Khair Eddin Sabri

A formal test for detecting information leakage via covert channels

With the emergence of computers in every day activities and with the ever-growing complexity of networks and network communication protocols, covert channels are becoming an eminent threat to the confidentiality of information. We propose a technique to detect confidential information leakage via covert channels. The proposed technique is based on relational algebra. It provides tests to verify the existence of a leakage of information via a monitored covert channel. The technique also provides computations which show how the information was leaked if a leakage exists. Our focus is limited to protocol-based covert channels and instances where the users of covert channels modulate the information that is being sent; either by encryption, or some other form of encoding. We discuss possible applications of the proposed technique in digital forensics and cryptanalysis. We also report on a prototype tool that allows for the automation of the proposed technique.

A temporal defeasible logic for handling access control policies

Access control policies are specified within systems to ensure confidentiality of their information. Available knowledge about policies is usually incomplete and uncertain. An essential goal in reasoning is to reach conclusions which can be justified. However, since justification does not necessarily guarantee truth, the best we can do is to derive “plausible/ tentative” conclusions from partial and conflicting information. Policies are typically expressed as rules that could be complex and include timing constraints. Complex sets of access policies can contain conflicts e.g., a rule allows access while another rule prevents it. In this paper, we aim at providing a formalism for specifying authorization policies of a dynamic system. We present a temporal defeasible logic (TDL) which allows us to specify temporal policies and to handle conflicts. It can be shown that the proposed model is a generalization of the role-based access control model.

Investigative Support for Information Confidentiality Part I: Detecting Confidential Information Leakage via Protocol-based Covert Channels

Abstract This is Part I in a two-part series discussing the development of investigative support for information confidentiality. In this paper, we propose a technique to detect confidential information leakage via protocol-based covert channels based on relation algebra. It provides tests to verify the existence of an information leakage via a monitored covert channel as well as computations which show how the information was leaked if a leakage exists. We also report on a prototype tool that allows for the automation of the proposed technique. Our focus is limited to protocol-based covert channels and instances where covert channel users modulate the sent information by some form of encoding such as encryption.

An Algebraic Approach Towards Data Cleaning

Abstract There has been a proliferation in the amount of data being generated and collected in the past several years. One of the leading factors contributing to this increased data scale is cheaper commodity storage, making it easier for organisations to house large data stores containing massive amounts of historical data. To effectively analyse these data sets, a preprocessing step is often required as most real data sets are inherently dirty and inconsistent. Existing data cleaning tools have focused on cleaning the errors at hand. In this paper, we take a more formal approach and propose the use of information algebra as a general theory to describe structured data sets and data cleaning. We formally define the notion of association rule, association function, and we present results relating these concepts. We also propose an algorithm for generating association rules from a given structured data set.

Algebraic Framework for the Specification and Analysis of Cryptographic-Key Distribution

Several organizations generate and store a wide range of information in what is commonly referred to as data stores. To access the information within these data stores, two main architectures are widely adopted. The first architecture gives access to information through a trusted server that enforces established confidentiality policies. The second one allows the information to be public but in its encrypted form. Then through a scheme for the distribution of cryptographic keys, each user is provided with the keys needed to decrypt only the part of the information she is authorized to access. This paper relates to the latter architecture. We introduce an algebraic framework that takes into consideration a new perspective in tackling the key-distribution problem. We use the proposed framework to analyze key-distribution schemes that are representative of the ones found in the literature. The framework enables the specification and the verification of key-distribution policies. We also point to several other applications related to measures ensuring information confidentiality.

Investigative Support for Information Confidentiality Part II: Applications in Cryptanalysis and Digital Forensics

AbstractThis is Part II in a two-part series discussing the development of investigative support for information confidentiality. In Part I,we proposed a technique based on relation algebra to detect confidential information leakage via protocol-based covert channels.In this paper, we continue developing investigative support for information confidentiality. We examine the application of thetechnique for detecting confidential information leakage proposed in Part I in cryptanalysis and digital forensics to highlight itsusefulness beyond the scope of covert channel analysis. By way of a short case study, we show the automation of the cryptanalysisapplication of the technique for detecting confidential information leakage using a prototype tool and a known-plaintext attack.© 2014 Elsevier B.V. This is an open access article under the CC BY-NC-ND license c 2014 The Authors. Published by Elsevier B.V.Peer-review under responsibility of the Program Chairs of FNC-2014. Keywords: cryptanalysis, confidentiality, digital forensics, formal methods, covert channels, security

