Search

Your search keyword '"Mahdi Aiash"' showing total 97 results
Start Over Author "Mahdi Aiash"
97 results on '"Mahdi Aiash"'

1. An Introduction of a Modular Framework for Securing 5G Networks and Beyond

Author

Ed Kamya Kiyemba Edris, Mahdi Aiash, and Jonathan Loo

Subjects
network services, access, security, framework, device to device, communication, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95
Abstract

Fifth Generation Mobile Network (5G) is a heterogeneous network in nature, made up of multiple systems and supported by different technologies. It will be supported by network services such as device-to-device (D2D) communications. This will enable the new use cases to provide access to other services within the network and from third-party service providers (SPs). End-users with their user equipment (UE) will be able to access services ubiquitously from multiple SPs that might share infrastructure and security management, whereby implementing security from one domain to another will be a challenge. This highlights a need for a new and effective security approach to address the security of such a complex system. This article proposes a network service security (NSS) modular framework for 5G and beyond that consists of different security levels of the network. It reviews the security issues of D2D communications in 5G, and it is used to address security issues that affect the users and SPs in an integrated and heterogeneous network such as the 5G enabled D2D communications network. The conceptual framework consists of a physical layer, network access, service and D2D security levels. Finally, it recommends security mechanisms to address the security issues at each level of the 5G-enabled D2D communications network.

Published
2022
Full Text
View/download PDF

2. Formalization and evaluation of EAP-AKA’ protocol for 5G network access security

Author

Ed Kamya Kiyemba Edris, Mahdi Aiash, and Jonathan Loo

Subjects
5G, EAP-AKA’, Security protocol, Formal methods, Verification, Authentication, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95
Abstract

The end user’s Quality of Experience (QoE) will be improved while accessing services in Fifth Generation Mobile Network (5G), supported by enhanced security and privacy. The security guarantees offered by the Authentication and Key Agreement (AKA) protocols will be depended upon by end users and network operators. The AKA protocols have been standardized for 5G networks, and the Extensible Authentication Protocol (EAP)-AKA’ protocol is one of the main authentication mechanisms that has been specified for User Equipment (UE) and network mutual authentication. This article models the EAP-AKA’ protocol and conducts an extensive formal verification of the EAP-AKA’ protocol as defined in the 5G security standard to determine whether the protocol is verifiably secure for 5G. It provides a security evaluation of the EAP-AKA’ protocol based on the current 5G specifications using ProVerif, a security protocol proof verifier. It also presents security properties that support the security verification, as well as quantitative properties that are used to assess the protocol’s performance. Finally, it compares the EAP-AKA’ and 5G-AKA protocols’ security and performance results.

Published
2022
Full Text
View/download PDF

3. IoT-Based Emergency Vehicle Services in Intelligent Transportation System

Author

Abdullahi Chowdhury, Shahriar Kaisar, Mahbub E. Khoda, Ranesh Naha, Mohammad Ali Khoshkholghi, and Mahdi Aiash

Subjects
intelligent transportation system, emergency vehicle priority, drone in emergency, Chemical technology, TP1-1185
Abstract

Emergency Management System (EMS) is an important component of Intelligent transportation systems, and its primary objective is to send Emergency Vehicles (EVs) to the location of a reported incident. However, the increasing traffic in urban areas, especially during peak hours, results in the delayed arrival of EVs in many cases, which ultimately leads to higher fatality rates, increased property damage, and higher road congestion. Existing literature addressed this issue by giving higher priority to EVs while traveling to an incident place by changing traffic signals (e.g., making the signals green) on their travel path. A few works have also attempted to find the best route for an EV using traffic information (e.g., number of vehicles, flow rate, and clearance time) at the beginning of the journey. However, these works did not consider congestion or disruption faced by other non-emergency vehicles adjacent to the EV travel path. The selected travel paths are also static and do not consider changing traffic parameters while EVs are en route. To address these issues, this article proposes an Unmanned Aerial Vehicle (UAV) guided priority-based incident management system to assist EVs in obtaining a better clearance time in intersections and thus achieve a lower response time. The proposed model also considers disruption faced by other surrounding non-emergency vehicles adjacent to the EVs’ travel path and selects an optimal solution by controlling the traffic signal phase time to ensure that EVs can reach the incident place on time while causing minimal disruption to other on-road vehicles. Simulation results indicate that the proposed model achieves an 8% lower response time for EVs while the clearance time surrounding the incident place is improved by 12%.

