Abdullah Mohammed Almuhaideb

Information Security Threats Classification Pyramid

Threat classification is extremely important for organizations, as it is an important step towards implementation of information security. Most of the existing threat classifications listed threats in static ways without linking threats to information system areas. The aim of this paper is to design a methodology that can classify deliberate threats in a dynamic way to represent each threat in different areas of the information system. This technique is based on the following factors: the attackers prior knowledge (i. e. the knowledge hold by the source of the threat) about the system, loss of security information and the criticality of the area that might be affected by that threat.

Two-Party Mobile Authentication Protocols for Wireless Roaming Networks

Mobile Internet access has significantly increased over the past few years. Roaming into foreign networks becomes necessary in order to access mobile-services. Traditionally, this done based on roaming agreement between the home network and the foreign network to extend trust for mobile users. However, secured mobile authentication is a challenge especially in two-party authentication environment where only the visited user and the foreign network get involved. This paper proposes two-party secure roaming protocols based on direct negotiation with potential foreign networks regarding quality of service, pricing and other billing related features, in order to establish service agreement and get the authorization token. The paper provides better performance to check the revocation status of the mobile user using recency evidence compare to the previously used revocation list. Identity Based Signature is used to stop impersonation attack. The security and performance analysis indicates that our protocol is resistant to well-known attacks, and it ensures efficient roaming.

Passport/Visa: Authentication and Authorisation Tokens for Ubiquitous Wireless Communications

Ubiquitous connectivity faces interoperation issues between wireless network providers when authenticating visiting users. This challenge lies in the fact that a foreign network provider does not initially have the authentication credentials of the mobile users. The existing approaches are based on roaming agreement to exchange authentication information between the home network and a foreign network. This paper proposes Passport/Visa approach that consists of two tokens: Passport (authentication token) and Visa (authorisation token), to provide a flexible authentication method for foreign networks to authenticate mobile users. Our approach can be used when there is no roaming agreement between foreign networks and the mobile user’s home network. The security analysis indicates that our protocol is resistant to well-known attacks, ant it efficiently ensures the security for both mobile users and network providers. The performance analysis also demonstrated that the proposed protocol will greatly enhance computation, and communication cost.

Toward a Ubiquitous Mobile Access Model: A Roaming Agreement-Less Approach

The development in mobile devices and wireless technologies opens up unlimited choices of mobile services such as mobile commerce. These advances make access services available and convenient everywhere at any time. Since mobile users usually move, accessing services becomes unavailable especially in some locations that are not covered by their home networks. Therefore, it becomes necessary to roam into foreign networks in order to access such services. However, authenticating visiting users by a foreign network results in some security concerns. This challenge lies in the fact that a foreign network provider does not initially have the authentication credentials of the mobile users. The existing approaches are either roaming agreement-based in exchanging authentication information between the home network and a foreign network or vulnerable to some security attacks. This paper proposes a roaming agreement-less approach based on our ubiquitous mobile access model. This approach consists of two tokens: Passport (identification token) and Visa (authorisation token) to provide a flexible authentication method for foreign network to authenticate mobile users. The security analysis indicates that our proposal is more secure and suitable for ubiquitous mobile communications specially in roaming agreement-less enviroment.

Beyond Fixed Key Size: Classifications Toward a Balance Between Security and Performance

The inherent limitations of mobile devices (MD) increase the gap between security and performance, and this gap increases with the growing heterogeneity of computing environments. As we are moving to the 4G network and Mobile Internet, there will be a need to deliver an intelligence tradeoff between security and performance. The main aim of this paper is to identify challenges in MD research and to propose practical solution to maintain the balance between efficiency and protection to secure mobile communication. We propose a Dynamic Key Size (DKS) architecture which can be integrated into security protocols to provide an efficient and secure mobile communication. Applications are provided with an interface for selectively securing information at different levels of protection. Our architecture makes use of both the information sensitivity and MD capabilities performance levels classifications in making a decision for suitable algorithm key length. As a possible application, we outline the integration of DKS over SSL protocol to demonstrate the flexibility features that improves the protocol security performance.

