Kamarularifin Abd Jalil

Securing routing table update in AODV routing protocol

AODV (Ad hoc On Demand Vector) is a reactive routing protocol in wireless mobile ad hoc network (MANET). AODV is accepted due to its ability to adapt rapidly in dynamic network environment with minimum overhead and small management packet size. However, AODV has limitation in security, thus it is susceptible to various attacks. One of the popular attacks in AODV is the Black Hole attack. There have been many works done to secure AODV from this attack but there are still some issues that need to be addressed. In this paper we proposed a novel method called ERDA (Enhance Route Discovery for AODV). ERDA will improve the security of the AODV during the route discovery process so that the adverse effect caused by the attack to the network performance is reduced. A simulation model has been developed to simulate the proposed method. Results obtained from simulation have shown that ERDA does not introduce high overhead during safe time (no attacks) and provide better performance during attack time (presence of Black hole) in the network.

Comparison of Machine Learning algorithms performance in detecting network intrusion

Organization has come to realize that network security technology has become very important in protecting its information. With tremendous growth of internet, attack cases are increasing each day along with the modern attack method. One of the solutions to this problem is by using Intrusion Detection System (IDS). Machine Learning is one of the methods used in the IDS. In recent years, Machine Learning Intrusion Detection system has been giving high accuracy and good detection on novel attacks. In this paper the performance of a Machine Learning algorithm called Decision Tree (J48) is evaluated and compared with two other Machine Learning algorithms namely Neural Network and Support Vector Machines which has been conducted by A. Osareh [1] for detecting intrusion. The algorithms were tested based on accuracy, detection rate, false alarm rate and accuracy of four categories of attacks. From the experiments conducted, it was found that the Decision tree (J48) algorithm outperformed the other two algorithms.

Black hole effect mitigation method in AODV routing protocol

Ad hoc On Demand Vector (AODV) is a reactive routing protocol in Mobile Ad hoc Network (MANET). Although the protocol has been around for quite some time, but there are still security issues which make it vulnerable to attacks such as black hole attack which subsequently affecting its performance adversely. There have been several previous works done to mitigate this problem but most of the proposed methods incur overhead to the existing protocol. Most of MANET devices are resource constraint and therefore a light solution is highly and preferably needed. For this reason, in this paper we propose a method called EAODV (Enhance AODV) based on our previous work called ERDA. Similar to ERDA it does not introduce any overhead and moreover, it does not change the existing protocol scheme. The new proposed method is able to enhance ERDA by introducing one extra parameter, which checks for control message from destination node. In simulation, EAODV has shown outstanding results as compared to ERDA besides significant improvement to the network performance as compared to the normal AODV protocol.

An Enhanced Route Discovery Mechanism for AODV Routing Protocol

Due to the unique characteristic of Mobile Ad hoc Network (MANET) and lack of security in its routing protocol, MANET is vulnerable to various attacks such as black hole. In this paper we study a black hole attack on one of ad hoc routing protocol called AODV (Ad hoc On Demand Vector). There have been many works done to solve this problem but most of them introduced extra overheads. In this paper we proposed a novel method to address this limitation called ERDA (Enhance Route Discovery for AODV) by improving the route discovery mechanism in the AODV protocol. The first part of this method is to secure the routing table update by introducing new parameter called rt_upd in recvReply() algorithm of AODV. The second part is to analyze AODV Receive Reply messages stored in a table called rrep_tab to isolate malicious nodes by maintaining those nodes in a list called mali_list. ERDA provides secure and low latency of route discovery as compared to previous methods. One of our future works is to perform a simulation to determine ERDA performance against other proposed methods in protecting MANET from black hole attacks.

Achieving trust in cloud computing using secure data provenance

Cloud computing is the next generation computer system which extends network architecture into dynamic and large scale capacity by using visualization techniques. Transparent and secure data provenance will enhance the level of trust in the Cloud. Recent literature on securing data provenance focuses only on providing partial part of security elements in their mechanisms, thus they could not provide full protection to the data provenance as a whole. This paper presents the provenance description and challenges in providing security assurances in the Cloud. The paper also proposes a novel trust model for data provenance in cloud computing. The model will be used for securing the transaction process of storing and accessing the data provenance. The paper describes in detail the flow process of the model to achieve a high level of trust in cloud services. The significance of this research is to enhance the level of trust in the cloud services via comprehensive trust model which consists all aspects of security elements in the model.

