Mohd Anuar Mat Isa

A lightweight and secure TFTP protocol for smart environment

“Internet of Things” (IOT) has become the everyday buzz words in recent years. As part and parcel of the Smart environment where human beings and things interact intelligently, trust and mobility becomes the basic prerequisites. However, to unify trust and mobility, a security protocol must be used for information exchanges among human and things; as well as between things and things (such as between Wi-Fi Client and Wi-Fi AP). In this paper, we present an enhancement of a security protocol for bulk data transfer amongst embedded devices (similar to the practices in IOT). We also proposed a security framework for enhancing security, trust and privacy (STP) for embedded system infrastructure. We suggested the use of lightweight symmetric encryption (for data) and asymmetric encryption (for key exchange) protocols in Trivial File Transfer Protocol (TFTP). The target implementation of TFTP is for embedded devices such as Wi-Fi Access Points (AP) and remote Base Stations (BS). We have chosen Das U-Boot (Universal Boot loader) as the horizontal security platform for this new security implementation which is suitable for Smart Environment.

Trusted Real Time Operating System: Identifying its characteristics

Real Time Operating System (RTOS) had emerged in the market for the past few decades to provide solutions over various platforms that range from embedded devices to more sophisticated electronic system such nuclear plant and spacecraft. The evolution of the design of operating systems continues to endure the need of diverse applications that run on various platforms. Recently, there was a new element introduced to provide trust enhancement on the platform using Trusted Computing. In this paper, we discussed Trusted Computing and STP framework in providing the mechanism to check whether hardware, software or application running on the platform behaves as expected without need for further verification. We further discussed different architectures of RTOS and introduced the concept of Trusted Real Time Operating System (TRTOS). The term “behave as expected” needs characterization in operating system behaviours so that we can identify any new properties to be added as TRTOS characteristics during design and implementation. This paper identifies a few of these characteristics and further extends the concept of trust in the realization of RTOS.

Finest authorizing member of common criteria certification

Globalization had changed the world landscape into borderless world without limits to sea, land and air space. The development of IT products and services need evaluation and certification. This paper discusses some security and trust issues in Common Criteria in evaluation and certification of IT products and services. Our intention is to help manufacturer in choosing a finest authorizing member of CC certification for IT products and services in varying situations amongst countries participating in the CC certification, be it friendly, neutral or war. The consequence is to help reduce cost to trade these IT products and related services in global market. The ultimate impact is to enable us do more business and market our products in other countries if we have wider acceptability of the CC certification.

Cryptographic Adversary Model: Timing and Power Attacks

In this work, we present an adversary model that incorporates side channel attacks in the Indistinguishability Experiment for Adaptive Chosen Ciphertext Attack (CCA2). We propose security assumptions and an attack model for a secure SSW-ARQ protocol with an integration of TFTP protocol. We also present the security reduction of SSW-ARQ protocol from Cramer-Shoup encryption scheme, timing and power attacks as side channel security for the SSW-ARQ protocol. We suggest using a lightweight symmetric encryption for data encryption and asymmetric encryption for key exchange protocols in the TFTP. The target implementation of secure TFTP is for embedded devices such as Wi-Fi Access Points (AP) and remote Base Stations (BS). In this paper we present the security proofs based on an attack model (IND-CCA2) for securing TFTP protocol. We have also introduce a novel adversary model in IND-CCA2-(TA, PA, TPA) and it is considered a practical model because the model incorporates the timing attack and power attack.

Compression and encryption technique on securing TFTP packet

Data compression technique such as Huffman coding, arithmetic coding, Lempel-Ziv-Welch (LZW) method and others has been playing a vital role in the area of data transmission for reducing time usage during retrieving and transmitting data. However, this technique does not prevent data which contain secret information from being tampered or hacked by malicious attacks even in limited area network environment. Apart from the need of reducing data volume, an implementation of encryption is an important concern in order to transmit data over perfect security. This paper presents feasible approach in minimizing quantity of data and ensuring its security; data is compressed using a lossless algorithm, i.e. Huffman coding and then the compressed data is encrypted using symmetric encryption, AES algorithm. In this work, key exchange concept is also proposed based on Diffie Hellman Key Exchange (DHKE) which is used to exchange secret key for data encryption and decryption. The data is transferred in a local network between two computers through simple file transfer protocol known as Trivial File Transfer Protocol (TFTP). This protocol has been used widely for updating and transferring files especially to embedded devices and it would provide more benefit if security features were incorporated into this protocol. Thus, a lightweight security strategy which includes compression and encryption is an efficient solution to the security issue and to reducing file sizes in this type of environment. Experimental results based on proposed methodology are provided to analyze execution time of transmitting compressed-encrypted data and percentage reduction of file space.

