Khalil El-Khatib

Trust-based security for wireless ad hoc and sensor networks

Wireless sensors networks are susceptible to a large number of security threats, and because of the communication, computation and delay constraints of most applications that run on top of these networks, traditional security mechanisms cannot be used. Trust and reputation have been recently suggested as an effective security mechanism for open environments such as the Internet, and considerable research has been done on modeling and managing trust and reputation. Using the trust and reputation management scheme to secure wireless sensor networks (WSNs) requires paying close attention to the incurred bandwidth and delay overhead, which have thus far been overlooked by most research work. In this paper, we propose a novel agent-based trust and reputation management scheme (ATRM) for wireless sensor networks. The objective of the scheme is to manage trust and reputation locally with minimal overhead in terms of extra messages and time delay. Throughout the entirety of this paper, we describe our scheme and prove its correctness. We will also present our extensive performance evaluation results, which clearly show that trust and reputation can be computed in wireless sensor networks with minimal overhead.

SDAR: a secure distributed anonymous routing protocol for wireless and mobile ad hoc networks

Providing security and privacy in mobile ad hoc networks has been a major issue over the last few years. Most research work has so far focused on providing security for routing and data content, but nothing has been done in regard to providing privacy and anonymity over these networks. We propose a novel distributed routing protocol which guarantees security, anonymity and high reliability of the established route in a hostile environment, such as an ad hoc wireless network, by encrypting the routing packet header and abstaining from using unreliable intermediate nodes. The major objective of our protocol is to allow trustworthy intermediate nodes to participate in the path construction protocol without jeopardizing the anonymity of the communicating nodes. We describe our protocol, SDAR (secure distributed anonymous routing), and provide its proof of correctness.

Privacy and Security in E-Learning

For a variety of advantages, universities and other organizations are resorting to e-learning to provide instruction on-line. While many advances have been made in the mechanics of providing online instruction, the needs for privacy and security have to-date been largely ignored. This paper examines privacy and security issues associated with e-learning. It presents the basic principles behind privacy practices and legislation. It investigates the more popular e-learning standards to determine their provisions and limitations for privacy and security. Privacy requirements for e-learning systems are explored with respect to the “Privacy Principles”. The capabilities of a number of existing privacy enhancing technologies, including methods for network privacy, policy-based privacy/security management, and trust systems, are reviewed and assessed.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks

An ad hoc wireless network is a temporary and dynamic environment where a group of mobile nodes with radio frequency transceivers communicate with each other without the intervention of any centralized administration or established infrastructure. Due to the limited transmission range of each mobile node, communication sessions between two nodes are usually established through a number of intermediate nodes, which are supposed to be willing to cooperate while forwarding the messages they receive to their destination. Unfortunately, some of these intermediate nodes might not be trustworthy and might be malicious, thereby forming a threat to the security and/or confidentiality of the exchanged data between the mobile nodes. While data encryption can protect the content exchanged between nodes, analysis of communication patterns may reveal valuable information about end users and their relationships. Using anonymous paths for communication provides security and privacy against traffic analysis. To establish these anonymous paths, in a traditional wired network, nodes build a global view of the network by exchanging routing information, whereas in an ad hoc wireless network, building this global view is not an option. In this paper, we propose a novel distributed routing protocol which guarantees security, anonymity and high reliability of the established route in a hostile environment, such as ad hoc wireless network, by encrypting routing packet header and abstaining from using unreliable intermediate node. The major objective of our protocol is to allow trustworthy intermediate nodes to participate in the path construction protocol without jeopardizing the anonymity of the communicating nodes. We describe our protocol, and provide its proof of correctness.

A novel solution for achieving anonymity in wireless ad hoc networks

A mobile ad hoc network consists of mobile nodes that can move freely in an open environment. Communicating nodes in a wireless and mobile ad hoc network usually seek the help of other intermediate nodes to establish communication channels. In such an open environment, malicious intermediate nodes can be a threat to the security and/or anonymity of the exchanged data between the mobile nodes. While data encryption can protect the content exchanged between nodes, routing information may reveal valuable information about end users and their relationships. The main purposes of this paper are to study the possibility of achieving anonymity in ad hoc networks, and propose an anonymous routing protocol, similar to onion routing concept used in wired networks. Our protocol includes a mechanism to establish a trust among mobile nodes while avoiding untrustworthy nodes during the route discovery process. The major objective of our protocol is to allow only trustworthy intermediate nodes to participate in the routing protocol without jeopardizing the anonymity of the communicating nodes. We present our scheme, and report on its performance using an extensive set of simulation set of experiments using ns-2 simulator. Our results indicate clearly that anonymity can be achieved in mobile ad hoc networks, and the additional overhead of our scheme to DSR is reasonably low when compared to a non-secure DSR ad hoc routing protocol.

