that we can make inferences about the other domains in the domain graphs. A key challenge in building these graphs is how to accurately identify related domains so that incorrect associations are minimized and the number of domains connected from the dataset is maximized. Based on our observations, we first train two classifiers and then devise a set of association rules that assist in linking domains together. We perform an in-depth empirical analysis of the graphs built using these association rules on passive DNS data and show that our techniques can detect many more malicious domains than the state-of-the-art.

Published

2020

2. Malicious and Low Credibility URLs on Twitter During the AstraZeneca COVID-19 Vaccine Development

Author

Mohamed Nabeel, Adriana Iamnitchi, Ravindu De Silva, Sameera Horawalavithana, Charitha Elvitigala, and Primal Wijesekara

Subjects

Coronavirus disease 2019 (COVID-19), business.industry, Computer science, Internet privacy, Credibility, Cloud computing, Content delivery, business

Abstract

We investigate the link sharing behavior of Twitter users following the temporary halt of AstraZeneca COVID-19 vaccine development in September 2020. During this period, we show the presence of malicious and low credibility information sources shared on Twitter messages in multiple languages. The malicious URLs, often in shortened forms, are increasingly hosted in content delivery networks and shared cloud hosting infrastructures not only to improve reach but also to avoid being detected and blocked. There are potential signs of coordination to promote both malicious and low credibility URLs on Twitter. Our findings suggest the need to develop a system that monitors the low-quality URLs shared in times of crisis.

Published

2021

3. In vitro retention force measurement for three different attachment systems for implant-retained overdenture

Author

Kareem Mohammed Reda, Ibrahim Ramadan El-Torky, and Mohamed Nabeel EL-Gendy

Subjects

Universal testing machine, Study groups, Chemistry, business.industry, Fatigue strength, Dentistry, 030206 dentistry, locator, lcsh:RK1-715, 03 medical and health sciences, 0302 clinical medicine, snap, 030220 oncology & carcinogenesis, visual_art, retention force, lcsh:Dentistry, visual_art.visual_art_medium, syncone, Original Article, Implant, Oral Surgery, business, General Dentistry, Acrylic resin, overdenture attachment

Abstract

Aim: The aim of this study is to compare the retention force of three different types of overdenture attachment systems used in implant-retained mandibular complete overdentures. Materials and Methods: Twenty-one similar acrylic resin blocks were prepared and divided into three study groups: Group A (snap attachment) - 10 specimens, Group B (locator attachment) - 1 specimen, and Group C (syncone attachment) - 10 specimens. A single rectangular heat cure acrylic resin block with two implant analogs 22 mm apart was used with all specimens. Each specimen was subjected to 5500 cycles of insertion and removal in the presence of artificial saliva, representing 5 years of usage. Retention was measured three times for each specimen using universal testing machine. Data were analyzed using one-way and two-way analysis of variance at 95% level of confidence. Results: Locator attachment group (Group B) showed the greatest retention level throughout the study, followed by snap attachment (Group A), and syncone attachment (Group C) showed the lowest retention level. Conclusion: Regardless of the initial retention level of overdenture attachment, gradual loss of retention values is inevitable. However, the rate of retention loss in overdenture attachments is higher in types which comprised plastic parts within their components, rather than those totally made up of noble metals.

Published

2016

4. Securing Named Data Networks

Author

Mohamed Nabeel and Elisa Bertino

Subjects

021110 strategic, defence & security studies, business.product_category, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, Access control, 02 engineering and technology, Data breach, Computer security model, Computer security, computer.software_genre, Internet security, law.invention, law, Threat model, Internet Protocol, 0202 electrical engineering, electronic engineering, information engineering, Internet access, The Internet, business, computer

Abstract

Despite decades of research on the Internet security, we constantly hear about mega data breaches and malware infections affecting hundreds of millions of hosts. The key reason is that the current threat model of the Internet relies on two assumptions that no longer hold true: (1) Web servers, hosting the content, are secure, (2) each Internet connection starts from the original content provider and terminates at the content consumer. Internet security is today merely patched on top of the TCP/IP protocol stack. In order to achieve comprehensive security for the Internet, we believe that a clean-slate approach must be adopted where a content based security model is employed. Named Data Networking (NDN) is a step in this direction which is envisioned to be the next generation Internet architecture based on a content centric communication model. NDN is currently being designed with security as a key requirement, and thus to support content integrity, authenticity, confidentiality and privacy. However, in order to meet such a requirement, one needs to overcome several challenges, especially in either large operational environments or resource constrained networks. In this paper, we explore the security challenges in achieving comprehensive content security in NDN and propose a research agenda to address some of the challenges.

