Shahrulniza Musa

How secure is your smartphone: An analysis of smartphone security mechanisms

Smartphones are becoming more and more popular due to the increase in their processing power, mobility aspect and personal nature. Android is one of the most popular and fully customizable open source mobile platforms that come with a complete software stack. One of the main reasons behind the rapid growth in adoption of smartphones is their capability to facilitate users with third-party applications. Android offers hundreds of thousands of applications via application markets and users can readily install these applications. However, this rapid growth in smartphone usage and the ability to install third-party applications has given rise to several security concerns. In this paper, we present the current state of smartphone security mechanisms and their limitations in order to identify certain security requirements for proposing enhancements for the smartphone security model. We analyze the improvements proposed for the basic Android security model and discuss their advantages and limitations in detail. We also present certain security requirements that need to be fulfilled in order to design and implement security enhancements for Android that can be widely adopted by the broader community.

Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach

The internet is gaining a lot of importance day by day, especially with the emergence of cloud technology. This new technology has made a new computing service to end users that include, PaaS, SaaS. On the other hand, this technology was accompanied with some shortages. The most serious obstacle is the security challenges because of the cloud is characterized by computing resource sharing and multi-tenancy features and as a result flooding based denial of service attack has been observed. This effect on performance and quality of service on cloud. To overcome this security challenge, there are several methods to detect and prevent this kind of attack. Most of these approaches are using statistical and/or artificial intelligence methods. In this research paper a new model to detect flooding based DoS attack in cloud environment has been suggested consisting three phases. (1) The first-phase is to model the normal traffic pattern for baseline profiling and (2) the second phase is the intrusion detection processes and (3) finally prevention phase. The covariance Matrix mathematical model is used as detecting method. The phase (1) and (2) have been implemented in real test bed. From the result, it is proven that we can detect the flooding attack effectively.

Visualising Communication Network Security Attacks

The task of exploring and analysing large quantities of communication network security data is difficult. Visualisation of the data should help the analyses and make data exploration faster and easier. This paper describes prototype software that visualises the alerts effectively and provides a simple presentation. The needs analysis of this prototype is based on the suggested needs of network security analysts tasks as seen in the literature. The prototype software incorporates various projections of the alert data in 3-dimensional displays. Filtering, drill-down and playback of alerts at variable speed are incorporated to strengthen the analysis. We integrate a false alert classifier using classification tree algorithm to classify alerts into false and true alerts. Real-time visual observation is also included. We describe some example analyses to prove the usefulness of our prototype.

A NEW CLOUD BASED SUPERVISORY CONTROL AND DATA ACQUISITION IMPLEMENTATION TO ENHANCE THE LEVEL OF SECURITY USING TESTBED

Now days cloud computing is an important and hot topic in arena of information technology and computer system. Several companies and educational institute s have been deployed cloud infrastructures to overc ome their problems such as easy data access, software u pdates with minimal cost, large or unlimited storag e, efficient cost factor, backup storage and disaster recovery and several other benefits compare with th e traditional network infrastructures. In this resear ch paper; Supervisory Control and Data Acquisition (SCADA) system has been deployed within cloud computing environment, to minimized the cost (that are related with real time infrastructure or SCADA implementation) and take the advantages of cloud computing. The command bytes (data) have been transmitted between SCADA nodes and traffic is monitored and controlled simultaneously at master ( main controller) site. During communication, security is a major issue because usually, SCADA sy stem and cloud infrastructure had been deployed without any security consideration. In current test bed implementation, strong security mechanism (using cryptography solution) has been deployed, wh ile exchanging commands within cloud environment (SCADA within cloud environment). Several times attacks included “authentication, integrity, confidentiality and non-repudiation” hav e been lunched, to evaluate the security solution (proposed security solution) and security during ab normal communication.

Realization of a user-centric, privacy preserving permission framework for Android

Android has been steadily gaining market share, and the number of available applications is increasing at a healthy pace. Because of the myriad of third-party applications, privacy concerns are starting to surface in the community. Application developers usually request access to more system resources than are strictly required for their apps. However, the stock Android permission model does not allow users to selectively grant permissions. This is a well-known issue, but existing solutions to this problem are either too abstract or require detailed changes to the core model-making it difficult for both developers and users to accept them. In this paper, we present a fine-grained, user-centric permission model for Android that allows users to selectively grant permissions to applications that they install. Our model allows specification of permissions based on application and system attributes as well as simple yes or no policies. The model is kept as simple as possible, and its open source implementation is highly usable for the average end user. It requires minimal backward compatible changes to the core permission model and is shown to be highly efficient in terms of performance overhead. We present our model and point interested readers to our freely available changeset to help them use, evaluate, and improve our permission model. Copyright