An enhanced remote authentication scheme to mitigate man-in-the-browser attacks

Lately, the attacks on online banking and electronic commerce applications are on the rise. These attacks are targeting at the vulnerabilities found at the client-side of a client-server communication. Unfortunately, the traditional security mechanisms are not efficient enough in preventing these attacks. Man-in-the-browser attack is an example of such attacks. In this type of attack, an attacker tries to take advantage at the vulnerabilities caused by the clients browser extension. This attack is able to manipulate the information contained in a transaction without the users consent. In this paper, an enhanced remote authentication protocol is proposed to mitigate the attack. Experiments were conducted in order to test the proposed protocol. From the experiments, it was found that the proposed protocol is able to mitigate the attack successfully.

Performance evaluation on modified AODV protocols

Ad hoc On-demand Distance Vector (AODV) is one of reactive routing protocol in Mobile Ad hoc Network (MANET) and many variants are developed based on modifying this protocol. Purposes of modification were mostly related to security and performance improvement, yet the additional processes being introduced in the modification could incur overheads to the modified AODV. The purpose of this paper is to evaluate some of the modified AODV protocols performance by examining their effectiveness in alleviating the black hole attack and further examining the effect of mitigation methods used on overhead. The performance analysis focuses on two conditions, i.e. no-attack and under-attack. Three modified AODV protocols were studied, namely idsAODV, HDAODV and EAODV, and a new modified protocol is proposed. Using NS-2 network simulator, the performance of these protocols under no-attack and under-attack scenarios were collected and analyzed. Simulations were conducted by varying the pause times in random waypoint mobility model. The performance results are presented using comparative analysis based on different performance matrices such as throughput, Packet Delivery Ratio, End-to-end delay, Network Routing Load and Energy usage. The results show that the three modified AODV protocols give positive effect to network performance in both conditions - under-attack and no-attack environment. EAODV protocol outperforms other modified protocols with highest network performance, but with longer delay and higher energy usage than the other modified protocols.

A composed energy aware metric for WSNs

In the current power aware- Directional Source Aware Routing Protocol (DSAP), the node with the most power and with the shortest path will be chosen for the next hop. The problem with this protocol is that, the same nodes might be chosen over and over again and will result in the depleting of energy in the nodes and will also cause unbalanced power dissipation in the network. In this paper, a new metric to solve this problem is proposed. In order to test the proposed metric, a simulation model was developed. This paper will start with the introduction of wireless sensor network and the DSAP. This is then followed by the explanation on the new metric and also results obtained from the simulation. Finally, the conclusion will be presented.

Data provenance trusted model in cloud computing

Transparency and confident towards cloud provider are some of the prominent issues in cloud today. In order to solve these problems, cloud service providers should have a high level of assurance and accountability in order to maintain trust between them and the users. This trust can be achieved through data provenance. Data provenance provides historical data from its original resources and can facilitate trust between cloud providers and users. This paper discusses the overview of data provenance in cloud computing and significant approach in provenance logging system. This is then followed by discussion of provenance challenges in cloud environment. Finally, this paper propose a novel data provenance trusted model to provide secured access to data provenance via a secured communication channel. This model also propose a consolidation log storage for virtual and physical layer in cloud environment.

Remote user authentication scheme with hardware-based attestation

Many previous works on remote user authentication schemes are related to remote services environment such as online banking and electronic commerce. However, these schemes are dependent solely on one parameter, namely, user legitimacy in order to fulfill the authentication process. Furthermore, most of the schemes rely on prearranged shared secret key or server secret key to generate session key in order to secure its communication. Consequently, these schemes are vulnerable to malicious software attacks that could compromise the integrity of the platform used for the communication. As a result, user identity or shared secret key potentially can be exposed due to limitation of the scheme in providing trust or evidence of claimed platform identity. In this paper, we propose a remote authentication with hardware based attestation and secure key exchange protocol to resist malicious software attack. In addition, we also propose pseudonym identity enhancement in order to improve user identity privacy.