All posts by D M SHAMS ZAWOAD M SHAMS ZAWOAD

3 Papers from SECRETLab Accepted in IEEE CLOUD

Three papers from SECRETLab accepted in the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD). Congratulations to Shahid Noor, Md. Mahmud Hossain, Rasib Khan, Shams Zawoad, and Ragib Hasan.

1. Shahid Al Noor, Rasib Khan, Md. Mahmud Hossain,and Ragib Hasan, “Litigo: A Cost-Driven Model for Opaque Cloud Services“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016. (Acceptance Rate 15%).

2. Md. Mahmud Hossain, Rasib Khan, Shahid Al Noor, and Ragib Hasan, “Jugo: A Generic Architecture for Composite Cloud as a Service“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.

3. Shams Zawoad and Ragib Hasan, “SECAP: Towards Securing Application Provenance in the Cloud“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.

4 papers accepted in IEEE COMPSAC

Four papers from SECRETLab accepted in the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), 2016. Congratulations to Shams Zawoad, Rasib Khan, Ragib Hasan, Shahid Noor, Munirul Haque, and Darrell Burke.

1. Shams Zawoad and Ragib Hasan “Chronos: Towards Securing System Time in the Cloud for Reliable Forensics Investigation“, the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Acceptance rate 18%).

Abstract: In digital forensics investigations, the system time of computing resources can provide critical information to implicate or exonerate a suspect. In clouds, alteration of the system time of a virtual machine (VM) or a cloud host machine can provide unreliable time information, which in turn can mislead an investigation in the wrong direction. In this paper, we propose Chronos to secure the system time of cloud hosts and VMs in an untrusted cloud environment. Since it is not possible to prevent a malicious user or a dishonest insider of a cloud provider from altering the system time of a VM or a host machine, we propose a tamper-evident scheme to detect this malicious behavior at the time of investigation.
We integrate Chronos with a popular open-source cloud platform – OpenStack and evaluate the feasibility of Chronos while running 20 VMs on a single host machine. Our test results suggest that, Chronos can be easily deployed in the existing cloud with very low overheads, while achieving a high degree of trustworthiness of the system time of the cloud hosts and VMs.

 

2. Ragib Hasan, Shams Zawoad, Shahid Noor, Md Munirul Haque, and Darrell Burke “How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: In recent years, wireless communication has become popular in healthcare infrastructures. The availability of wireless interfaces with the new generation medical devices has spawned numerous opportunities in providing better healthcare support to patients. However, the weaknesses of available wireless communication channels also introduce various novel attacks on the medical devices. Since the smart mobile devices, such as smartphones, tablets, laptops are also equipped with the same communication channels (WiFi/Bluetooth), attacks on medical devices can be initiated from a compromised or malware infected mobile device. Since the compromised mobile devices are already inside the security perimeter of a healthcare network, it is very challenging to block attacks from such compromised mobile devices. In this paper, we systematically analyze the novel threats on healthcare devices and networks, which can be initiated from compromised mobile devices. We provide a detail audit guideline to evaluate the security strength of a healthcare network. Based on our proposed guideline, we evaluate the current security state of a large university healthcare facility. We also propose several mitigation strategies to mitigate some of the possible attacks.

 

3. Rasib Khan and Ragib Hasan, “The Story of Naive Alice: Behavioral Analysis of Susceptible Users on the Internet“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: The Internet has become an integral part of our everyday life. Unfortunately, not all of us are equally aware of the threats which come along when we use online services. Online criminals target users and steal their personal information for illicit benefits. The most susceptible to these online predators are naive users, who are generally less aware of security and privacy practices on the Internet. In this paper, we present a behavioral analysis of Internet users and their susceptibility to online malpractices. We have considered the dataset from the Global Internet User Survey for 10789 respondents to perform a security-oriented statistical analysis of correlated user behavior. The results were used to construct logistic regression models to analyze statistical predictability of susceptible and not-so-susceptible identity theft victims based on their behavior and knowledge of particular security and privacy practices. We posit that such a study can be used to assess the vulnerability of Internet users and can hence be used to leverage institutional and personal safety on the Internet by promoting online security education, threat awareness, and guided Internet-safe behavior.

 

4. Rasib Khan and Ragib Hasan, “A Cloud You can Wear: Towards a Mobile and Wearable Personal Cloud“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: As we enter the age of mobile and wearable computing, we are using various wearable computing devices, such as, mobile phones, smart glasses, smart watches, and personal health monitors. To provide the expected user experience and the ability to run complex applications, all of these devices require powerful processors, long-lasting batteries, and uses provider-specific public clouds for the services. This makes design of such wearable devices complex, expensive, and with major personal data privacy concerns. In this paper, we show how we can simplify the design of personal wearable devices by introducing a wearable cloud — a complete yet compact and lightweight cloud which can be embedded into the clothing of a user. The wearable cloud makes the design of wearable devices simple and inexpensive, as these devices can now essentially be lightweight terminals tapping into the computing and storage power of the wearable cloud with proximal and private placement of the user’s personal data. We introduce five service delivery models using the proposed wearable cloud approach. We provide details of a prototype implementation of the wearable cloud embedded into a `Cloud Jacket’ along with a cheap touchscreen terminal device. The paper also presents experimental results on the usability of such a cloud in terms of reduced energy consumption and improved application performance.

