Mohamed Sobh

Portable executable automatic protection using dynamic infection and code redirection

This paper describes an automated technique for protecting portable executable files used in Windows NT Platform. The proposed technique mainly works on Portable Executable format for 32-bit applications. The paper describes the PE format illustrating its main structures followed by an overview on existing protection techniques, and then it illustrates the proposed technique used in packing the PE file in order to protect it against disassembling and reverse engineering. The protection technique involves a static operation on the file reversed by a dynamic one during the run-time. The static and the dynamic operations provide a combined solution for software protection against static (Automatic) and dynamic reverse engineering. The paper studies the effect of protection on the performance and provides a solution to enhance the results. The paper finally proposes a model to integrate the proposed technique with a license management system (LMS) and to manage the digital rights (DRM).

High Performance Java Card Operating System

Due to the fast evolving of trusted computing environments and internet-of-things an eager need has been established for open platforms which support interchangeable technologies to co-exist without threatening systems security. Certainly, future embedded applications will need high performance operating systems to support the intensive-computing algorithms required for satisfying acceptable response and secure the application inside the vulnerable open environment, hence, new inevitable requirements for embedded operating systems have arisen including hard real-time response, support for native applications, system openness and system scalability. This paper introduces a new design for secure and open smart card operating system, called ESCOS (Egypt Smart Card Operating System), based on the prevalent Java Card technology. The new design provides competitive characteristics in the main three factors of judging smart card platforms, namely, system security, supported technology and system response. In addition, ESCOS is designed to have high degree of modularity and re-configurability to meet fast-changing business needs and diverse hardware platforms.

Software Defined Networking concepts and challenges

Software Defined Networking (SDN) is an emerging networking paradigm that greatly simplifies network management tasks. In addition, it opens the door for network innovation through a programmable flexible interface controlling the behavior of the entire network. In the opposite side, for decades traditional IP networks were very hard to manage, error prone and hard to introduce new functionalities. In this paper, we introduce the concepts & applications of SDN with a focus on the open research challenges in this new technology.

Software Copy Protection and Licensing based on XrML and PKCS#11

This paper proposes Software Copy Protection and Licensing techniques based on Xrml and PKCS#11 standards. The purpose of the techniques is to increase the strength of software copy protection and preventing illegal distribution of software, which in turn protects intellectual property and secures the financial benefits for the vendors. The paper proposes a flexible, readable yet secure license structure based on Xrml. The licensing system is combined with two different protection techniques, Protection using Smart Tokens and Protection using Internet Activation Server. The paper illustrates how to map the license structure to grant records used in protection and Rights Management using PKCS standard. Finally, the paper proposes a full system architecture providing different licensing schemes useful in software market.

Efficient Architecture for Controlled Accurate Computation using AVX

Several applications have problems with the representation of the real numbers because of its drawbacks like the propagation and the accumulation of errors. These numbers have a fixed length format representation that provides a large dynamic range, but on the other hand it causes truncation of some parts of the numbers in case of a number that needs to be represented by a long stream of bits. Researchers suggested many solutions for these errors, one of these solutions is the Multi-Number (MN) system. MN system represents the real number as a vector of floating-point numbers with controlled accuracy by adjusting the length of the vector to accumulate the non-overlapping real number sequences. MN system main drawback is the MN computations that are iterative and time consuming, making it unsuitable for real time applications. In this work, the Single Instruction Multiple Data (SIMD) model supported in modern CPUs is exploited to accelerate the MN Computations. The basic arithmetic operation algorithms had been adjusted to make use of the SIMD architecture and support both single and double precision operations. The new architecture maintains the same accuracy of the original one, when was implemented for both single and double precision. Also, in this paper the normal Gaussian Jordan Elimination algorithm was proposed and used to get the inverse of the Hilbert Matrix, as an example of ill-conditioned matrices, instead of using iterative and time-consuming methods. The accuracy of the operations was proved by getting the inverse of the Hilbert Matrix and verify that the multiplication of the inverse and the original matrix producing the unity matrix. Hilbert Matrix inverse execution time was accelerated and achieved a speedup 3x, compared to the original NM operations. In addition to the previous, the accelerated MN system version was used to solve the polynomial regression problem.