A generic algebraic model for the analysis of cryptographic-key assignment schemes

One of the means to implement information flow policies is by using a cryptographic approach commonly referred to as key assignment schemes. In this approach, information is made publicly available to users but in an encrypted form. Then, keys are assigned to users such that each key reveals a specified part of the information. Usually the distribution of keys follows a predefined scheme that specifies the ability of users to reveal information. n nIn this paper, we present an algebraic approach based on idempotent commutative semirings to define, specify, and analyse key assignment schemes. Then, we illustrate its usage on two key assignment schemes selected from the literature. Also, we propose amendments to the studied schemes to extend their scopes. The proposed generic algebraic approach enables the verification of security properties at an abstract level in systems that use key assignment schemes. The verification takes into consideration the algebraic properties of schemes, and the considered relationships among the assigned keys. Then, it enables the verification of the secrecy properties of the system through algebraic calculations. All the calculations can be automated using a theorem prover such as Prover9.

Investigative support for information confidentiality

With the ubiquity and pervasiveness of computers in daily activities and with the ever-growing complexity of communication networks and protocols, covert channels are becoming an eminent threat to the confidentiality of information. In light of this threat, we propose a technique to detect confidential information leakage via protocol-based covert channels. Although several works examine covert channel detection and analysis from the perspective of information theory by, for instance, analysing channel capacities, we propose a different technique that tackles the problem from a different perspective. The proposed technique takes an algebraic approach using relations. It provides tests to verify the existence of a leakage of information via a monitored covert channel. It also provides computations which show how the information was leaked if a leakage exists. We also discuss possible applications of the proposed technique in cryptanalysis and digital forensics based on a known-plaintext attack. We report on a prototype tool that allows for the automation of the proposed technique.

Generating Test Cases from Role-Based Access Control Policies using Cause-Effect Graph

Role-based access control is one of the fundamental security models used to ensure the confidentiality and integrity of information by specifying policies and enforcing them through mechanisms. Usually, authorization constraints are defined on policies to enforce some regulations such as a user cannot be assigned to two conflicting roles. Once the RBAC mechanisms are implemented in a system, testing is performed to ensure the correctness of the implementation. Black-box testing is one approach for software testing where test cases are generated from the specification. The challenge of this approach is the huge number of test cases that can be generated. This paper aims at reducing the number of test cases required to test the implementation of RBAC system. To achieve that, we use a cause-effect graph to specify policies, and then link authorization constraints to the cause-effect graph constraints. The specification of constraints within the cause-effect graph allows reducing the number of test cases by removing the useless cases due to authorization constraints. We illustrate our technique through an illustrative example with the aid of the BenderRBT tool. The results show that the number of test cases is significantly reduced.

Hierarchical architecture and protocol for mobile object authentication in the context of IoT smart cities

Abstract The deployment of smart technologies such as smart meters, smart phones, and smart chips has facilitated the development of smart cities. Smart cities include different smart systems such as smart homes, smart grids, etc. These smart systems should be connected together along with huge number of smart objects in the world largest network known as the Internet of Things (IoT). Trusted communication between an IoT object, which could be any device, and smart systems is an essential objective for the security over the IoT. This can be supported by authentication enforcers which, with the large number of connected objects in the IoT, should impose efficient and scalable mobile object authentication solutions. In this paper, a four-layer architecture for mobile object authentication in the context of IoT smart cities is proposed. This architecture is designed to address different IoT challenges such as scalability, mobility, and heterogeneity. Moreover, the architecture is supported by the applicability of a proposed hierarchical elliptic curve identity based signature authentication protocol. The proposed architecture and the proposed authentication protocol have been compared with other related works proposed in the literature. Various design goals of IoT in smart cities have been considered in the comparison along with the computation cost on both the sender and the receiver entities. Results show that the proposed architecture supports more design goals of IoT in smart city than its rival architectures and the proposed authentication protocol has lower computation cost than the other related protocols.