Sufian Hameed

Efficacy of Live DDoS Detection with Hadoop

Distributed Denial of Service (DDoS) flooding attacks are one of the biggest challenges to the availability of online services today. These DDoS attacks overwhelm the victim with huge volume of traffic and render it incapable of performing normal communication or crashes it completely. If there are delays in detecting the flooding attacks, nothing much can be done except to manually disconnect the victim and fix the problem. In this paper, we propose HADEC, a Hadoop based Live DDoS Detection framework to tackle efficient analysis of flooding attacks by harnessing MapReduce and HDFS. We implemented a counter-based DDoS detection algorithm for four major flooding attacks (TCP-SYN, HTTP GET, UDP and ICMP) in MapReduce. Subsequently we deployed a testbed to evaluate the performance of HADEC framework for live DDoS detection. Based on the experiment we showed that HADEC is capable of processing and detecting DDoS attacks in affordable time.

Lightweight Security Middleware to Detect Malicious Content in NFC Tags or Smart Posters

NFC, similar to RFID, is a contactless identification technology that has gained widespread adoption in application domains such as contactless transactions, micropayments, identity management and mobile health IDs etc. However, the NFC standard itself does not provide built-in security features. This means that each and every developer would need to implement security features in his NFC application on his own. This in turn results in users being as secure from NFC-based security vulnerabilities as the developer chooses to implement. Clearly, this environment is a major impediment in the widespread adoption and deployment of NFC applications. In this paper, we propose the concept of a light weight security middleware that could implement the different security safeguards needed by a wide array of applications. The applications in turn can then implement the security features relevant to their scenarios. Furthermore, we implemented security safeguards to deal with malicious tag content in NFC applications. Our evaluations showed that the security middleware is both lightweight and has low functional latency.

Identity based email sender authentication for spam mitigation

The elimination of unsolicited bulk emails, also known as spam, is still a largely unsolved problem. Making up for the vast majority of emails transmitted, spam is an annoyance and potential security issue for users, and moreover a superfluous burden to the internet. Despite the maturity of todays email infrastructure, it is difficult to ensure the authenticity of a sender address for inbound mails. This shortcoming is used by spammers to bypass existing spam protection systems and furthermore poses a security risk to users. Due to this a vast majority of spam emails today are sent from botnets with forged sender addresses. This has attracted researchers over the years to develop email sender authentication mechanism as a promising way to verify identity of the senders. In this paper we introduce iSATS, a new email sender authentication system based on Identity-based public key cryptography. iSATS leverages identity based signature scheme to provide a reliable and easy way to bind the identity of legitimate sender unambiguously to his emails. Unlike the popular existing solutions like SPF and DKIM, it is hard for the spammer to adopt iSATS. Evaluation of the prototype implementation show promising performance with low processing overhead on different computational setups.

Protecting NFC data exchange against eavesdropping with encryption record type definition

Near Field Communication (NFC) is inherently vulnerable to eavesdropping and proximity hijacking attacks. NFC standards itself lack built-in security features against eavesdropping for all the modes of communication in NFC-ecosystem. This drives the application developers to implement customize security features on their own. These non-standard solutions in turn result in the systems security against vulnerabilities being subject to the developers capability of designing a secure solution. Clearly, this model is a limiting factor in the widespread adoption and deployment of NFC applications. In this paper we propose a standard Encryption Record Type Definition (ERTD) to provide confidentiality to NFC Data Exchange format (NDEF). Subsequently, we develop a fully compliant prototype of our ERTD as a lightweight plug and play confidentiality middleware in the existing NFC communication architecture. Finally, we perform an in-depth performance evaluation, of different confidentiality related primitives that focuses on processing latency and data overheads.

PiMail: Affordable, lightweight and energy-efficient private email infrastructure

Third-party Email services, whether a free webmail or corporate service hosted somewhere over the Internet, requires sacrifice of control and flexibility over personal communication. This make emails vulnerable to privacy leaks due to unauthorized access and inspection. In this paper, we propose PiMail, an affordable, lightweight and energy- efficient private email infrastructure, for individuals and small enterprises, based on Raspberry Pi. We also deployed a testbed implementation of PiMail using Raspbian OS, Postfix mail transfer agent (MTA), ClamAV antivirus and SpamAssassin. Based on our in-depth performance evaluation we conclude that PiMail is fully capable of providing email services to individuals and SMEs (small and medium-sized enterprises). To the best of our knowledge, this is the first extensive study to evaluate and benchmark the efficacy of using Raspberry Pi as low-cost and portable mail server.

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

Software Defined Networking (SDN) has proved itself to be a backbone in the new network design and is quickly becoming an industry standard. The idea of separation of control plane and data plane is the key concept behind SDN. SDN not only allows us to program and monitor our networks but it also helps in mitigating some key network problems. Distributed denial of service (DDoS) attack is among them. In this paper we propose a collaborative DDoS attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We also introduced three different deployment approaches i.e., linear, central and mesh in our testbed. Based on the experimental results we demonstrate that our SDN based collaborative scheme is fast and reliable in efficiently mitigating DDoS attacks in real time with very small computational footprints.

Leveraging SDN for collaborative DDoS mitigation

In this paper we propose a collaborative distributed denial of service (DDoS) attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We developed and deployed a prototype of the proposed scheme in our lab to evaluate the performance and efficiency. Based on the experimental results we showed that our SDN based collaborative scheme is capable of efficiently mitigating DDoS attacks in real time with very small computational footprints.

Raspberry Pi Based Lightweight and Energy-Efficient Private Email Infrastructure for SMEs

One of the key aspects that define a Smart City is the use of Information and communication technology (ICT) to develop smart infrastructure that transform working environments. Motivated with this vision, in this article, we propose PiMail, an affordable, lightweight and energy efficient private email infrastructure, for individuals and SMEs (small and medium-sized enterprises), based on Raspberry Pi. We deployed a testbed implementation of PiMail using Raspbian OS, Postfix mail transfer agent (MTA), ClamAV antivirus and SpamAssassin. Based on our in-depth performance evaluation we conclude that PiMail is fully capable of providing email services to individuals and SMEs. To the best of our knowledge, this is the first extensive study to evaluate and benchmark the efficacy of using Raspberry Pi as low-cost and portable mail server.

SafePass: Authentication under duress for ATM transactions

With the proliferation of ATM installations throughout the world, billions of transactions are being conducted annually. This easy, location independent and 24 hours access to money has also given birth to ATM related thefts and this situation is more pronounced in developing countries with poor law and order situation. Panic passwords can be used as an effective mean to signal stress during authentication. Panic password scheme provides a safe way to avoid a forced authentication or signal stress when authentication is a result of coercive action. In this paper, we introduce SafePass, a new panic password scheme that can be easily deployed over the ATM infrastructure. In SafePass, special attention is given from the usability perspective as it would be extremely valuable for large scale proliferation.