Analysis of mobile authentication protocols by SVO logic

The next generation of mobile services makes it desirable for mobile users to be connected everywhere. Since these users usually in the move, roaming services are deployed to allow mobile users to access foreign network services without being limited to the geographical coverage of their home networks. Several solutions have been proposed based on either two-party or three-party roaming structure to allow ubiquities mobile access authentication, however, limitations such as performance issues and security vulnerabilities still exist in these approaches. In this paper, we implemented a methodology for verifying authentication protocols based on SVO logic, which shows that our Passport/Visa protocols meet the desired authentication objectives and prove the protocols correctness. Moreover, we show that our proposal addresses existing limitations when compared to the other approaches.

A Novel Security Approach for Critical Information Systems: Preventing Flooding in the Non-authenticated Client Area Using a New Service from Local Network Service Providers

Flooding is one type of Denial of Service (DoS) attacks which can cause significant financial losses. This paper presents a new security approach which prevents flooding in the government critical systems and focuses in preventing flooding in non-authenticated client area. A new cooperation with local service providers has been suggested to make the prevention of flooding attacks easier. In addition, dynamic key encryption technique is adapted as a part of the proposed approach to enhance its functionality.

Securing mobile access in ubiquitous networking via non-roaming agreement protocol

Rapid developments in wireless technologies in terms of speed, quality and coverage are great motivations that lead to an increase in the use of mobile devices such as laptops and smart phones. These developments facilitate exchanging information anywhere any time. However, some concerns have been raised especially when the mobile users want to access services that provided by foreign networks. These issues can be classified as security and performance matters. This paper proposes a fast and secure authentication protocol. The new feature about this protocol is that the foreign network (FN) can authenticate the mobile user (MU) without checking with the home network (HN). This feature can effectively enhance the network performance as just two messages are required to authenticate the MU. Moreover, we will demonstrate the strengths of this protocol against the common security attacks and we will compare the protocol performance with the previous protocols to ensure efficiency.

A Hybrid Mobile Authentication Model for Ubiquitous Networking

The development in mobile devices and wireless technologies (e.g Cellular, Wi-Fi) has facilitated a growth in mobile services. As mobile users are usually moving, roaming services are deployed to allow users to access foreign network services without being limited to the geographical coverage of their home networks. Several solutions have been proposed to allow ubiquitous mobile access authentication; however, limitations still exist in these approaches, such as performance issues and security vulnerabilities. In this paper a novel hybrid mobile authentication model is proposed, with its realisation through suitable protocols that combine the advantages of both distributed and centralised models. The proposed Passport and Visa tokens assist a foreign network in authenticating and authorising visiting mobile users. These tokens also offer a unique solution to achieving secure and efficient key management. Most importantly, the proposed solution provides an efficient technique, using recency evidence (a Passport Stamp), to tackle the problem of a user revocation status check. The security and performance analysis demonstrates that the proposed protocols efficiently ensure secure roaming, greatly enhance computation speed, and reduce communication costs.

Authentication in Ubiquitous Networking

Mobile authentication is an essential service to ensure the security of engaging parties in a ubiquitous wireless network environment. Several solutions have been proposed mainly based on both centralised and distributed authentication models to allow ubiquitous mobile access authentication; however, limitations still exist in these approaches, namely flexibility, security and performance issues and vulnerabilities. These shortcomings are influenced by the resource limitations of both wireless networks and the mobile devices together with inter-technology and inter-provider challenges. In this paper, the authors reviewed the major techniques in the field of ubiquitous mobile access authentication, which has attracted many researchers in the past decade. After investigating existing mobile authentication models and approaches, the common challenges are summarised to serve as the solution key requirements. The identified key solution requirements allow analysing and evaluating mobile authentication approaches.