Secure dynamic distributed routing algorithm for ad hoc wireless networks

An ad hoc wireless network permits wireless mobile nodes to communicate without prior infrastructure. Due to the limited range of each wireless node, communication sessions between two nodes are usually established through a number of intermediate nodes. Unfortunately, some of these intermediate nodes might be malicious, forming a threat to the security or confidentiality of exchanged data. While data encryption can protect the content exchanged between nodes, analysis of communication patterns may reveal valuable information about end users and their relationships. Using anonymous paths for communication provides security and privacy against traffic analysis. To establish these anonymous paths, all nodes build a global view of the network by exchanging routing information. In dynamic ad hoc networks, building this global view is not an option. In this paper, we propose and analyze a distributed route construction algorithm for use in the establishment of anonymous routing paths in ad hoc wireless networks.

Impact of Feature Reduction on the Efficiency of Wireless Intrusion Detection Systems

Intrusion Detection Systems (IDSs) are a major line of defense for protecting network resources from illegal penetrations. A common approach in intrusion detection models, specifically in anomaly detection models, is to use classifiers as detectors. Selecting the best set of features is central to ensuring the performance, speed of learning, accuracy, and reliability of these detectors as well as to remove noise from the set of features used to construct the classifiers. In most current systems, the features used for training and testing the intrusion detection systems consist of basic information related to the TCP/IP header, with no considerable attention to the features associated with lower level protocol frames. The resulting detectors were efficient and accurate in detecting network attacks at the network and transport layers, but unfortunately, not capable of detecting 802.11-specific attacks such as deauthentication attacks or MAC layer DoS attacks. In this paper, we propose a novel hybrid model that efficiently selects the optimal set of features in order to detect 802.11-specific intrusions. Our model for feature selection uses the information gain ratio measure as a means to compute the relevance of each feature and the k-means classifier to select the optimal set of MAC layer features that can improve the accuracy of intrusion detection systems while reducing the learning time of their learning algorithm. In the experimental section of this paper, we study the impact of the optimization of the feature set for wireless intrusion detection systems on the performance and learning time of different types of classifiers based on neural networks. Experimental results with three types of neural network architectures clearly show that the optimization of a wireless feature set has a significant impact on the efficiency and accuracy of the intrusion detection system.

Biometric Identification System Based on Electrocardiogram Data

Recent advancements in computing and digital signal processing technologies have made automated identification of people based on their biological, physiological, or behavioral traits a feasible approach for access control. The wide variety of available technologies has also increased the number of traits and features that can be collected and used to more accurately identify people. Systems that use biological, physiological, or behavioral trait to grant access to resources are called biometric systems. In this paper we present a biometric identification system based on the Electrocardiogram (ECG) signal. The system extracts 24 temporal and amplitude features from an ECG signal and after processing, reduces the set of features to the nine most relevant features. Preliminary experimental results indicate that the system is accurate and robust and can achieve a 100% identification rate with the reduced set of features.

Personal and service mobility in ubiquitous computing environments

Ubiquitous computing environment is defined by the shift of computing technology from the desktop to the background. One of its most notable attributes is its potential to extend the scope of service and personal mobility. This paper describes an agent-based architecture that brings personal and service mobility to the ubiquitous computing environment. A software agent, running on a portable device carried by the user, leverages the existing service discovery protocols to learn about all services available in the vicinity of the user. Short-range wireless technology such as Bluetooth can be used to build a personal area network connecting only devices that are close enough to the user. Acting on behalf of the user and based on a number of aspects, the software agent runs a quality of service (QoS) negotiation and selection algorithm to select the most appropriate available service(s) to be used for a given communication session. The software agent selects as well the configuration parameters for each service. The proposed architecture supports also service hand-off to recompense for service volatility during user movement. Copyright

Smart city architecture for community level services through the internet of things

Today, more than half of the worlds population spend their lives in cities, and this number will jump to 70 percent by 2050. Increasing population density in urban environments demands adequate provision of services and infrastructure. This explosion in city population will present major challenges including air pollution, traffic congestion, health concerns, energy and waste management. Solution to these challenges might require the integration of various Information and Communication Technologies into the artifact of the city. This paper presents an architecture for smart cities, where city management, community service providers and citizens have access to real time data which has been gathered using various sensory mechanisms in order to analyze and make decisions for future planning.