Ihab A. Ali

Efficient zero-knowledge identification scheme with secret key exchange

In an open network-computing environment, a workstation cannot be trusted to identify its users correctly to network services. Identification protocols provide an approach for the receiver of a message to ascertain its origin and to verify the identity of the sender in a distributed environment. Challenge-response identification schemes have been used to provide the authentication service but it might nonetheless reveal some partial information about the claimants secret; an adversarial verifier might also be able to strategically select challenges to obtain responses providing such information. Zero-knowledge (ZK) protocols are designed to address these concerns, by allowing a prover to demonstrate knowledge of a secret while revealing no information to be used by the verifier to convey the demonstration of knowledge to others. In this paper we present a Fiat-Shamir-like zero-knowledge identification scheme based on the elliptic curve discrete logarithm problem. We combined our scheme with secret key exchange for subsequent conventional encryption. We expand our scheme to support mutual identification, for open network application

TRIDNT: Isolating Dropper Nodes with Some Degree of Selfishness in MANET

In Mobile ad-hoc network, nodes must cooperate to achieve the routing purposes. Therefore, some network nodes may decide against cooperating with others; selfish nodes; to save their resources. Also these networks are extremely under threat to insider; malicious nodes; especially through packet dropping attacks.

A provably secure certificateless organizational signature schemes

Summary ‘Organization signature is a new variant of digital signature in organization transactions. It allows the employee in the organization to generate the message signature through his affiliation rather than his personal description. Certificateless public key cryptography solved the key escrow problem in identity-based cryptography, and the certificate distribution in the traditional public key infrastructure. In this paper, we present a provable secure pairing-free certificateless organizational signature scheme. Our scheme is more computationally efficient because it does not depend on pairings. The new scheme is provably secure in the random oracle model, assuming the hardness of elliptic curves discrete logarithm problem.’ Copyright

Trust model for TRIDNT trust based routing Protocol

In a mobile ad-hoc network, nodes cannot rely on any fixed infrastructure for routing purposes. Rather, they have to cooperate to achieve this objective. However, performing network functions consumes energy and other resources. Therefore, some network nodes may decide against cooperating with others; selfish nodes. Also security issues are more paramount in such networks even more so than in wired networks. In particular these networks are extremely under threat to insider; malicious nodes; especially through packet dropping attacks. Selfish and malicious nodes are termed as misbehaving nodes. Giving the selfish nodes the incentive to cooperate, while isolating the misbehaving nodes have been an active research area recently. In this paper, we introduce our Trust Model for TRIDNT (Two node-disjoint Routes scheme for Isolating Dropper Node in MANET) the reactive trust based routing Protocol, which allows some degree of node selfishness to give an incentive to the selfish nodes to declare its selfishness behavior to its neighbors, which reduce the searching time of misbehaving nodes to search for the malicious nodes only. In the proposed TRIDNT trust model, the trust among nodes is represented by trust score, which consist of direct and indirect trust, with addition of new term called the cooperation score, the trust calculation is based on the beta probability density function. TRIDNT use both DLL-ACK and end- to-end TCP-ACK as monitoring tools to monitor the behavior of routing path nodes: if the data packet successfully transmitted, then the path nodes trust value are updated positively; otherwise, if a malicious behavior is detected the path searching tool starts to identify the malicious nodes and update its trust value negatively and isolate them from the routing path and the network. We use the cooperation score to measure the unselfishness behavior of a suspect node and control the allowed selfishness behavior. Finally we calculate an accurate trust value threshold to distinguish between trustworthy or untrustworthy node.

Provably secure entity authentication the three party case

In an open network-computing environment, a workstation cannot be trusted to identify its users correctly to network services. Authentication protocols provide an approach for the receiver of a message to ascertain its origin and to verify the identity of the sender in a distributed environment. However, most of the protocols have suffered from several kinds of attacks. Therefore, it is necessary to verify authentication protocols deliberately with such attacks as a basis. This work presents a new cryptographic protocol for an open network-computing environment. It describes the weaknesses and limitations in Kerberos protocol and shows how the new protocol overcomes these weaknesses and limitations. We also demonstrate how the new protocol provides an additional service, privacy, beside the authentication service in less number of messages than the previous authentication protocols.