Analysis of asymmetric encryption scheme, AA β Performance on Arm Microcontroller

Security protection is a concern for the Internet of Things (IoT) which performs data exchange autonomously over the internet for remote monitoring, automation and other applications. IoT implementations has raised concerns over its security and various research has been conducted to find an effective solution for this. Thus, this work focus on the analysis of an asymmetric encryption scheme, AA-Beta (AAβ) on a platform constrained in terms of processor capability, storage and random access Memory (RAM). For this work, the platform focused is ARM Cortex-M7 microcontroller. The encryption and decryptions performance on the embedded microcontroller is realized and time executed is measured. By enabled the I-Cache (Instruction cache) and D-Cache (Data Cache), the performances are 50% faster compared to disabled the D-Cache and I-Cache. The performance is then compared to our previous work on System on Chip (SoC). This is to analyze the gap of the SoC that has utilized the full GNU Multiple Precision Arithmetic Library (GMP) package versus ARM Cortex-M7 that using the mini-gmp package in term of the footprint and the actual performance.

A Series of Secret Keys in a Key Distribution Protocol

In this chapter, we present a series of secret keys distribution in a key exchange protocol that incorporates protection against side channel attacks using Indistinguishability Experiment (modified) for Adaptive Chosen Ciphertext Attack (CCA2). We also present a security analysis and a new attack model for a secure Chain Key Exchange Protocol with an integration of TFTP protocol in the UBOOT firmware. To enable RasberberryPi “system on chip” (SoC) to perform cryptographic computation, we modified the GNU GMP Bignum library to support a simple primitive cryptographic computation in the UBOOT firmware. We suggest using our key exchange protocol for a secure key distribution in the UBOOT’s TFTP protocol. Latter, the TFTP protocol can use the secure key which has been distributed by our key exchange protocol to encrypt the TFTP’s data using another symmetric encryption scheme such as AES256. Lastly, we introduce a variance of adversary model in IND-CCA2-(TA, PA, TPA) which may be considered as a more realistic and practical model because it incorporates timing attack and power attack.

Simulation of RSA and ElGamal encryption schemes using RF simulator

Sensor nodes commonly rely on wireless transmission media such as radio frequency (RF) and typically run on top of CoAP and TFTP protocols which do not provide any security mechanisms. One method of securing sensor node communication over RF is to implement a lightweight encryption scheme. In this paper, a RF Simulator developed in our previous publication which simulates lightweight security protocols for RF device communication using Rivest Shamir Alderman (RSA) and ElGamal encryption scheme are presented. The RF Simulator can be used for a fast trial and debugging for any new wireless security protocol before the actual or experimental implementation of the protocol in the physical devices. In our previous work, we have shown that the RF Simulator can support a cryptographer or engineer in performing quick product test and development for Diffe-Hellman Key Exchange Protocol (DHKE) and Advanced Encryption Standard (AES) protocols. In this work, we present the simulation result of implementing the RSA and ElGamal encryption scheme using SW-ARQ protocol in sensor node RF communication. The simulation was performed on the same testbed as previous works which comprised of HP DC7800 PCs and ARM Raspberry Pi boards.

