Azhar Rauf

Using trusted computing for privacy preserving keystroke-based authentication in smartphones

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device—such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services. We present a prototype implementation of our protocol using the popular Android operating system for smartphones.

Semantics discovery in social tagging systems: A review

Web 2.0 has brought many collaborative and novel applications which transformed the web as a medium and resulted in its exponential growth. Tagging systems are one of these killer applications. Tags are in free-form but represent the link between objective information and users’ cognitive information. However, tags have ambiguity problem reducing precision. Hence search and retrieval pose a challenge on folksonomy systems which have flat, unstructured, non-hierarchical organization with unsupervised vocabulary. We present a brief survey of different approaches for adding semantics in folksonomies thus bringing structure and precision in search and navigation. We did comparative analysis to estimate the significance of each source of semantics. Then, we have categorized the approaches in a systematic way and summarized the feature set support. Based on the survey we end up with recommendations. Our survey and conclusion will prove to be relevant and beneficial for engineers and designers aiming to design and maintain well structured folksonomy with precise search and navigation results.

A Survey of Automatic Deep Web Classification Techniques

devise vision of the next generation of the web, deep web technologies have gained larger attention in a last few years. An eminent feature of next generation of web is the automation of tasks. A large part of Deep web comprises of online structured domain specific databases that are accessed using web query interfaces. The information contained in these databases is related to a particular domain. This highly relevant information is more suitable for satisfying the information needs of the users and large scale deep web integration. In order to make this extraction and integration process easier, it is necessary to classify the deep web databases into standard\ non-standard category domains. There are mainly two types of classification techniques i.e. manual and automatic. As the size of deep web is increasing at an exponential rate with the passage of time, it has become nearly impossible to classify these deep web search sources manually into their respective domains. For this purpose, several automatic deep web classification techniques have been proposed in the literature. In this paper apart from the literature survey, we propose a framework for analysis of automatic classification techniques of deep web. The framework provides a baseline for the analysis of rudiments of automatic classification techniques based on the parameters such as structured, unstructured, simple/advance query forms, content representative extraction methodology, level of classification, performance evaluation criteria and its results. Furthermore, we studied a number of automatic deep web classification techniques in the light of proposed framework.

A distortion based technique for preserving privacy in OLAP data cube

This paper is about privacy preservation of the data in OLAP data cube. Data cube is a multidimensional view of a database, which helps in analysis of data from different perspectives. Preserving privacy of individuals data while providing all data available for the analysis is one of the main challenges for OLAP systems. Because legitimate queries on aggregated values lead to the inference of individuals data or sensitive data. We propose a data perturbation technique called uniformly adjusted distortion, which initially distorts one cell and then uniformly distributes this distortion in the whole data cube. This uniform distribution not only preserves the aggregates but also provides maximum accuracy with range sum queries and high availability.

Watermarking scheme based on wavelet transform, genetic programming and Watson perceptual distortion control model for JPEG2000

Embedding of the digital watermark in an electronic document proves to be a viable solution for the protection of copyright and for authentication. In this paper we proposed a watermarking scheme based on wavelet transform, genetic programming (GP) and Watson distortion control model for JPEG2000. To select the coefficients for watermark embedding image is first divided into 32×32 blocks. Discrete Wavelet Transform DWT of each block is obtained. Coefficients in LH, HL and HH subbands of each 32×32 block are selected based on the Just Noticeable Difference (JND). Watermark is embedded by carefully chosen watermarking level. Choice of watermarking level is very important. The two important properties robustness and imperceptibility depends on good choice of watermarking level. GP is used to obtain mathematical function representing optimum watermarking level. The proposed scheme is tested and gives a good compromise between the robustness and imperceptibly.