Published
2023
Full Text
View/download PDF

4. Investigating a Mobility-Aware QoS Model for Multimedia Streaming Rate Adaptation

Author

Fragkiskos Sardis, Glenford Mapp, Jonathan Loo, Mahdi Aiash, and Alexey Vinel

Subjects
Computer engineering. Computer hardware, TK7885-7895
Abstract

Supporting high quality multimedia streaming on wireless devices poses several challenges compared to wired networks due to the high variance in network performance encountered in the mobile environment. Although rate adaptation is commonly used in multimedia applications to compensate for fluctuations in network performance, it is a reactive mechanism which is not aware of the frequently changing connectivity that may occur on mobile devices. This paper proposed a performance evaluation model for multimedia streaming applications that is aware of user mobility and network performance. We presented an example of mathematical solution to the model and demonstrated the functionality using common mobility and connectivity examples that may be found in an urban environment. The proposed model is evaluated based on this functionality and how it may be used to enhance application performance.

Published
2015
Full Text
View/download PDF

5. A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology

Author

Anhtuan Le, Jonathan Loo, Kok Keong Chai, and Mahdi Aiash

Subjects
6LoWPAN, RPL, internal threats, topology attacks, specification-based, IDS, Information technology, T58.5-58.64
Abstract

Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network.

Published
2016
Full Text
View/download PDF

40. DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Author

Jonathan Loo, Ed Kamya Kiyemba Edris, Mahdi Aiash, and Seeling, Patrick

Subjects
formal methods, Computer science, data sharing, applied pi calculus, Access control, 02 engineering and technology, 0203 mechanical engineering, network services, federated identity, ProVerif, 0202 electrical engineering, electronic engineering, information engineering, Information-security, business.industry, security protocol, 020302 automobile design & engineering, 020206 networking & telecommunications, Provisioning, General Medicine, Information security, Cryptographic protocol, Service provider, Data sharing, Cellular network, authorization, Distributed-computing, Federated identity, business, 5G, data caching, Computer-networking, Computer network
Abstract

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Published
2021

41. Modeling and verifying a resource allocation algorithm for secure service migration for commercial cloud systems

Author

Florian Kammueller, Gayathri Karthick, Mahdi Aiash, and Glenford Mapp

Subjects
Service (business), Authentication, business.industry, Computer science, Quality of service, Cloud computing, Cryptography, 02 engineering and technology, Cryptographic protocol, Computational Mathematics, Artificial Intelligence, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Resource allocation, 020201 artificial intelligence & image processing, business, Key exchange, Computer network
Abstract

Cloud computing is the delivery of on‐demand computing resources. It shares the resources or provides vir‐utilization that enables single user to access various Cloud services such as CPU, memory, storage devices, network, and so on. However, more commercial cloud services offered by several cloud service providers (CSPs) are available in the market place. Most CSPs must, therefore, deal with the dynamic resource allocation where the mobile services are migrating from one cloud to another cloud environment to provide heterogeneous resources based on user needs. There is still a lack of heuristics that are able to check requested resources and available resources to allocate and deallocate before it begins the secure service migration. We proposed a resource allocation security protocol that allows resources to be allocated and migrated efficiently in a secure service migration between cloud infrastructures. Furthermore, formal methods can be used for protocols to verify the desired properties, detecting attacks and producing accurate outcomes. This article presents formal modeling and verification of this abstract protocol using ProVerif cryptographic tool to validate the security properties such as secrecy of resources, authentication from both parties and key exchange in order to securely migrate resources in commercial cloud environments.

Published
2021

42. Formal verification of authentication and service authorization protocols in 5G-enabled device-to-device communications using ProVerif

Author

Jonathan Loo, Mahdi Aiash, and Ed Kamya Kiyemba Edris

Subjects
Security analysis, formal methods, TK7800-8360, Computer Networks and Communications, Computer science, Access control, D2D, 02 engineering and technology, Cyber-security, Encryption, ProVerif, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Integrated Encryption Scheme, Authentication, business.industry, security protocol, 020206 networking & telecommunications, Service provider, Cryptographic protocol, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Cellular network, authentication, authorization, 020201 artificial intelligence & image processing, Electronics, business, 5G, Computer network
Abstract

Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols.

