Munirul Haque

CellCloud: A Novel Cost Effective Formation of Mobile Cloud Based on Bidding Incentives

Cloud computing has become the dominant computing paradigm in recent years. As clouds evolved, researchers have explored the possibility of building clouds out of loosely associated mobile computing devices. However, most such efforts failed due to the lack of a proper incentive model for the mobile device owners. In this paper, we propose CellCloud - a practical mobile cloud architecture which can be easily deployed on existing cellular phone network infrastructure. It is based on a novel reputation-based economic incentive model in order to compensate the phone owners for the use of their phones as cloud computing nodes. CellCloud offers a practical model for performing cloud operations, with lower costs compared to a traditional cloud. We provide an elaborate analysis of the model with security and economic incentives as major focus. Along with a cost equation model, we discuss detailed results to prove the feasibility of our proposed model. Our simulation results show that CellCloud creates a win-win scenario for all three stakeholders (client, cloud provider, and mobile device owners) to ensure the formation of a successful mobile cloud architecture.

OTIT: towards secure provenance modeling for location proofs

Personal mobile devices and location based services are gaining popularity every day. Since the location based services are often customized based on the location information, it is important to securely generate, preserve, and validate the claim of presence at a given location at a given time as well as location provenance - the history of locations for a mobile device user over a given time period. Location provenance needs to imply secure and chronological ordering of location proofs, which can be successfully verified at a later time. Otherwise, the location based services can be easily spoofed by falsified location history. In this paper, we present OTIT - a model for designing secure location provenance. We formalized the features and characteristics for the domain of secure location provenance schemes, using formal propositional logic and logical proofs. We also present several schemes, which can be used in various modes to provide secure location provenance services. Based on the characteristics defined in OTIT, we have analyzed different schemes to show their adherence to the desired features of secure location provenance. Furthermore, we present experimental results on the performance of the various schemes, in terms of time and storage, to show a comparative applicability analysis. We posit that OTIT will serve as a comprehensive benchmark framework to evaluate the models for secure location provenance.

WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices

Location-based services allow mobile device users to access various services based on the users current physical location information. Path-critical applications, such as supply chain verification, require a chronological ordering of location proofs. It is a significant challenge in distributed and user-centric architectures for users to prove their presence and the path of travel in a privacy-protected and secure manner. So far, proposed schemes for secure location proofs are mostly subject to tampering, not resistant to collusion attacks, do not offer preservation of the provenance, and are not flexible enough for users to prove their provenance of location proofs. In this paper, we present WORAL, a complete ready-to-deploy framework for generating and validating witness oriented asserted location provenance records. The WORAL framework is based on the asserted location proof protocol and the OTIT model for generating secure location provenance on the mobile devices. WORAL allows user-centric, collusion resistant, tamper-evident, privacy protected, verifiable, and provenance preserving location proofs for mobile devices. This paper presents the schematic development, feasibility of usage, comparative advantage over similar protocols, and implementation of WORAL for android device users including a Google Glass-based client for enhanced usability.

A trust based Information sharing model (TRUISM) in MANET in the presence of uncertainty

In the absence of centralized trusted authorities (CTA), security is one of the foremost concern in Mobile Ad-hoc Networks (MANET) as the network is open to attacks and unreliability in the presence of malicious nodes (devices). With increasing demand of interactions among nodes, trust based information sharing needs more stringent rules to ensure security in this pervasive computing scenario. In this paper, we present a novel multi-hop recommendation based trust management scheme (TRUISM). We adapt famous Dempster-Shafer theory that can efficiently combine recommendations from multiple devices in the presence of unreliable and malicious recommendations. A novel recommendation-routing protocol named `buffering on-the-fly has been introduced to reduce the number of recommendation traffic by storing trust values in intermediate nodes. TRUISM also provides a flexible behavioral model for trust computation where a node can prioritize recommendations based on its requirements. Evaluation result shows that our model not only performs well in the presence of contradictory recommendations but also ensures a faster and scalable trust based information sharing by reducing the overall packet flow in the system.

'Who, When, and Where?' Location Proof Assertion for Mobile Devices

In recent years, location of mobile devices has become an important factor. Mobile device users can easily access various customized applications from the service providers based on the current physical location information. Nonetheless, it is a significant challenge in distributed architectures for users to prove their presence at a particular location in a privacy-protected and secured manner. So far, researchers have proposed multiple schemes to implement a secure location proof collection mechanism. However, such location proof schemes are subject to tampering and not resistant to collusion attacks. Additionally, the location authority providing a location proof is assumed to be honest at all times. In this paper, we present the fundamental requirements of any location proof generation scheme, and illustrate the potential attacks possible in such non-federated environments. Based on our observations, we introduce a concept of witness oriented endorsements, and describe a collusion-resistant protocol for asserted location proofs.We provide an exhaustive security analysis of the proposed architecture, based on all possible collusion models among the user, location authority, and witness. We also present a prototype implementation and extensive experimental results to adjust different threshold values and illustrate the feasibility of deploying the protocol in regular devices for practical use.

