Salah H. Abbdal

Scheme for ensuring data security on cloud data storage in a semi-trusted third party auditor

Cloud computing is a promising information technology service that allocates and reallocates resources when a client requires virtual data storage and network facility at any time and place. Cloud computing provides large data storage and management services at the lowest cost. Thus, it is crucial for many organizations and clients who seek such services. Data security and integrity are necessary and play important roles. However, these two issues are facing significant challenges. Therefore, a robust scheme is required to ensure security and privacy while transmitting or storing data in the cloud storage environment. We propose an efficient and robust scheme to ensure data security in a semi-trusted third party auditor. Our scheme adopts an advanced encryption standard to support data owner privacy, a cryptography hash function to maintain data owner integrity, and elliptic curve cryptography to ensure data confidentiality, correctness, and security when transmitting data over unsecure channels. A security analysis confirms that our scheme can withstand man-in-the-middle attack and provides data correctness.

Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing

Online information security is a major concern for both users and companies, since data transferred via the Internet is becoming increasingly sensitive. The World Wide Web uses Hypertext Transfer Protocol (HTTP) to transfer information and Secure Sockets Layer (SSL) to secure the connection between clients and servers. However, Hypertext Transfer Protocol Secure (HTTPS) is vulnerable to attacks that threaten the privacy of information sent between clients and servers. In this paper, we propose Enc-DNS-HTTP for securing client requests, protecting server responses, and withstanding HTTPS attacks. Enc-DNS-HTTP is based on the distribution of a web server public key, which is transferred via a secure communication between client and a Domain Name System (DNS) server. This key is used to encrypt client-server communication. The scheme is implemented in the C programming language and tested on a Linux platform. In comparison with Apache HTTPS, this scheme is shown to have more effective resistance to attacks and improved performance since it does not involve a high number of time-consuming operations.

Privacy-Preserving Image Retrieval in IoT-Cloud

Within the IoT-cloud, security has a very significant role to play. One of the best means by which the security and privacy of an image may be safeguarded confidentially is through encryption. However, this methodological process engenders a disadvantage in that it is difficult to search through encrypted images. A number of different means by which encrypted image can be searched have been devised, however, certain security solutions may not be used for smart devices within an IoTcloud due to the fact that such solutions are not lightweight. We present a lightweight scheme that is able to provide a contentbased search through images that have been encrypted. More specifically, images are represented using local features. A similar methodology further described in [1] is also used for image similarity discrimination. In addition, we use a hashing method concerning a locality sensitive hash (LSH) so that the searchable index can be devised. The use of the LSH index means that the proficiency and effectiveness of the system is increased, which allows the retrieval of only relevant images with a minimum number of distance evaluations. Refining vector techniques are used to refine relevant results efficiently and securely. Our index construction process ensures that stored data and trapdoors are kept private.

Secure biometric image retrieval in IoT-cloud

Within the IoT-cloud, security has a very significant role to play. One of the best means to safeguard confidentially, security and privacy of a biometric image is through encryption. However, looking through encrypted data is a difficult process. A number of different techniques for searching encrypted data have been devised, but certain security solutions may not be used for smart devices within an IoT-cloud, and this is due to the fact that such solutions are not lightweight. In this paper, we present a lightweight scheme that provides the privacy-preserving biometric image search, which is a special case of content-based image retrieval (CBIR). A fusion of homomorphic encryption, cosine similarity and garbled circuit-based approaches are adopted in our scheme to achieve the best performance while simultaneously ensuring the privacy of the biometric image, and protection of any data access patterns and the users input query. We conduct several empirical analyses on real image collections to demonstrate the performance and security of our work.

Secure and efficient e-health scheme based on the Internet of Things

Internet of Things is a new generation of network service platform that allows everyday objects including small devices in sensor networks to be capable of connecting to the internet. Such an innovative technology can lead to positive changes in human life. An e-health service based on the Internet of Things has great potential. The popularity of intelligent mobile medical devices, wearable bio-medical sensor devices, cloud computing, and big data analysis have dramatically changed the usage pattern and business rule of e-health services based on the Internet of Things. The rapid development of e-health services based on the Internet of Things poses risks in security and privacy. In this study, we propose a new security scheme for an e-health service. This scheme allows both the local base station and hospital cloud server to authenticate each other, to secure the collection of health data. Our scheme uses the crypto hash function to check the integrity of authentication exchanges. In addition, it provides mutual authentication with anonymity and terminates with a session key agreement between each local base station and the hospital cloud server. To assess our scheme, we conduct performance and security analysis. Results show that our scheme is secure, lightweight, and resistant to different types of attacks.