 

Paper Accepted in IEEE TDSC

Our work “Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service” got accepted for publication in the IEEE Transactions on Dependable and Secure Computing (TDSC), SI-Cyber Crime, 2015. (Impact factor 1.351).

Congratulations Shams Zawoad, Amit Dutta, and Ragib Hasan.

Abstract: Collection and analysis of various logs (e.g., process logs, network logs) are fundamental activities in computer forensics. Ensuring the security of the activity logs is therefore crucial to ensure reliable forensics investigations. However, because of the black-box nature of clouds and the volatility and co-mingling of cloud data, providing the cloud logs to investigators while preserving users’ privacy and the integrity of logs is challenging. The current secure logging schemes, which consider the logger as trusted cannot be applied in clouds since there is a chance that cloud providers (logger) collude with malicious users or investigators to alter the logs.
In this paper, we analyze the threats on cloud users’ activity logs considering the collusion between cloud users, providers, and investigators. Based on the threat model, we propose Secure-Logging-as-a-Service (SecLaaS), which preserves various logs generated for the activity of virtual machines running in clouds and ensures the confidentiality and integrity of such logs. Investigators or the court authority can only access these logs by the RESTful APIs provided by SecLaaS, which ensures confidentiality of logs. The integrity of the logs is ensured by hash-chain scheme and proofs of past logs published periodically by the cloud providers. In prior research, we used two accumulator schemes Bloom filter and RSA accumulator to build the proofs of past logs. In this paper, we propose a new accumulator scheme – Bloom-Tree, which performs better than the other two accumulators in terms of time and space requirement.

Paper accepted in IEEE BigDataSecurity 2015

Congratulations to Shams Zawoad and Ragib Hasan for having their work on big data forensics accepted in the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity 2015), New York, USA.

Abstract::The age of big data opens new opportunities in various fields. While the availability of a big dataset can be helpful in some scenarios, it introduces new challenges in digital forensics investigations. The existing tools and infrastructures cannot meet the expected response time, when we investigate on a big dataset. Forensics investigators will face challenges while identifying necessary pieces of evidence from a big dataset, and collecting and analyzing those evidence. In this article, we propose the first working definition of big data forensics and systematically analyze the big data forensics domain to explore the challenges and issues in this forensics paradigm. We propose a conceptual model for supporting big data forensics investigation and present several use cases, where big data forensics can provide new insights to determine facts about criminal incidents.

2 papers accepted in the IEEE Cloud 2015

Congratulations to Maziar Foutohi, Shams Zawoad, Ragib Hasan, Abhishek Anand, and Anthony Skjellum for having their work accepted in the 8th IEEE International Conference on Cloud Computing.

1. Shams Zawoad, Ragib Hasan, Anthony Skjellum, “OCF: An Open Cloud Forensics Model for Reliable Digital Forensics”, the 8th IEEE International Conference on Cloud Computing, New York, USA, June 2015

Abstract: The rise of cloud computing has changed the way computing services and resources are used. However, existing digital forensics science cannot cope with the black-box nature of clouds nor with multi-tenant cloud models. Because of the fundamental characteristics of clouds, many assumptions of digital forensics are invalidated in clouds. In the digital forensics process involving clouds, the role of cloud service providers (CSP) is utterly important, a role which needs to be considered in the science of cloud forensics. In this paper, we define cloud forensics considering the role of the CSP and propose the Open Cloud Forensics (OCF) model. Based on this OCF model, we propose a cloud computing architecture and validate our proposed model using a case study, which is inspired from an actual civil lawsuit.

2. Maziar Foutohi, Abhishek Anand, Ragib Hasan, “PLAG: Practical Landmark Allocation for Cloud Geolocation”, the 8th IEEE International Conference on Cloud Computing, New York, USA, June 2015.

Abstract: Knowing the physical location of files in a cloud system is of a great importance for any user, as is it can affect the whole service drastically. However, pinpointing the exact coordinates for the location of a server is very challenging. Providers prefer not to share the location of their data centers with public for security reasons, and this fact also adds to the complexity of this concept. Researchers have recently developed delay based schemes for cloud data geolocation, some of which use proprietary landmarks for location verification. Unfortunately, such landmark-based schemes are often impractical due to high cost and latency. In this paper, we have developed a practical scheme for landmark allocation in cloud data geolocation. We augment existing approaches with a new landmark allocation modification to get the same or often better accuracy, while decreasing the cost considerably. Our approach improves the existing state of the art by introducing the concept of publicly distributed landmarks for all delay based geolocation techniques.

Our work on litigation hold enabled cloud storage accepted in DFRWS 2015

Congratulations to Shams Zawoad, Ragib Hasan, and John W Grimes for having their work on litigation hold enabled cloud storage accepted in the 15th Annual DFRWS (USA) Conference.

Shams Zawoad, Ragib Hasan, and John W Grimes, “LINCS: Towards Building a Trustworthy Litigation Hold Enabled Cloud Storage System”, the 15th Annual DFRWS (USA) Conference, Philadelphia, PA, August 2015.

