Youssef Gahi

Biometric Identification System Based on Electrocardiogram Data

Recent advancements in computing and digital signal processing technologies have made automated identification of people based on their biological, physiological, or behavioral traits a feasible approach for access control. The wide variety of available technologies has also increased the number of traits and features that can be collected and used to more accurately identify people. Systems that use biological, physiological, or behavioral trait to grant access to resources are called biometric systems. In this paper we present a biometric identification system based on the Electrocardiogram (ECG) signal. The system extracts 24 temporal and amplitude features from an ECG signal and after processing, reduces the set of features to the nine most relevant features. Preliminary experimental results indicate that the system is accurate and robust and can achieve a 100% identification rate with the reduced set of features.

Big Data Analytics: Security and privacy challenges

The digitalization of our day-to-day activities has resulted in a huge volume of data. This data, called Big Data, is used by many organizations to extract valuable information either to take marketing decisions, track specific behaviors or detect threat attacks. The processing of such data is made possible by using multiple techniques, called Big Data Analytics, which allow getting enormous benefits by dealing with any massive volume of unstructured, structured and semi-structured content that is fast changing and impossible to process using conventional database techniques. However, while Big Data represents an immense opportunity for many industries and decisions makers, it also represents a big risk for many users. This risk arises from the fact that these analytics tools consist of storing, managing and efficiently analyzing varied data gathered from all possible and available sources. The consequence is that people become widely vulnerable to exposure because of combining and exploring specific behavioral data. That is, it is possible to collect more data than it should have which leads to many security and privacy violations. Therefore, research community has to consider these issues by proposing strong protection techniques that enable getting benefits from big data without risking privacy. In this paper, we highlight the benefits of Big Data Analytics and then we review challenges of security and privacy in big data environments. Furthermore, we present some available protection techniques and propose some possible tracks that enable security and privacy in a malicious big data context.

Privacy Preserving Scheme for Location-Based Services

Homomorphic encryption schemes make it possible to perform arithmetic operations, like additions and multiplications, over encrypted values. This capability provides enhanced protection for data and offers new research directions, including blind data processing. Using homomorphic encryption schemes, a Location-Based Service (LBS) can process encrypted inputs to retrieve encrypted location-related information. The retrieved encrypted data can only be decrypted by the user who requested the data. The technology still faces two main challenges: the encountered processing time and the upper limit imposed on the allowed number of operations. However, the protection of users’ privacy achieved through this technology makes it attractive for more research and enhancing. In this paper we use homomorphic encryption schemes to build a fully secure system that allows users to benefit from location-based services while preserving the confidentiality and integrity of their data. Our novel system consists of search circuits that allow an executor (i.e. LBS server) to receive encrypted inputs/requests and then perform a blind search to retrieve encrypted records that match the selection criterion. A querier can send the user’s position and the service type he/she is looking for, in encrypted form, to a server and then the server would respond to the request without any knowledge of the contents of the request and the retrieved records. We further propose a prototype that improves the practicality of our system.

Private Video Streaming Service Using Leveled Somewhat Homomorphic Encryption

In this paper we address a practical application of Van Dijk somewhat homomorphic encryption over the integers scheme. This application consists of giving a client the opportunity to choose a video to watch without letting the server or any third party know which video it is, thus preserving the privacy of the client. In a prior work we have already discussed this application using a fully homomorphic encryption scheme. Our contribution in this paper is to carefully choose the encryption parameters so that decryption can work without the need of the expensive bootstrapping mechanism. We also implemented a simulation program of the used protocol to confirm our theoretical results and give an idea of the processing time needed for streaming depending on the various parameters.

Big Data Analytics: A Comparison of Tools and Applications

With an ever-increasing amount of both data volume and variety, traditional data processing tools became unsuitable for the big data context. This has pushed toward the creation of specific processing tools that are well aligned with emerging needs. However, it is often hard to choose the adequate solution as the wide list of available tools are continuously changing. For this, we present in this paper both a literature review and a technical comparison of the most known analytics tools in order to help mapping it to different needs. Moreover, we underline how much important choosing the appropriate tool is acting for different kind of applications and especially for smart cities environment.

A Review of Intrusion Detection in 802.15.4-Based Wireless Sensor Networks

The widespread deployment of wireless sensor networks (WSNs) in diverse types of applications motivated the development of strong security measures to protect these networks. The main challenge against deploying strong security algorithms is that WSNs suffer from major constraints in terms of power and computing resources. WSNs impose a primary condition on the design stage that requires any protocol or algorithm to be power-efficient. This means that strong cryptography techniques cannot be used and we need another layer of defence to protect the WSN. This makes intrusion detection systems (IDSs) an essential option in these networks. IDSs can capture malicious misbehaviour that manages to penetrate the first layer of defence (i.e., cryptography and authentication). In this paper we highlight the challenges encountered while designing an efficient intrusion detection framework in WSNs, and provide a review of important contributions in this area. Finally, we propose a new approach that aids in detecting and confining intrusive behaviour in the network.

Wormhole Detection in Secured BGP Networks

A wormhole attack is a specific mechanism where two or more Autonomous Systems (ASes) coordinate to perform a black hole attack by exchanging secure BGP updates over a tunnel, signing route attestations for each other. Routing protocols generally choose route through a wormhole because it is, in general, the shortest route. This attack can redirect traffic through a chosen path that is compromised by the attacker. It can also significantly degrade the performance of the network. In this paper we present an approach to detecting coordinated wormhole attack by the validation of the path to detect any tunnel that may exist between two consecutive nodes in the AS-PATH. Similarly to SoBGP, we require that each AS signs and publishes its local topology through the topology certificate. The BGP speaker can then verify that the AS path is wormhole free by assembling local topologies in a global inter-AS topology map. We develop a metric that calculates the likelihood that two consecutive ASes in the AS-PATH are real neighbors in the AS graph. We demonstrate this approach by developing a wormhole detector where randomly chosen ASes are colluding to perform attacks according to a stochastic distribution model. We present experimental results from testing this algorithm in a controlled environment, demonstrating that it has a high detection rate. Our analysis shows that the detection algorithm is optimized for detecting long tunnels, i.e. tunnels that span over multiple ASes.

Blind forwarding for secure and private communications in untrusted networks

The longest prefix match is an algorithm used in routers to determine the next hop to which an entering packet must be forwarded based on its destination IP address. In this paper we present a blind forwarding scheme by implementing the longest prefix match algorithm using a homomorphic encryption scheme to deal with encrypted destination IP addresses. The goal of this protocol is to prevent any intermediate router from knowing which end server a given client is trying to reach, thus enabling the protection of the privacy of both the client and the server.

Security analysis of C-BGP: A light alternative to S-BGP

Credible BGP (C-BGP) is a lightweight alternative to secure BGP. Its main design objective is to address signature verification costs and deployment challenges associated with S-BGP. To this end, C-BGP defines a control layer of trusted ASes that is comprised of major Autonomous Systems (ASes) in the network. In this environment a non-trusted AS has to verify only the signatures of intermediate ASes between itself and the last trusted AS in the AS-PATH. Similarly, the address prefix is validated only if it was not previously validated by a trusted AS. This scheme works very well as long as the trusted ASes are indeed always trustworthy. In this paper we aim to study security impact of malicious trusted AS(es) in the network. We develop original and detailed analytical and simulation models to study the security of C-BGP and demonstrate that it promises very significant savings in terms of computational overhead and acceptable security performance in the presence of malicious ASes in the network.