Published

2018

5. Sealing ability of Biodentine versus ProRoot mineral trioxide aggregate as root-end filling materials

Author

Hossam M. Tawfik, Ashraf M. Abu-Seida, Mohamed Nabeel, and Abeer A Elgendy

Subjects

Mineral trioxide aggregate, Materials science, biology, business.industry, Significant difference, Specific time, lcsh:R, Dentistry, lcsh:Medicine, 030206 dentistry, Gutta-percha, biology.organism_classification, Article, lcsh:RK1-715, 030207 dermatology & venereal diseases, 03 medical and health sciences, 0302 clinical medicine, Statistical significance, lcsh:Dentistry, Root end filling, Maxillary central incisor, Proroot mta, business, General Dentistry

Abstract

Aim: This study evaluated the sealing ability of ProRoot MTA and Biodentine as root-end filling materials. Method: In total, twenty (N = 20) extracted human maxillary central incisor teeth were decontaminated, cleaned and decoronated. Instrumentation was performed according to the step back technique using #50 Flex-o-file. Then the canals were flared to #70 Flex-o-file. Obturation was performed with conventional gutta percha and a resinous sealer (AH26) using the lateral condensation technique. Resection of 3 mm of apical end of each root was achieved perpendicular to the long axis of the root. Root-end cavity was prepared in each sample ultrasonically then filled with tested materials (N = 10). Fluid filtration method was used to assess the sealing ability of each tested material at three different experimental periods; one day, one week and one month after setting. All data were tabulated and statistically analyzed with a level of significance set at P ≤ .05. Results: At each specific time interval, the leakage mean values were not consistent among the tested materials. At one day interval, ProRoot MTA samples had a higher leakage mean value than Biodentine samples. However, this difference in leakage was not statistically significant (P > .05). At one week interval, both materials showed an increased degree of leakage mean value with no significant difference (P > .05). At one month interval, ProRoot MTA samples showed a decrease in leakage mean value, while the Biodentine samples showed a further increase in leakage mean value. This difference was statistically significant (P

Published

2018

6. Session details: Access Control and Authentication

Author

Mohamed Nabeel

Subjects

Authentication, Multimedia, Computer science, business.industry, Access control, Session (computer science), business, computer.software_genre, computer

Published

2018

7. Scalable end-to-end security for advanced metering infrastructures

Author

Xiaoyu Ding, Mohamed Nabeel, Elisa Bertino, and Seung-Hyun Seo

Subjects

Authentication, Computer science, business.industry, Smart meter, Computer security, computer.software_genre, Hardware and Architecture, Server, Scalability, business, Key management, computer, Software, Information Systems, Computer network

Abstract

Conventional utility meters are increasingly being replaced with smart meters as Advanced Metering Infrastructures (AMIs) provide many benefits over conventional power infrastructures. However, security issues pertaining to data transmission between smart meters and utility servers are a major concern. In particular, as data travels through several networks, scalable key management schemes are crucial for secure end-to-end communications. In this paper, we propose an approach based on physically unclonable function (PUF) technology for providing strong hardware based authentication of smart meters and efficient key management to assure the confidentiality and integrity of messages exchanged in AMIs. Our approach does not require modifications to the existing smart meter communication. We have developed a proof-of-concept implementation of the proposed approach which is also briefly discussed in the paper.

Published

2015

8. An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds

Author

Seung-Hyun Seo, Elisa Bertino, Xiaoyu Ding, and Mohamed Nabeel

Subjects

Computer science, Certificateless cryptography, Key distribution, Access control, Computer security, computer.software_genre, Encryption, Public-key cryptography, certificateless cryptography, Multiple encryption, Engineering, Filesystem-level encryption, Email encryption, Medicine and Health Sciences, Physical Sciences and Mathematics, Cloud computing, Revocation list, Key generation, business.industry, access control, Authorization, Life Sciences, Client-side encryption, confidentiality, Computer Science Applications, Deterministic encryption, Computational Theory and Mathematics, Disk encryption, Probabilistic encryption, Pairing, 40-bit encryption, 56-bit encryption, Keyfile, Attribute-based encryption, Link encryption, On-the-fly encryption, business, computer, Key escrow, Information Systems, Computer network

Abstract

We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. We apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users’ public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its security and performance. Our results show that our schemes are efficient and practical.