A framework for secure and privacy protected collaborative contents sharing using public OSN

A major issue thoroughly raised and potentially vulnerable in online social networks (OSNs) is the user privacy preservation. Generally, the issue of privacy is tackled from the user point of view without considering the service providers and the third-party data collectors, who can manipulate user data for third party advertisement and behavioral analysis. Therefore, the privacy risk exists not only from the unauthorized users but also from the OSN service providers. To secure data from both the unauthorized users and OSN service providers a framework for collaborative contents sharing is proposed. In the proposed framework, contents are secured at the time of data dissemination and provided assurance about the data sharing among the legitimate users based on collaborative contents sharing. The proposed framework assures not only the confidentiality of contents but also the privacy of data owner and co-owners in OSN. An architecture is provided to support the theoretical and practical basis for the proposed framework; which exhibits the objective of preserving user and contents privacy.

Efficient XQuery over encrypted XML documents

Data plays an important role in todays business activities. In order to share information, data is outsourced occasionally, usually in the form of Extensible Markup Language (XML) files which may contain sensitive information only intended for specific audiences. Securing the data is, as a result, of the utmost importance. Several techniques are used for this purpose, with encryption being the most powerful method. The major disadvantage of using encryption is that it reduces the performance of those queries which perform operations on encrypted data. In this paper we propose a technique that significantly improves the performance of range XQuery on encrypted XML data. Results show that the proposed technique is more efficient than the state-of-the-art technique.

TODWEB: training-less ontology based deep web source classification

Today, deep web comprises of a large part of web contents. Because of this large volume of data, the technologies related to deep web have gained larger attention in recent years. Deep web mostly comprises of online domain specific databases, which are accessed by using web query interfaces. These highly relevant domain specific databases are more suitable for satisfying the information needs of the users. In order to make the extraction of relevant information easier, there is a need to classify the deep web databases into subject-specific self-descriptive categories. In this paper we present a novel training-less classification approach TODWEB based on common sense world knowledge (in the form of ontology or any external lexical resource) for the automatic deep web source classification; which will help in building highly scalable, domain focused and efficient semantic information retrieval systems (i.e. metasearch engine and search engine directories). One of the important aspects of this approach is the classification method which is completely training less and uses Wikipedia category network and domain-independent ontologies to analyze the semantics in the meta-information of the deep web sources. The large number of fine grained Wikipedia categories are employed to analyze semantic relatedness among concepts and finally the URL of deep web search source is mapped to the category hierarchy offered by Wikipedia. The experiments conducted on a collection of search sources shows that this approach results in a highly accurate and fine grained classification as compared to existing approaches, nearly identical to the results achieved by manual classification.

A cryptography-based approach to web mashup security

With the dawn of this century emerged new and innovative ways for creating software applications on the web. One of them is “web mashup”, which allows users to create new web applications by integrating data and services from other various web applications and data sources. Several technologies like Ajax, RSS, ATOM, REST, and XML etc have emerged which are used in creating mashups. The numerous online available data sources and services on one hand makes mashup creation fast and easy and also rich in content but on the other hand results in spawning security concerns. A wide array of security issues arises while combining diverse content/services from diverse sources into a new one, such as lack of security in the technologies and trustworthiness of content etc. In addition, several other issues like user privacy, data confidentiality, data integrity, and user authentication are needed to be addressed. In response to this, several proposals have been presented for improving the security of web mashups such as a new version of JavaScript with better security properties and addition of security tags in HTML etc. However, these approaches mostly focus on cross-site referencing issues. This research paper is aimed to provide a security framework that will use well-known cryptographic techniques to address the issues of data confidentiality, data integrity, and authentication as well as protection against the most common XSS and CSRF attacks in web mashups. Instead of concentrating on a particular security aspect, the proposed framework is more general and easy to conceptualize and implement.

UPDATE query over encrypted data

Data is a critical asset for every organization. Data of organizations are normally stored in database, therefore, database security is important. Encryption is one of the strong security layers in database security, but SQL has a limitation that its queries cannot be run directly on encrypted data. When some update is needed in an encrypted column of table so the entire column needs to be decrypted before updation process, this degrades system performance. This paper proposes a new technique to update value directly although the conditioned column is in encrypted form. It does not need to decrypt the entire conditioned column for update process. This improves system performance.