An improved technique for increasing availability in Big Data replication

Abstract Big Data represents a major challenge for the performance of the cloud computing storage systems. Some distributed file systems (DFS) are widely used to store big data, such as Hadoop Distributed File System (HDFS), Google File System (GFS) and others. These DFS replicate and store data as multiple copies to provide availability and reliability, but they increase storage and resources consumption. In a previous work (Kaseb, Khafagy, Ali, & Saad, 2018), we built a Redundant Independent Files (RIF) system over a cloud provider (CP), called CPRIF, which provides HDFS without replica, to improve the overall performance through reducing storage space, resources consumption, operational costs and improved the writing and reading performance. However, RIF suffers from limited availability, limited reliability and increased data recovery time. In this paper, we overcome the limitations of the RIF system by giving more chances to recover a lost block (availability) and the ability of the system to keep working the presence of a lost block (reliability) with less computation (time overhead). As well as keeping the benefits of storage and resources consumption attained by RIF compared to other systems. We call this technique “High Availability Redundant Independent Files” (HARIF), which is built over CP; called CPHARIF. According to the experimental results of the HARIF system using the TeraGen benchmark, it is found that the execution time of recovering data, availability and reliability using HARIF have been improved as compared with RIF. Also, the stored data size and resources consumption with HARIF system is reduced compared to the other systems. The Big Data storage is saved and the data writing and reading are improved.

Redundant Independent Files (RIF): A Technique for Reducing Storage and Resources in Big Data Replication

Most of cloud computing storage systems widely use a distributed file system (DFS) to store big data, such as Hadoop Distributed File System (HDFS) and Google File System (GFS). Therefore, the DFS depends on replicate data and stores it as multiple copies, to achieve high reliability and availability. On the other hand, that technique increases storage and resources consumption.

Design of soft handover protocol for mobile ATM networks

Handover or handoff control process is required to dynamically support active connections during the migration of a Mobile Terminal (MT) from one Access Point (AP) to another. This feature is critical for mobile multimedia services delivered to a Wireless ATM-WATM terminal, as well as for efficient support of current Personal Communication Systems (PCS)/Cellular System on an ATM infrastructure. Handover requires network signaling to maintain the communication link and may result in cell loss due to cell misrouting and/or misordering. Several hard handover schemes were proposed, these schemes have some potential problems such as the ping-pong phenomenon, the possibility of information loss and poor QoS. This paper presents a soft handover solution for Mobile ATM networks to overcome these limitations. Four soft handover schemes are presented based on different configurations of the mobile ATM networks and accordingly the way of achieving the matching of the ATM cells for both the upstream and downstream traffic.

ATROS: a simulator for the design and analysis of ATM networks and protocols

This paper introduces a simulation tool that could be used for the design and analysis of ATM networks and protocols. The simulator was developed in C/sup ++/ programming language and compiled on a DOS/Windows platform. It is a discrete-event simulator that has a user-friendly graphical user interface (GUI). The simulator has been tested and validated under different operational scenarios and shown to work well. It could run at both call and cell levels and in both Window and command line modes. The simulator functions comply with ATM Forums PNNI specifications.

A new hierachical routing method for broadband ISDN

A new hierarchical routing model for broadband networks is proposed and one of the problems facing the design of the hierarchical routing model is addressed. A brief description of the PNNI hierarchical routing model is given and a new hierarchical model that proves to be simpler and requires less storage than the PNNI model is proposed. The problem addressed is the choice of the number of levels in the hierarchy and the group size at each level. The optimization criterion for this problem is the minimization of storage required at each node to store the topology status information necessary for routing decision.