Published

2014

9. Congenital cytomegalovirus infection-related diaphragmatic dysfunction: A case study

Author

Mohamed Nabeel Khalaf, Yasmin Ahmed Gad, and Narayanaro Krishnamurthy Sujay

Subjects

Respiratory distress, congenital cytomegalovirus, Mechanism (biology), business.industry, lcsh:R, lcsh:Medicine, virus diseases, Diaphragmatic breathing, General Medicine, respiratory distress syndrome, Congenital cmv infection, Immunology, Medicine, business, Pathological, diaphragmatic dysfunction

Abstract

Congenital cytomegalovirus (CMV) infection is a common disorder that can lead to multiple developmental sequelae. This case study reports a newborn with respiratory distress syndrome (RDS) associated with diaphragmatic dysfunction due to congenital CMV infection. In newborns with unexplained RDS, CMV infection-related diaphragmatic dysfunction is a potential underlying pathological mechanism.

Published

2019

10. Privacy Preserving Policy-Based Content Sharing in Public Clouds

Author

Mohamed Nabeel, Ning Shang, and Elisa Bertino

Subjects

business.industry, Computer science, Key distribution center, Authorization, Key distribution, Access control, Encryption, Computer security, computer.software_genre, Computer Science Applications, Public-key cryptography, Computational Theory and Mathematics, Symmetric-key algorithm, Cryptosystem, business, Key management, computer, Information Systems

Abstract

An important problem in public clouds is how to selectively share documents based on fine-grained attribute-based access control policies (acps). An approach is to encrypt documents satisfying different policies with different keys using a public key cryptosystem such as attribute-based encryption, and/or proxy re-encryption. However, such an approach has some weaknesses: it cannot efficiently handle adding/revoking users or identity attributes, and policy changes; it requires to keep multiple encrypted copies of the same documents; it incurs high computational costs. A direct application of a symmetric key cryptosystem, where users are grouped based on the policies they satisfy and unique keys are assigned to each group, also has similar weaknesses. We observe that, without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the above weaknesses. Based on this idea, we formalize a new key management scheme, called broadcast group key management (BGKM), and then give a secure construction of a BGKM scheme called ACV-BGKM. The idea is to give some secrets to users based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets and some public information. A key advantage of the BGKM scheme is that adding users/revoking users or updating acps can be performed efficiently by updating only some public information. Using our BGKM construct, we propose an efficient approach for fine-grained encryption-based access control for documents stored in an untrusted cloud file storage.

Published

2013

11. DBMask

Author

Muhammad I. Sarfraz, Jianneng Cao, Elisa Bertino, and Mohamed Nabeel

Subjects

SQL, Database, Relational database, business.industry, Computer science, Data management, Component-oriented database, computer.software_genre, Encryption, Computer security, Column (database), Data sharing, business, computer, Database engine, computer.programming_language

Abstract

For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of "database as a service" by which their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization's business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts have not adequately addressed flexible cryptographically enforced access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. In this paper, we propose DBMask, a novel solution that supports fine-grained cryptographically enforced access control, including column, row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance and the functionality of an encrypted database and results show that our solution is efficient and scalable to large datasets.

Published

2015

12. Privacy Preserving Delegated Access Control in Public Clouds

Author

Elisa Bertino and Mohamed Nabeel

Subjects

Delegate, Computer science, media_common.quotation_subject, Data_MISCELLANEOUS, Cloud computing, Access control, Computer security, computer.software_genre, Encryption, Upload, Engineering, Medicine and Health Sciences, Physical Sciences and Mathematics, Overhead (computing), identity, encryption, media_common, Delegation, business.industry, cloud computing, access control, Client-side encryption, Life Sciences, Computer Science Applications, Computational Theory and Mathematics, Privacy, 40-bit encryption, policy decomposition, On-the-fly encryption, business, computer, Information Systems, Computer network