Design and implementation of an efficient framework for behaviour attestation using n-call slides

We present design and implementation of behaviour based attestation of an enterprise centric application. Remote attestation is used to measure the trustworthiness of the target platform. Some of the techniques proposed in the past are hash based which are efficient but could not measure malicious behaviour of an application caused by buffer overflow attacks or misconfigured by end user. To tackle these attacks the runtime dynamic behaviour of the target application should be measured and verified. In this regard, behaviour based attestation techniques are proposed but they have problems of efficiency and verification at the challenger end. In this research, we have designed and implemented an architecture of sliding windows of system calls which reduces measurement of the applications behaviour and is successfully able to identify trustworthiness of the target application. We have reproduced the previous system calls based techniques and compared the results with our work to prove the performance improvements.

Secure Cryptography Testbed Implementation for SCADA Protocols Security

Modbus protocol and IEC 60870-5-104 protocols are widely deployed in critical infrastructure sectors or SCADA systems. With the growing demands of industries, these protocols are also connected over internet using TCP/IP protocol or other transport protocols. Using internet facility, these protocols are vulnerable from several threads/attacks. The current research, detail review the lack of security issues within SCADA/Protocols communication and then propose two security solutions that are based on cryptography algorithms (solutions). The two proposed cryptography solutions have been implemented within the communication of Modbus protocol and IEC 60870-5-104 protocol as part of SCADA system. Abnormal traffic has been generated during transmission to evaluate the security solutions (Implementations). Testbed has been run several times and performance results are measured during normal and abnormal communication.

Predicted and Corrected Location Estimation of Mobile Nodes Based on the Combination of Kalman Filter and the Bayesian Decision Theory

The main objective of this research is to apply statistical location estimation techniques in cellular networks in order to calculate the precise location of the mobile node. Current research is focusing on the combination of Kalman filter and the Bayesian decision theory based location estimation. In this research basic four steps of Kalman filter are followed which are Estimation, Filtering, Prediction and Fusion. Estimation is done by using Receive Signal Strength (RSS), Available Signal Strength (ASS) and the Angle of Arrival (AOA). Filtering is done by calculating the average location and variation in values of location. Prediction is done by using the Bayesian decision theory. Fusion is done by combining the variances calculated in filtering step. Finally by combining the prediction and fusion results PCLEA (Predicted and Corrected Location Estimation Algorithm) is established. Timestamp is used for recursive step in kalman filter. The aim of this research is to minimize the dependence on the satellite based location estimation and increase its accuracy, efficiency and reliability.

Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts

A top-level overview of Snort alerts using 3D visual and alert classification is discussed. This paper describes the top-level view (time series 3D AlertGraph) with the integration of alert classification to visualise Snort alerts. The advantages of using this view are (1) It summarised the alerts into different colours to indicate the quantity of alerts from (SRCIP, DPORT) pairs; (2) It used alert classification to highlight the true alerts; (3) Through interaction tools, the alerts can be highlighted according to the source IP, destination IP or destination port;. (4) A large numbers of alerts can be viewed in a single display and (5) A temporal characteristic of attacks can be discovered.

Towards Secure Instance Migration in the Cloud

Hosting service providers are completely shifting towards cloud computing from dedicated hardware. However, corporates waffles to move their sensitive data to such a solution where data is no more in their control. The pay-as-you-go is primary notion of cloud service providers. However, they share infrastructure between different tenants that brings security issues. There is a need to provide trust and confidence to corporates that security mechanisms being used by the service providers are secure. Existing IaaS (Infrastructure as a Service) providers have adopted all standard software-based security solutions. However, recent research shows that softwares security solutions are itself vulnerable to attack. In this regard Trusted Computing Group (TCG) introduced hardware root-of-trust concept where highly sensitive information is stored in co-processor called Trusted Platform Module(TPM) rather than the software. Migration is an important process in cloud infrastructures. There are many solutions offered by service providers that improve performance of their clients services such as web and database. For example, CloudFront, Elastic Load Balancing (ELB) etc., offered by Amazon AWS. These services move customers data between cloud infrastructure quit often. However, they do not provide hardware backed solutions, such as Trusted Computing, to migrate customers data between infrastructures. In this paper we have incorporated a new component in OpenStack called Secure Instance Migration Module (SIMM). SIMM is backed by Trusted Computing constructs that protects integrity of instance data while migration takes place. By incorporation of SIMM module, cloud customers will have more confidence regarding their sensitive data. We have also discussed architecture and implementation of SIMM module.