Secure techniques and methods for authenticating visually impaired mobile phone users

A series of new types of frauds and threats have emerged with the increased popularity of smartphones. Studies show that smartphone users are three times more likely to become the victims of identity fraud. Though researchers have developed many well known methods for user authentication in smartphone, little has been done focusing on visually impaired mobile device users. Commonly used username-password based authentication is not suitable for such users as it is cumbersome and highly susceptible to eavesdropping. In this paper, we have proposed a comprehensive algorithmic model for detecting different physical activities, such as walking, by analyzing the accelerometer sensor data from smartphones. Our proposed scheme proves that each persons gait pattern is unique and can be used as a bio-metric data for authentication. The new tool promises to provide a feasible solution for authentication, especially for visually impaired smartphone users, free from aural and visual eavesdropping.

e-ESAS: Evolution of a participatory design-based solution for breast cancer (BC) patients in rural Bangladesh

AbstractnHealthcare facility is scarce for rural women in the developing world. The situation is worse for patients who are suffering from diseases that require long-term feedback-oriented monitoring such as breast cancer. Lack of motivation to go to the health centers on patients’ side due to sociocultural barriers, financial restrictions and transportation hazards results in inadequate data for proper assessment. Fortunately, mobile phones have penetrated the masses even in rural communities of the developing countries. In this scenario, a mobile phone-based remote symptom monitoring system (RSMS) with inspirational videos can serve the purpose of both patients and doctors. Here, we present the findings of our field study conducted on 39 breast cancer patients in rural Bangladesh. Based on the results of extensive field studies, we have categorized the challenges faced by patients in different phases of the treatment process. As a solution, we have designed, developed and deployed e-ESAS—the first mobile-based RSMS in rural context. Along with the detail need assessment of such a system, we describe the evolution of e-ESAS and the deployment results. We have included the unique and useful design lessons that we learned as e-ESAS evolved through participatory design process. The findings show how e-ESAS addresses several challenges faced by patients and doctors and positively impact their lives.n

CURLA: Cloud-Based Spam URL Analyzer for Very Large Datasets

URL blacklisting is a widely used technique for blocking phishing websites. To prepare an effective blacklist, it is necessary to analyze possible threats and include the identified malicious sites in the blacklist. Spam emails are good source for acquiring suspected phishing websites. However, the number of URLs gathered from spam emails is quite large. Fetching and analyzing the content of this large number of websites are very expensive tasks given limited computing and storage resources. Moreover, a high percentage of URLs extracted from spam emails refer to the same website. Hence, preserving the contents of all the websites causes significant storage waste. To solve the problem of massive computing and storage resource requirements, we propose and develop CURLA - a Cloud-based spam URL Analyzer, built on top of Amazon Elastic Computer Cloud (EC2) and Amazon Simple Queue Service (SQS). CURLA allows processing large number of spam-based URLs in parallel, which reduces the cost of establishing equally capable local infrastructure. Our system builds a database of unique spam-based URLs and accumulates the content of these unique websites in a central repository, which can be later used for phishing or other counterfeit websites detection. We show the effectiveness of our proposed architecture using real-life spam-based URL data.

Accountable proof of ownership for data using timing element in cloud services

While many cloud storage and infrastructure systems exist today, none of them provide a mechanism for accountability of stored or user generated content. This lack of security support has been a major hurdle for auditing documents, claiming data possession, and proof of authorship. In this paper, we present a novel idea for secure accountability of timing element for data in massively scalable systems. The proposed scheme allows a service provider to incorporate timing accountability of data generated at the provider, by requesting proofs from accountability servers in the cloud. Additionally, the size of the proof is independent of the data size and is a unique feature of our system design. The scalability of the system have been evaluated using the Amazon EC2.

StuxMob: A situational-aware malware for targeted attack on smart mobile devices

The availability of a rich variety of sensors in smart mobile devices has enabled todays software to be situational-aware and to learn about surrounding environment. We explore a novel generation of mobile malware, which utilizes this situational awareness and can attack a mobile device carried by a specific person, or people matching a specific set of criteria. The behavior and threat posed by StuxMob are distinguishable from the existing state-of-the-art malware. Todays malware attack devices either just after the devices got infected or through a command-and-control based botnets. In contrast, StuxMob will launch its payload and perform a specific act against the target, only if it finds a match between a given profile and the person carrying the device; otherwise, it remains dormant. By using off-the-shelf sensors of the mobile devices, StuxMob combines the physical activity of users with their surrounding environments to create users profile. We analyze the feasibility of such a malware and propose defense mechanisms against this type of targeted attack.