DNS Protection against Spoofing and Poisoning Attacks

Domain name system is among the core part of TCP/IP protocol suite and the standard protocol used by the Internet. The domain name system consists of mapped website names with Internet protocol, which facilitates browsing by not requiring users to remember numeric notation addresses. The nature of the system, which involves transferring information in plain text, makes it vulnerable to security attacks. The domain name system suffers from spoofing and cache poisoning attacks that are intended to steal the private information of users. In this paper, a scheme is proposed to prevent the aforementioned attacks by using an asymmetric cipher to encrypt the important information in messages and to protect these messages from manipulation. The proposed scheme is examined and implemented using Linux platform and C programming language. The proposed scheme protects DNS against spoofing and poisoning attacks while the results show small fraction of delay in time comparing with the applied DNS. There are also additional commercial benefits since it does not result in additional costs.

Towards Secure Private Image Matching

Currently, image matching is being used in many daily life applications such as content-based image retrieval (CBIR), computer vision, and near duplicate images. Hence, a number of matching methods have been developed. However, most proposed methods do not address the challenges involved when confidential images are used in image matching between two security agencies. Thus, interest to develop a secure method, particularly one that can be used in privacy-preserving image matching, is growing. This paper addresses the challenge of privacy-preserving image matching between two parties where images are confidential. The descriptor set of the queried party needs to be generated and encrypted properly with the use of a secret key at the queried party side before being transferred to the other party. We present the development and validation of a secure scheme to measure the cosine similarity between two descriptor sets. The method can work without using any image encryption, sharing, and trusted third party. We conduct several empirical analyses on real image collections to demonstrate the performance of our work.

ARP Enhancement to Stateful Protocol by Registering ARP Request

Networking has become an essential factor in daily life and activities where the major problem in network security is the safety of the transfer information. The infrastructure for the networking is the TCP/IP suite, and the address resolution protocol is the core part of the standard which maps the logical address into a physical address. Address resolution protocol is defined as a stateless protocol in the network standard. Cache poisoning attacks target the address resolution protocol mapping to redirect the network traffic to the attacker machine, while the spoofing attack is an initialization phase for other attacks such as man-in-the-middle and denial of service attacks. The proposal in this paper is to defeat cache poisoning attacks by discarding the unregister reply, in other words, to enhance the address resolution protocol to become a stateful protocol and send a request based on the number of fake attacker replies received. The suggested address resolution protocol enhancement is examined and implemented in Linux kernel.

New data integrity scheme employing wavelet-based digital watermarking in cloud environment

The cloud is an on-demand service provided to users through the Internet. Security has become one of the key problems in the cloud because of the increasing number of users. Many challenges in cloud security need to be resolved. This work focuses on data integrity as one of these security challenges because when users remotely save their data in a cloud, they lose their control on them. Many researchers have presented solutions and developed security frameworks. However, to date, no guarantee has been established with regard to the retention of stored data in a cloud. A novel and unique data integrity scheme employing wavelet-based digital watermarking is developed in this paper. A parallel pre-processing technique is presented to obtain metadata by selecting a set of discrete wavelet transform coefficients and then securely embedding them with users file data blocks. We employ wavelet-based digital watermarking to produce metadata for the development of a secure scheme of data storage and verification in a cloud. As a result, digital watermarking is a strong technique that effectively prevents stored data from being intercepted and properly detects data tampering. The proposed scheme can support data dynamics because the cloud user needs to manipulate his or her data. This scheme is sufficiently robust to introduce a good starting point for data integrity in the cloud environment.

A secured scheme for geographical distance computation over encrypted cloud data

Popular service providers, such as Google and Amazon, have turned their vast resources into a cloud computing model and enforced their businesses to run applications on the servers of such new model. To ensure security and privacy in this environments, customers have to encrypt their data before uploading them into the cloud servers. Unfortunately, modern unbreakable encryption methods are inadequate because they do not have the ability to execute database queries on the encrypted data. In this paper, we address the problem of how to calculate the geographical distance over an encrypted dataset. Specifically, the data owner, Alice, sends her encrypted dataset of geographical locations into the cloud server. At any time, Bob would like to check the proximity of his submitted query from the locations of Alice. Our proposed scheme enables the untrusted server to perform such task without compromising the privacy of either the dataset of Alice or the query of Bob. Among various distance metrics, we employ the efficient principle of approximate matching to obtain the proximity between query and data locations. Furthermore, we use the inner product similarity to formalize such principle for similarity measurement. Several experiments have been conducted to investigate the overhead and the efficiency of the proposed scheme.