Our work on Cloud-based Spam URL Deduplication for Big Datasets Accepted in the International Journal of Cloud Computing (IJCC)

Congratulations to Shams Zawoad, Ragib Hasan, Gary Warner, and Md Munirul Haque for having their work on Cloud-based Spam URL Deduplication for Big Datasets accepted in the International Journal of Cloud Computing (IJCC).

Shams Zawoad, Ragib Hasan, Gary Warner, Md Munirul Haque “Towards a Cloud-based Approach for Spam URL Deduplication for Big Datasets”, International Journal of Cloud Computing (IJCC), 2(3), 2014, pp. 1-14.

Abstract
Spam emails are often used to advertise phishing websites and lure users to visit such sites. URL blacklisting is a widely used technique for blocking malicious phishing websites. To prepare an effective blacklist, it is necessary to analyze possible threats and include the identified malicious sites in the blacklist. However, the number of URLs acquired from spam emails is quite large. Fetching and analyzing the content of this large number of websites are very expensive tasks given limited computing and storage resources. To solve the problem of massive computing and storage resource requirements, we need a highly distributed and scalable architecture, where we can provision additional resources to fetch and analyze on the fly. Moreover, there is a high degree of redundancy in the URLs extracted from spam emails, where more than one spam emails contain the same URL. Hence, preserving the contents of all the websites causes significant storage waste. Additionally, fetching content from a fixed IP address introduces the possibility of being reversed blacklisted by malicious websites. In this paper, we propose and develop CURLA – a Cloud-based spam URL Analyzer, built on top of Amazon Elastic Computer Cloud (EC2) and Amazon Simple Queue Service (SQS). CURLA allows deduplicating large number of spam-based URLs in parallel, which reduces the cost of establishing equally capable local infrastructure. Our system builds a database of unique spam-based URL and accumulates the content of these unique websites in a central repository. This database and website repository will be a great resource to identify phishing websites and other counterfeit websites. We show the effectiveness of our architecture using real-life, large-scale spam-based URL data.

Our Work ‘CellCloud’ Accepted in the International Journal of Cloud Computing (IJCC)

Congratulations to Shahid Al Noor, Ragib Hasan and Md Haque for having their work on CellCloud accepted in the International Journal of Cloud Computing (IJCC).

Shahid Al Noor, Ragib Hasan, and Md Haque “CellCloud: Towards A Cost Effective Formation of Mobile Cloud Based on Bidding Incentives“, To appear at the International Journal of Cloud Computing (IJCC), 2015.

Abstract

In recent years, cloud computing has become the dominant computing paradigm. Researchers have explored the possibility of building clouds out of loosely associated mobile computing devices. However, most such efforts failed due to the lack of a proper incentive model for the mobile device owners. In this paper, we propose CellCloud – a practical mobile cloud architecture which can be easily deployed on existing cellular phone network infrastructure. CellCloud is based on a novel reputation-based economic incentive model in order to compensate the phone owners for the use of their phones as cloud computing nodes. CellCloud offers a practical model for performing cloud operations, with lower costs compared to a traditional cloud. We provide an elaborate analysis of the model with security and economic incentives as major focus. Along with a cost equation model, we perform extensive simulations to evaluate the performance and analyze the feasibility of our proposed model. Our simulation results show that CellCloud creates a win-win scenario for all three stakeholders (client, cloud provider, and mobile device owners) to ensure the formation of a successful mobile cloud architecture.

Paper Accepted in 11th Annual IFIP WG 11.9 International Conference on Digital Forensics

Our recent work on a forensics-enabled cloud architecture was accepted in 11th Annual IFIP WG 11.9 International Conference on Digital Forensics

Shams Zawoad and Ragib Hasan, “FECloud: A Trustworthy Forensics-Enabled Cloud Architecture”, 11th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, Janurary 2015.

Abstract

The rapid migration from traditional computing and storage model to the cloud model creates the necessity of supporting reliable forensics in the cloud. However, today’s cloud computing architectures often lack support for forensic investigations because many of the assumptions that are taken for granted in traditional digital forensics do not apply to clouds. Hence, the existing digital forensics tools cannot handle the dynamic and black-box natures of clouds. Moreover, trustworthiness of evidence can be questionable because of the possibility of collusion between dishonest cloud providers, malicious users, and investigators. Since reliability and accuracy of evidence are very important factors while evaluating evidence during a criminal investigation and prosecution, we need to preserve the integrity of evidence before and after collecting from clouds. In this paper, we first identify the required properties to support trustworthy forensics in clouds. Based on the requirements, we propose a forensics-enabled cloud architecture (FECloud) to preserve and provide required evidence while protecting the privacy and integrity of the evidence. FECloud is designed on top of Openstack – a popular open source cloud computing platform. Incorporating architectures like FECloud may impose significant business impacts on Cloud Service Providers (CSP) as well as customers. CSPs can attract more customers with the assurance of providing proper forensics support. Likewise, customers do not require extreme investment on establishing their own forensics friendly infrastructures.