Abstract

Current approaches to enforce fine-grained access control on confidential data hosted in the cloud are based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data before uploading them on the cloud and re-encrypting the data whenever user credentials change. Data owners thus incur high communication and computation costs. A better approach should delegate the enforcement of fine-grained access control to the cloud, so to minimize the overhead at the data owners, while assuring data confidentiality from the cloud. We propose an approach, based on two layers of encryption, that addresses such requirement. Under our approach, the data owner performs a coarse-grained encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted data. A challenging issue is how to decompose access control policies (ACPs) such that the two layer encryption can be performed. We show that this problem is NP-complete and propose novel optimization algorithms. We utilize an efficient group key management scheme that supports expressive ACPs. Our system assures the confidentiality of the data and preserves the privacy of users from the cloud while delegating most of the access control enforcement to the cloud.

Published

2014

13. An efficient certificateless cryptography scheme without pairing

Author

Mohamed Nabeel, Seung-Hyun Seo, Xiaoyu Ding, and Elisa Bertino

Subjects

Computer science, business.industry, Certificateless cryptography, Key distribution, Cryptography, Computer security, computer.software_genre, Encryption, Public-key cryptography, ID-based cryptography, Key (cryptography), business, computer, Key escrow, Computer network

Abstract

We propose a mediated certificateless encryption scheme without pairing operations. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this poster, we propose a novel mCL-PKE scheme. We implement our mCL-PKE scheme and a recent scheme, and evaluate the security and performance. Our results show that our algorithms are efficient and practical.

Published

2013

14. Privacy Preserving Context Aware Publish Subscribe Systems

Author

Stefan Appel, Mohamed Nabeel, Alejandro Buchmann, and Elisa Bertino

Subjects

business.industry, Computer science, Homomorphic encryption, Access control, Context (language use), Plaintext, Trusted third party, Encryption, Computer security, computer.software_genre, Information sensitivity, Middleware, business, computer

Abstract

Modern pub/sub systems perform message routing based on the message content and allow subscribers to receive messages related to their subscriptions and the current context. Both content and context encode sensitive information which should be protected from third-party brokers that make routing decisions. In this work, we address this issue by proposing an approach that assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context. Further, subscribers with a frequently changing context, such as location, are able to issue and update subscriptions without revealing the subscriptions in plaintext to the broker and without the need to contact a trusted third party for each subscription change resulting from a change in the context. Our approach is based on a modified version of the Paillier additive homomorphic cryptosystem and a novel group key management scheme. The former construct is used to perform privacy preserving matching, and the latter construct is used to enforce fine-grained encryption-based access control on the messages being published. We optimize our approach in order to efficiently handle frequently changing contexts. We have implemented our approach in a prototype using an industry strength JMS broker middleware. The experimental results show that our approach is highly practical.

Published

2013

15. Privacy preserving delegated access control in the storage as a service model

Author

Mohamed Nabeel and Elisa Bertino

Subjects

Information privacy, Computer access control, business.industry, Computer science, Privacy software, Data_MISCELLANEOUS, Client-side encryption, Access control, Cryptography, Cloud computing, Encryption, Computer security, computer.software_genre, business, computer

Abstract

Current approaches for enforcing fine-grained access control and confidentiality to sensitive data hosted in the cloud are based on selectively encrypting the data before uploading it to the cloud. In such an approach, organizations have to enforce authorization policies through encryption. They thus incur high communication and computation cost to manage keys and encryptions whenever user credentials or organizational authorization policies change. Ideally, organizations should use encryption only in order to hide the data from the cloud, whereas the cloud should be in charge of enforcing authorization policies on the hidden data in order to minimize the overhead at organizations. In this paper, we propose a novel approach for delegating privacy-preserving fine-grained access enforcement to the cloud. Our approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. Our approach preserves the confidentiality of the data and the user privacy from the cloud, while delegating most of the access control enforcement to the cloud. Further, in order to reduce the cost of re-encryption required whenever the access control policies changes, our approach uses incremental encryption techniques.