RF simulator for cryptographic protocol

Advances in embedded RF devices and sensor nodes have witnessed major expansion of end user services such as Internet of Things (IoT) and Cloud Computing. These prospective smart embedded and sensor devices normally interconnect to the internet using wireless technology (e.g. radio frequency, Wi-Fi) and run on top of CoAP and TFTP protocols. In this paper, we present a RF Simulator v1.1 which simulates lightweight security protocols for RF devices communications using Stop and Wait Automatic Repeat Request (SW-ARQ) protocol. The RF Simulator can be used for a quick trial and debugging for any new cryptography protocol in the simulator before actual implementation or experiment of the protocol in the physical embedded devices. We believe that the RF Simulator may provide an alternate way for a computer scientist, cryptographer or engineer to do a rapid product research and development of any cryptographic protocol for smart devices. The major advantage of the RF Simulator is that the source codes in the simulator can be used directly into its physical implementation of the embedded RF devices communication. We also presented simulation results of DHKE and AES encryption schemes using SW-ARQ protocol as a use case of the RF Simulator. The simulation was executed in ARM Raspberry Pi board and HP DC7800 PC as hardware platforms for the simulator setup.

RF Simulations for AAβ Cryptosystem, an Asymmetric Encryption Scheme

Received Mar 3, 2018 Revised Apr 11, 2018 Accepted Apr 21, 2018 Paintball has gained a huge popularity in Malaysia with growing number of tournaments organized nationwide. Currently, Ideal Pro Event, one of the paintball organizer found difficulties to pair a suitable opponent to against one another in a tournament. This is largely due to the manual matchmaking method that only randomly matches one team with another. Consequently, it is crucial to ensure a balanced tournament bracket where eventual winners and losers not facing one another in the very first round. This study proposes an intelligent matchmaking using Particle Swarm Optimization (PSO) and tournament management system for paintball organizers. PSO is a swarm intelligence algorithm that optimizes problems by gradually improving its current solutions, therefore countenancing the tournament bracket to be continually improved until the best is produced. Indirectly, through the development of the system, it is consider as an intelligence business idea since it able to save time and enhance the company productivity. This algorithm has been tested using 3 size of population; 100, 1000 and 10,000. As a result, the speed of convergence is consistent and has not been affected through big population.N. N. S. Abdul Rahman, N.M. Saad, A. R. Abdullah, M. R. M. Hassan, M. S. S. M. Basir, N. S. M. Noor 1,2,4,6Faculty of Electronic and Computer Engineering, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia 2,3Center for Robotics and Industrial Automation, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia 3,5Faculty of Electrical Engineering, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, MalaysiaLight rail transit (LRT), or fast tram is urban public transport using rolling stock similar to a tramway, but operating at a higher capacity, and often on an exclusive right-of-way. Indonesia as one of developing countries has been developed the LRT in two cities of Indonesia, Palembang and Jakarta. There are opinions toward the development of LRT, negative and positive opinions. To reveal the level of LRT development acceptance, this research uses machine learning approach to analyze the data which is gathered through social media. By conducting this paper, the data is modeled and classified in order to analyze the social sentiment towards the LRT development.Mohamad, S., Nasir, F.M., Sunar, M.S., Isa, K., Hanifa, R.M., Shah, S.M., Ribuan, M.N., Ahmad, A. 1,4,6,7,8Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Johor, Malaysia 1,2,3UTM-IRDA Digital Media Centre, Media and Game Innovation Centre of Excellence, Universiti Teknologi Malaysia, Johor, Malaysia 1,2,3Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia 5Centre for Diploma Studies, Universiti Tun Hussein Onn Malaysia, Johor, Malaysia 6Research Centre for Applied Electromagnetics, Universiti Tun Hussein Onn Malaysia, Johor, MalaysiaReceived Jan 31, 2018 Revised Apr 21, 2018 Accepted Apr 30, 2018 Bluetooth is an emerging mobile ad-hoc network that accredits wireless communication to connect various short range devices. A single hop network called piconet is the basic communication topology of bluetooth which allows only eight active devices for communication among them seven are active slaves controlled by one master. Multiple piconets are interconnected through a common node, known as Relay, to form a massive network called as Scatternet. It is obvious that the performance of Scatternet scheduling is highly dependent and directly proportionate with the performance of the Relay node. In contrary, by reducing the number of Relays, it may lead to poor performance, since every Relay has to perform and support several piconet connections. The primary focus of this study is to observe the performance metrics that affects the inter-piconet scheduling since the Relay node’s role is like switch between multiple piconets. In this paper, we address and analyze the performance issues to be taken into consideration for efficient data flow in Scatternet based on Relay node.