Energy aware Secure Clustering in Mobile Ad hoc Networks

Mobile Ad hoc Networks (MANETs) suffer from security attacks and privacy issues, which dramatically impede their applications. In addition, the security measures applied in MANETs (like encryption and key distribution) have a number of negative effects on the networks performance. Cryptographic operations introduce a lot of both CPU and communication overhead. Therefore, routing protocols improvement is a challenge for researchers to overcome the negative effects of security measures. Clustering the MANET is a known technique to lower the routing over-head. It can also be utilized to distribute encryption keys and the authentication process. In this paper, a new protocol called Secure Clustering and Energy Saver Protocol “SCESP” is proposed. SCESP secures the Mobile Ad hoc Networks and increase its network lifetime. This system introduces a novel self-node clustering technique based on Ad-hoc On-demand Distance Vector “AODV” routing protocol. In addition, it eliminates the key distribution overhead using smart token or similar hardware which is used for authentication. The SCESP system succeeded to enhance the security level of MANETs and decrease the battery consumption of mobile nodes due to the transmitted and received route requests messages propagated to discover new routes in AODV routing protocol.

Novel file system with ASN.1 support for Java Card applications

By the release of Java Card 3.0 Connected version and the rapid evolution of ubiquitous computing, many embedded software applications have been proposed recently to exploit the benefits of the new technology. These recent research and software development activities make it inevitable to defend the new applications in the open untrusted environments through proposing parallel research in securing embedded software platforms. This paper proposes a novel File System Applet for existing Java Card systems that provides highly secure storage for security-critical objects of the other residing Applets. The new file system Applet depends on PKCS15 and ISO7816 standards and features new built-in ASN.1 parser to prevent intended/unintended leakage of sensitive information.

On-demand distributed on-card bytecode verification

After the evolution of Java-based smart cards, security issues arises concerning Java applets not to be vulnerable to modifications or malicious attacks that may threaten applications supported by these applets. Bytecode verification fills the latter gap. Java Sandbox Security model and Common Criteria standard suggest on-board bytecode verification to maximize security. This paper suggests an on-card bytecode verification whose execution is distributed within Java applets lifecycle. Part of the verification runs on-demand at the run-time execution phase of the Java applets. The proposed solution targets a real Java-based card operating system.

A reliable optical disk identification technique for protection purposes

Optical disks are commonly used for distributing software applications and digital content. This article proposes a new technique to stop piracy. The proposed technique identifies the optical disk and differentiates between the original disk and its copies. It can be used for software protection in order to provide strong security with a reliable performance. The proposed technique models and simulates the entire optical disk system in order to study the effect of physical differences between original disks and copies. The physical parameters of the original disks can be controlled while manufacturing; however, the parameters of the copies are constant. System simulations are performed to study the variations of disk parameters, drive configuration, and operating conditions. Further, practical experiments are conducted inside the lab to verify the simulation results. Finally, thousands of actual experiments are conducted to optimize the system performance and to decrease the failure rate.

A Mechatronic CAN-Based Functional Design and Verification Unified Approach

Abstract Abstract A mechatronic system needs an integrated design, implementation and verification unified approach due to multi-disciplinary interactive sub-system components. This paper presents a systematic methodology for a detailed migration from “model in the loop” (MIL), and “software in the loop” (SIL) to “hardware in the loop” (HIL) in order to full fill complicated mechatronic automotive system requirements. Break by wire anti-blocking car system model is implemented and simulated on Matlab™ in real time. For MIL, and SIL a virtual CAN bus channel is designed in order to communicate sensors and actuators signals to/from several electronic control units (ECUs). HIL is implemented to experiment the actual embedded controller performance over a real CAN bus with the real time simulated car model. Both virtual and real experimental results show the efficiency of the proposed approach.