Published
2021

44. Security in Network Services Delivery for 5G Enabled D2D Communications: Challenges and Solutions

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects
Security analysis, User equipment, Computer science, business.industry, Service delivery framework, Network service, Cellular network, Service discovery, Core network, Service provider, business, Computer network
Abstract

Due to the increasing data traffic in mobile network, fifth generation (5G) will use Device to Device (D2D) communications as the underlay technology to offload traffic from the 5G core network (5GC) and push content to the edge closer to the users by taking advantage of proximity and storage features of User Equipment (UE). This will be supported by Networks Services (NS) provided by 5G, it will also enable new use cases that will provide the accessibility to other services in the Home network (HN) and third-party service provider (SP). Mobile Network Operators (MNO) will use NS such as D2D communications and content-centric networking (CCN) to deliver content-based services efficiently to UE. Both D2D and CCN have known security issues and their integration brings new security challenges. In this article, we present an integrated network service delivery (NSD) framework for 5G enabled D2D communications that leverages on NS for service discovery, content delivery, and protection of data. We also present a comprehensive investigation of security and privacy in D2D communications and service-oriented network, highlighting the vulnerabilities and threats on the network. We also evaluate the security requirements of NSD to deliver NS securely to D2D users based on X.805 security framework using the eight security dimensions and level abstraction approach for a systematic and comprehensive approach. Finally, we recommend security solution approaches for the secure NS access and sharing of data between users in 5G enabled D2D communications network.

Published
2021

45. Formal verification and analysis of primary authentication based on 5G-AKA protocol

Author

Mahdi Aiash, Jonathan Loo, and Ed Kamya Kiyemba Edris

Subjects
Security analysis, Authentication, Computer science, 3rd Generation Partnership Project 2, Cellular network, Cryptographic protocol, Computer security, computer.software_genre, Protocol (object-oriented programming), Formal verification, computer, 5G
Abstract

Fifth generation mobile network (5G) is intended to solve future constraints for accessing network services. The user and network operator depend on security assurances provided by the Authentication and Key Agreement protocols (AKA) used. For 5G network, the AKA has been standardized and 5GAKA protocol is one of the primary authentication methods that have been defined. This paper models the protocol and provides comprehensive formal analysis on 5G-AKA protocol as specified by The Third Generation Partnership Project (3GPP) standard. Using ProVerif a security protocol verification tool, we perform a full systematic evaluation of the 5G-AKA protocol based on the latest 5G specifications. We present security assumptions and properties that assists on the analysis based on two taxonomies, we find out that some important security properties are not achieved and related work ignored some crucial protocol flaws. Finally, we make some recommendations to address the issues found by our security analysis.

Published
2020

46. The Case for Federated Identity Management in 5G Communications

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects
Authentication, Computer science, business.industry, Service provider, Computer security, computer.software_genre, Identity management, User experience design, Network service, Cellular network, Single sign-on, Federated identity, business, computer
Abstract

The heterogeneous nature of fifth generation mobile network (5G) makes the access and provision of network services very difficult and raises security concerns. With multi-users and multi-operators, Service-Oriented Authentication (SOA) and authorization mechanisms are required to provide quick access and interaction between network services. The users require seamless access to services regardless of the domain, type of connectivity or security mechanism used. Hence a need for Identity and Access Management (IAM) mechanism to complement the improved user experience promised in 5G. Federated Identity Management (FIdM) a feature of IAM, can provide a user with use Single Sign On (SSO) to access services from multiple Service Providers (SP). This addresses security requirements such as authentication, authorization and user’s privacy from the end user perspectives, however 5G networks access lacks such solution. We propose a Network Service Federated Identity (NS-FId) model that address these security requirements and complements the 5G Service-\ud Based Architecture (SBA). We present different scenarios and applications of the proposed model. We also discuss the benefits of identity management in 5G.

Published
2020

47. Investigating network services abstraction in 5G enabled device-to-device (D2D) communications

Author

Mahdi Aiash, Ed Kamya Kiyemba Edris, and Jonathan Loo

Subjects
050101 languages & linguistics, business.industry, Computer science, 05 social sciences, 02 engineering and technology, Energy consumption, Network service, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Underlay, Latency (engineering), business, Mobile device, 5G, Computer network, Abstraction (linguistics)
Abstract

The increased demand of data rate by mobile users has led to the evolution of mobile network technologies from the fourth generation to fifth generation (5G). 5G mobile network will support various technologies that will be able to provide low latency, offload traffic and connect vertical industries. Device-to-device (D2D) communications will be used as the underlay technology for 5G network in the offloading of traffic from the cellular network and pushing content closer to the user. With D2D communication, various network services can be implemented to improve spectral efficiency and reduce energy consumption of mobile devices. This paper gives a brief overview of D2D communication and discusses different D2D applications. It proposes a network services abstraction and suggests the mapping of existing studies with the network service abstraction which can be used in the harnessing the development and implementation of D2D communication applications in 5G network. The paper also highlights possible future research for D2D communication in 5G network.