Published

2012

16. Efficient privacy preserving content based publish subscribe systems

Author

Ning Shang, Mohamed Nabeel, and Elisa Bertino

Subjects

business.industry, computer.internet_protocol, Computer science, Internet privacy, Cryptography, Access control, Cloud computing, Service-oriented architecture, Computer security, computer.software_genre, Bottleneck, Outsourcing, Confidentiality, business, Publication, computer

Abstract

The ability to seamlessly scale on demand has made Content-Based Publish-Subscribe (CBPS) systems the choice of distributing messages/documents produced by Content Publishers to many Subscribers through Content Brokers. Most of the current systems assume that Content Brokers are trusted for the confidentiality of the data published by Content Publishers and the privacy of the subscriptions, which specify their interests, made by Subscribers. However, with the increased use of technologies, such as service oriented architectures and cloud computing, essentially outsourcing the broker functionality to third-party providers, one can no longer assume the trust relationship to hold. The problem of providing privacy/confidentiality in CBPS systems is challenging, since the solution to the problem should allow Content Brokers to make routing decisions based on the content without revealing the content to them. The previous work attempted to solve this problem was not fully successful. The problem may appear unsolvable since it involves conflicting goals, but in this paper, we propose a novel approach to preserve the privacy of the subscriptions made by Subscribers and confidentiality of the data published by Content Publishers using cryptographic techniques when third-party Content Brokers are utilized to make routing decisions based on the content. Our protocols are expressive to support any type of subscriptions and designed to work efficiently. We distribute the work such that the load on Content Brokers, where the bottleneck is in a CBPS system, is minimized. We extend a popular CBPS system using our protocols to implement a privacy preserving CBPS system.

Published

2012

17. Poster

Author

Elisa Bertino and Mohamed Nabeel

Subjects

Group (mathematics), business.industry, Computer science, Rekeying, Access control, business, Key management, Computer security, computer.software_genre, Broadcast encryption, Private information retrieval, computer, Group key

Abstract

Attribute based systems enable fine-grained access control among a group of users each identified by a set of attributes. Secure collaborative applications need such flexible attribute based systems for managing and distributing group keys. However, current group key management schemes are not well designed to manage group keys based on the attributes of the group members. In this poster, we propose a novel key management scheme that allows users whose attributes satisfy a certain policy to derive the group key. Our scheme efficiently supports rekeying operations when the group changes due to joins or leaves of group members. During a rekey operation, the private information issued to existing members remains unaffected and only the public information is updated to change the group key. Our scheme is expressive; it is able to support any monotonic policy over a set of attributes. Our scheme is resistant to collusion attacks; group members are unable to pool their attributes and derive the group key which they cannot derive individually.

Published

2011

18. Towards Privacy Preserving Access Control in the Cloud

Author

Mohamed Nabeel, Murat Kantarcioglu, Elisa Bertino, and Bhavani Thuraisingham

Subjects

Information privacy, business.industry, Computer science, Internet privacy, Cascading Style Sheets, Access control, Cloud computing, Computer security, computer.software_genre, Server, The Internet, Human resources, business, computer, Storage as a service, computer.programming_language

Abstract

It is very costly and cumbersome to manage database systems in-house especially for small or medium organizations. Data-as-a-Service (DaaS) hosted in the cloud provides an attractive solution, which is flexible, reliable, easy and economical to operate, for such organizations. However security and privacy issues concerning the storage of the data in the cloud and access via the Internet have been major concerns for many organizations. The data and the human resources are the life blood of any organization. Hence, they should be strongly protected. In this paper, we identify the challenges in securing DaaS model and propose a system called CloudMask that lays the foundation for organizations to enjoy all the benefits of hosting their data in the cloud while at the same time supporting fine-grained and flexible access control for shared data hosted in the cloud.

Published

2011

19. Mask

Author

Elisa Bertino, Ning Shang, John Zage, and Mohamed Nabeel

Subjects

Computer science, business.industry, Key distribution, Access control, Certification, Computer security, computer.software_genre, Encryption, World Wide Web, Order (business), Identity (object-oriented programming), business, Protocol (object-oriented programming), computer

