Abdul Ghafoor Abbasi

Towards a secure service provisioning framework in a Smart city environment

Abstract Over the past few years the concept of Smart cities has emerged to transform urban areas into connected and well informed spaces. Services that make smart cities “smart” are curated by using data streams of smart cities i.e., inhabitants’ location information, digital engagement, transportation, environment and local government data. Accumulating and processing of these data streams raise security and privacy concerns at individual and community levels. Sizeable attempts have been made to ensure the security and privacy of inhabitants’ data. However, the security and privacy issues of smart cities are not only confined to inhabitants; service providers and local governments have their own reservations — service provider trust, reliability of the sensed data, and data ownership, to name a few. In this research we identified a comprehensive list of stakeholders and modelled their involvement in smart cities by using the Onion Model approach. Based on the model we present a security and privacy-aware framework for service provisioning in smart cities, namely the ‘Smart Secure Service Provisioning’ (SSServProv) Framework. Unlike previous attempts, our framework provides end-to-end security and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning. The proposed framework ensures inhabitants’ privacy, and also guarantees integrity of services. It also ensures that public data is never misused by malicious service providers. To demonstrate the efficacy of SSServProv we developed and tested core functionalities of authentication, authorisation and lightweight secure communication protocol for data acquisition and service provisioning. For various smart cities service provisioning scenarios we verified these protocols by an automated security verification tool called Scyther.

Security Aspects of Virtualization in Cloud Computing

In Cloud computing, virtualization is the basis of delivering Infrastructure as a Service (IaaS) that separates data, network, applications and machines from hardware constraints. Although Cloud computing has been a focused area of research in the last decade, research on Cloud virtualization security has not been extensive. In this paper, different aspects of Cloud virtualization security have been explored. Specifically, we have identified: i) security requirements for virtualization in Cloud computing which can be used as a step towards securing virtual infrastructure of Cloud, ii) attacks that can be launched on Cloud virtual infrastructure, and iii) security solutions to secure the virtualization environment by overcoming the possible threats and attacks.

Web Contents Protection, Secure Execution and Authorized Distribution

This paper describes the design and implementation of a comprehensive system for protection of Web contents. In this design, new security components and extended security features are introduced in order to protect Web contents ageist various Web attacks. Components and extended security features are: protection of Web pages using strong encryption techniques, encapsulation of Web contents and resources in PKCS#7, extended secure execution environment for Java Web Server, eXtensible Access Control Markup Language (XACML) based authorization policies, and secure Web proxy. Design and implementation of our system is based on the concepts of generic security objects and component-based architecture that makes it compatible with exiting Web infrastructures without any modification.

Security analysis of VoIP architecture for identifying SIP vulnerabilities

Voice over Internet Protocol (VoIP) is an emerging technology that changes the way of communication services over IP networks. It provides flexible and low cost services to the users, which make it more popular than the existing Public Switch Telephone Network (PSTN). With the popularity of this technology, it became targeted victim of different attacks. In this paper we analyzed VoIP architecture, both theoretically and practically with more emphasizes on security of Session Initiation Protocol (SIP). In order to analyze theoretically, we performed a literature survey related to SIP security and classified it in term of existing SIP attacks and defenses. Our theoretical analysis reveals that most attacks on VoIP architecture were successful due to weaknesses of SIP, especially the authentication mechanism used in the session establishment phase. For practical analysis, we used open source Asterisk and pen-test it in different attacking scenarios using Kali Linux distribution. Our practical analysis studies revealed that open source asterisk server is still vulnerable to several attacks, which includes eavesdropping, intentional interruption, social threats, interception and modification, and unintentional interruption. We also provide a concise mitigating scheme based on Single Sign-On (SSO), which provides an efficient and reliable authentication mechanism for securing SIP.

CryptoNET: a model of generic security provider

The model and design of a generic security provider provides a comprehensive set of security services, mechanisms, encapsulation methods, and security protocols for Java applications. The model is structured in four layers; each layer provides services to the upper layer and the top layer provide services to applications. The services reflect security requirements derived from a wide range of applications; from small desktop applications to large distributed enterprise environments. Based on the abstract model, this paper describes design and implementation of an instance of the provider comprising various generic security modules: symmetric key cryptography, asymmetric key cryptography, hashing, encapsulation, certificates management, creation and verification of signatures, and various network security protocols. This paper also describes the properties for extensibility, flexibility, abstraction, and compatibility of the Java security provider.

VeidBlock: Verifiable Identity using Blockchain and Ledger in a Software Defined Network

Blockchain and verifiable identities have a lot of potential in future distributed software applications e.g. smart cities, eHealth, autonomous vehicles, networks, etc. In this paper, we proposed a novel technique, namely VeidBlock, to generate verifiable identities by following a reliable authentication process. These entities are managed by using the concepts of blockchain ledger and distributed through an advance mechanism to protect them against tampering. All identities created using VeidBlock approach are verifiable and anonymous therefore it preserves users privacy in verification and authentication phase. As a proof of concept, we implemented and tested the VeidBlock protocols by integrating it in a SDN based infrastructure. Analysis of the test results yield that all components successfully and autonomously performed initial authentication and locally verified all the identities of connected components.