Published
2019

48. Formalization and Analysis of a Resource Allocation Security Protocol for Secure Service Migration

Author

Glenford Mapp, Gayathri Karthick, Mahdi Aiash, and Florian Kammueller

Subjects
Authentication, business.industry, Computer science, Quality of service, 020206 networking & telecommunications, 02 engineering and technology, Cryptographic protocol, Internet security, Computer security, computer.software_genre, Server, 0202 electrical engineering, electronic engineering, information engineering, Session key, 020201 artificial intelligence & image processing, business, computer, Key exchange, Cryptographic nonce
Abstract

The advent of virtual machine technology for example, VMware, and container technology, such as Docker, have made the migration of services between different Cloud Systems possible. This enables the development of mobile services that can ensure low latencies between servers and their mobile clients resulting in better QOS. Though there are many mechanisms in place to support for mobile services, a key component that is missing is the development of security protocols that allow the safe transfer of servers to different Cloud environments. In this paper, we propose a Resource Allocation Security Protocol for secure service migration. We explore two approaches; In the first approach, the protocol is developed and formally verified by Automated Validation of Internet Security Protocols and Applications tool. The protocol satisfies the security properties of secrecy and authentication. In addition, nonces are used for replay protection and to ensure freshness. In the second approach, a secure symmetrical session key is used to do the safe transfer and an automatic cryptographic protocol verifier ProVerif is employed to verify secrecy, authentication and key exchange.

Published
2018

50. Mobile femtocell utilisation in LTE vehicular environment: vehicular penetration loss elimination and performance enhancement

Author

Aboubaker Lasebae, Mahdi Aiash, Robert Colson, Rand Raheem, and Jonathan Loo

Subjects
business.industry, Computer science, Mobile computing, 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Base station, 0203 mechanical engineering, User equipment, Automotive Engineering, 0202 electrical engineering, electronic engineering, information engineering, Femtocell, Wireless, Path loss, Macrocell, Electrical and Electronic Engineering, business, Intelligent transportation system, Computer-networking, Computer network
Abstract

Mobile computing is fast becoming a vital part of everyday life in which User Equipment (UE) demand being reachable anywhere and at anytime, as they spend much time travelling from one place to another, often by trains or buses. The ultimate aim of passengers is the ability to be connected to the Internet while they are moving from one place to another with their mobile devices. Providing indoor coverage on trains and buses directly with outdoor Base Stations (BSs) may not be a good solution due to the high density of use and path losses in the LTE network. This limitation can result in poor signal quality inside the train, and offering broadband services is not always possible. Clearly improvement to broadband access on buses and trains could be achieved by installing more BSs close to railway and bus routes and terminals. However, this solution is not ideal for the Internet Service Providers (ISPs) due to the high investment needed to deploy many more BSs. In addition, such a solution will introduce additional complexity by increasing the number of Handovers (HOs). This issue has focused the research community effort on developing solutions that take advantage of the existing wireless infrastructure without increasing the number of BSs. One method being considered is the development of more efficient methods and technologies to manage the UE's mobility in seamless ways. In this paper we propose adoption of Mobile Femtocell (Mobile-Femto) technology as a solution to mitigate the Vehicular Penetration Loss (VPL) and Path Loss, with consequent improvement to the vehicular UE's performance in LTE networks. Our results, using a Matlab simulation model, showed a noticeable improvement in the achieved Ergodic capacity by 5% under a VPL of 40 dB while 90% of vehicular UEs spectral efficiency has improved by 1.3 b/cu under a VPL of 25 dB. In addition, 80% of vehicular UEs have improved their throughput and SINR by 300 kb/s and 4 dB respectively after implementing the Mobile-Femto into the Macrocell in LTE networks.

Published
2017

Catalog

Books, media, physical & digital resources
See catalog results