Abstract

We propose to demonstrate Mask, the first system addressing the seemingly-unsolvable problem of how to selectively share contents among a group of users based on access control policies expressed as conditions against the identity attributes of these users while at the same time assuring the privacy of these identity attributes from the content publisher. Mask consists of three entities: a Content Publisher, Users referred to as Subscribers, and Identity Providers that issue certified identity attributes. The content publisher specifies access control policies against identity attributes of subscribers indicating which conditions the identity attributes of a subscriber must verify in order for this subscriber to access a document or a subdocument. The main novelty of Mask is that, even though the publisher is able to match the identity attributes of the subscribers against its own access control policies, the publisher does not learn the values of the identity attributes of the subscribers; the privacy of the authorized subscribers is thus preserved. Based on the specified access control policies, documents are divided into subdocuments and the subdocuments having different access control policies are encrypted with different keys. Subscribers derive the keys corresponding to the subdocuments they are authorized to access. Key distribution in Mask is supported by a novel group key management protocol by which subscribers can reconstruct the decryption keys from the subscription information they receive from the publisher. The publisher however does not learn which decryption keys each subscriber is able to reconstruct. In this demonstration, we show our system using a healthcare scenario.

Published

2010

20. A privacy-preserving approach to policy-based content dissemination

Author

Elisa Bertino, Federica Paci, Ning Shang, and Mohamed Nabeel

Subjects

Information privacy, Revocation, business.industry, Computer science, Authorization, Access control, Broadcasting, privacy preserving, Encryption, World Wide Web, Public-key cryptography, policy based content dissemination, The Internet, group key management scheme, business, Key management, privacy preserving , policy based content dissemination , group key management scheme, Content management

Abstract

We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

Published

2010

21. Secure Delta-Publishing of XML Content

Author

Mohamed Nabeel and Elisa Bertino

Subjects

XML Encryption, Database, Computer science, computer.internet_protocol, business.industry, cXML, Efficient XML Interchange, XML Signature, computer.file_format, computer.software_genre, Information leakage, business, computer, XML, Content management

Abstract

Many content distribution applications are characterized by frequent, incremental updates. Efficiency is not the only requirement in that security is also crucial for a large spectrum of applications. The goal of this work is to develop an approach for efficient and scalable dissemination of XML documents while assuring confidentiality, integrity and completeness without requiring the third-party publishers to be trusted. The key element of our approach to reduce the bandwidth requirements is to use delta messaging. Our approach takes every possible measure to minimize indirect information leakage by making the rest of the structure of XML documents to which clients do not have access oblivious. The experimental results show that our scheme is superior to conventional techniques of securing XML documents when the percentage of updates with respect to original documents is low.

Published

2008

22. A structure preserving approach for securing XML documents

Author

Elisa Bertino and Mohamed Nabeel

Subjects

XML Encryption, computer.internet_protocol, business.industry, Computer science, cXML, Efficient XML Interchange, XML Signature, XML validation, computer.file_format, Computer security, computer.software_genre, XML framework, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, Binary XML, business, computer, XML, Computer network

Abstract

With the widespread adoption of XML as the message format to disseminate content over distributed systems including Web Services and Publish-Subscribe systems, different methods have been proposed for securing messages. We focus on a subset of such systems where incremental updates are disseminated. The goal of this paper is to develop an approach for disseminating only the updated or accessible portions of XML content while assuring confidentiality and integrity at message level. While sending only the updates greatly reduces the bandwidth requirements, it introduces the challenge of assuring security efficiently for partial messages disseminated to intermediaries and clients. We propose a novel localized encoding scheme based on conventional cryptographic functions to enforce security for confidentiality and content integrity at the granularity of XML node level. We also address structural integrity with respect to the complete XML document to which clients have access. Our solution takes every possible measure to minimize indirect information leakage by making the rest of the structure of XML documents to which intermediaries and clients do not have access oblivious. The experimental results show that our scheme is superior to conventional techniques of securing XML documents when the percentage of update with respect to original documents is low.

Published

2007

23. Accelerated cosimulation using reconfigurable computing

Author

Ashraf Salem, Mohamed Nabeel, M. A. Sheirah, and Ayman Wahba

Subjects

Programmable logic device, Flexibility (engineering), Digital electronics, Software, Computer architecture, Computer science, business.industry, Principal (computer security), FpgaC, Software system, business, Reconfigurable computing

Abstract

Reconfigurable computing is becoming an important part of research in computer architecture and software systems. The principal benefits of reconfigurable computing are their ability to realize the flexibility of a software-based solution while retaining the execution speed of a more traditional, hardware-based approach. A great acceleration in the simulation time of digital circuits can be achieved by making a configurable device behave exactly as a given circuit. Simulation is then conducted on this hardware device instead of a software simulator.

Published

2004