Ayman M. Bahaa Eldin

Agent based correlation model for intrusion detection alerts

Alert correlation is a promising technique in intrusion detection. It analyzes the alerts from one or more intrusion detection system and provides a compact summarized report and high-level view of attempted intrusions which highly improves security effectiveness. Correlation component is a procedure which aggregates alerts according to certain criteria. The aggregated alerts could have common features or represent steps of pre-defined scenario attacks. Correlation approaches composed of a single component or a comprehensive set of components. The effectiveness of a component depends heavily on the nature of the dataset analyzed. The order of correlation component will affect the correlation process performance. Moreover not all components should be used for different dataset. This paper presents an agent-based alert correlation model. Learning agent learns the nature of dataset within a network then guides the whole correlation process and components in such a suitable way of which components could be used and in which order. The model improves the performance of correlation process by selecting the proper components to be used. This model assures minimum alerts to be processed on each component depending on the dataset and minimum time for correlation process.

A modified thinning algorithm for fingerprint identification systems

A critical step in fingerprint identification system is the thinning of the input fingerprint image. The performance of a minutiae extraction algorithm relies heavily on the quality of the thinning algorithm. In this paper, a fast fingerprint thinning algorithm is introduced. The algorithm works directly on the gray-scale image not the binarized one where binarization of fingerprint causes many spurious minutiae and also removes many important features. The performance of the thinning algorithm is evaluated using many fingerprint images. Experimental results show that the proposed thinning algorithm is both fast and accurate.

Modular Multiplication for Public Key Cryptography on FPGAs

All public key cryptosystems, though being highly secure, have a common drawback: They require heavy computational effort. This is due to the reliance on modular multiplication of large operands (1024 bits or higher). The same problem arises in data encryption/decryption and digital signature schemes. Examples of such cryptosystems are RSA, DSA, and ECC. Now considering embedded platforms for applications of smart cards and smart tokens, the overall time performance of the cipher system becomes very slow. This refers to the limited computational power of the embedded processors. This paper introduces an enhanced architecture for computing the modular multiplication of large operands. The proposed design can act as a co-processor for embedded general purpose CPUs. The proposed design is compared with three previous architectures depending on carry save adders and look up tables, and scoring 69 MHz of maximum frequency. Look up tables should be loaded with a set of pre-computed values. Our proposed architecture replaces both look up tables and pre-computations with an enhanced version of sign detection techniques. Considering 1024 bits architectures, the proposed design scored a maximum frequency of 181 MHz. It also has a better overall absolute time for a single operation.

A new architecture for accurate dot product of floating point numbers

Many techniques were proposed to improve the accuracy of floating point operations such as addition, multiplication, and dot product. The purpose of such technique is to reduce the effect of rounding error. This paper introduces an efficient hardware implementation for accurate dot product. The proposed implementation was configured as a custom instruction in the ALTERA NiosII soft processor core. The computed result from the proposed method is as accurate as other algorithms and faster than them. Another advantage is that it has a linear time complexity, without any limitation on the vector length.

Efficient implementation of modular multiplication on FPGAs based on sign detection

All public key cryptosystems, though being highly secure, have a common drawback: They require heavy computational effort. This is due to the reliance on modular multiplication of large operands (1024 bits or higher). The same problem arises in data encryption/decryption and digital signature schemes. Examples of such cryptosystems are RSA, DSA, and ECC. Now considering embedded platforms for applications of smart cards and smart tokens, the overall time performance of the cipher system becomes very slow. This refers to the limited computational power of the embedded processors. This paper introduces an enhanced architecture for computing the modular multiplication of two large numbers X and Y modulo a given modulus M. The proposed design can act as a co-processor for embedded general purpose CPUs. The proposed design is compared with three previous architectures depending on carry save adders and look up tables. Look up tables should be loaded with a set of pre-computed values. Our proposed architecture uses the same carry save addition, but replaces both look up tables and pre-computations with an enhanced version of sign detection techniques. The proposed architecture supports higher frequencies than other architectures. It also has a better overall absolute time for a single operation.

Portable executable automatic protection using dynamic infection and code redirection

This paper describes an automated technique for protecting portable executable files used in Windows NT Platform. The proposed technique mainly works on Portable Executable format for 32-bit applications. The paper describes the PE format illustrating its main structures followed by an overview on existing protection techniques, and then it illustrates the proposed technique used in packing the PE file in order to protect it against disassembling and reverse engineering. The protection technique involves a static operation on the file reversed by a dynamic one during the run-time. The static and the dynamic operations provide a combined solution for software protection against static (Automatic) and dynamic reverse engineering. The paper studies the effect of protection on the performance and provides a solution to enhance the results. The paper finally proposes a model to integrate the proposed technique with a license management system (LMS) and to manage the digital rights (DRM).

High Performance Java Card Operating System

Due to the fast evolving of trusted computing environments and internet-of-things an eager need has been established for open platforms which support interchangeable technologies to co-exist without threatening systems security. Certainly, future embedded applications will need high performance operating systems to support the intensive-computing algorithms required for satisfying acceptable response and secure the application inside the vulnerable open environment, hence, new inevitable requirements for embedded operating systems have arisen including hard real-time response, support for native applications, system openness and system scalability. This paper introduces a new design for secure and open smart card operating system, called ESCOS (Egypt Smart Card Operating System), based on the prevalent Java Card technology. The new design provides competitive characteristics in the main three factors of judging smart card platforms, namely, system security, supported technology and system response. In addition, ESCOS is designed to have high degree of modularity and re-configurability to meet fast-changing business needs and diverse hardware platforms.

Hard-Detours: A new technique for dynamic code analysis

Dynamic code analysis for malware detection has become the heart of modern security tools. Some researchers target Microsoft Detours system to perform the dynamic analysis in window environment. This paper reveals some weakness in Microsoft Detours system. It introduces a mechanism (Anti-Detours) to escape from the code analysis trap. The paper proposes a new technique (Hard-Detours) to perform the dynamic code analysis. It intercepts the communication between the application and the system. The interception mechanism depends on the nature of each system call, to avoid detection, removal and bypassing techniques. The proposed technique is implemented for windows 32 Bit Portable Executables. Both analysis techniques are tested over a set of executables with and without the breaking mechanism.

Key Exchange by Synchronization of two Chaotic Systems

In this paper, the idea of synchronization of two chaotic systems is used to solve the key exchange problem in cryptography. A proposal for a protocol is given and it is claimed that this method is simple and secure against known attack with the proof that the underlying chaotic systems model is a very hard problem to be solved, unlike the discrete logarithmic problem and other problems currently being used for key exchange which are only believed to be hard

A security layer for smart card applications authentication

This paper briefly describes what is a smart card and its standard authentication schemes. Additionally, this paper provides high level overview of code signing mechanisms, which serve the purpose to ensure the smart card application (possible provided by 3rd Party Application Provider) is genuine and from an authorized provider.