All posts by Rasib Khan Khan

2 Papers from SECRETLab Accepted in BDCloud 2016

Title: Verifiable Data Redundancy in the Cloud

Authors: Mohammad Kamrul Islam and Ragib Hasan

Abstract: Data redundancy is critical for the assurance of service continuity in fault tolerant systems. Researchers have proposed several efficient data replication strategies to secure users’ sensitive information from a single point of failure. Although the cloud service providers (CSP) assure users regarding data safety by following some of those replication strategies, the opaque operational model of the cloud does not allow the users to verify the replications. This, in turn, introduces lack of trust in clouds. The challenge of verifiable data redundancy is two-fold: to verify that the server indeed possesses multiple copies, and to verify that those copies are not located in the same physical system. Current research mainly focuses on verification by access time of multiple requests which is highly system dependent. Hence, we propose a novel storage-as-a-service protocol that provides verifiable data redundancy in the semi or untrusted server. Our proposed model is completely oblivious of the physical system and the allocation protocol of the cloud. It does not include the server in the verification process which eliminates the risk of manipulation by a dishonest service provider. Our model uses distinct copies to store in the server as replicas, and provides deterministic verification of having data redundancies in the server. For generating unique copies of data, we use different random numbers in ElGamal encryption system. After proposing the storage, access, and verification processes, we implemented a prototype system to analyze the performance of our proposed model. Our experimental results show that our system can successfully verify the redundancy of the data in the remote server and detect any service level agreement anomalies.

 

 

Title:  SASCloud: Ad hoc Cloud as Secure Storage

Authors:  Shahid Al Noor, Md. Mahmud Hossain and Ragib Hasan

Abstract: With the emergence of high-speed 4G networks along with reachable Wifi system, cloud computing frameworks can greatly leverage in mobile domain. However, receiving a temporary storage service in a communication challenged area is challenging due to the unavailability of any secure third party cloud system. Although the existing ad hoc cloud architectures facilitate distributed computation and sensing operations, such systems fail to deliver secure ad hoc storage as a service when client requests for secure storage as a service. The absence of a proper centralized monitoring system in the existing ad hoc cloud is a major obstacle for convincing a client to trust the neighboring mobile nodes for content offloading. In case a client and an outsourced node gets disconnected, retrieving the offloaded contents along with ensuring their confidentiality and integrity becomes non-trivial. Additionally, providing a feasible and justified monetary incentive is a complex process for such ad hoc mobile frameworks. In this paper, we propose SASCloud, a centrally controlled ad hoc cloud system that provides a secure and reliable storage service for mobile clients. Our proposed system uses the contextual information of mobile users along with partial environmental knowledge and forms a temporal cloud using the resources of neighboring mobile devices. Along with the detailed reasoning of possible threats in our model, we provide a secure framework for content distribution and retrieval. We provide extensive analysis of our model using simulated experimental modules.

 

Successful PhD defense by SECRETLab PhD Student Rasib Khan

Congratulations to Dr. Rasib Khan, from SECRETLab, for successfully defending his thesis, titled “Towards Trustworthy Authentication in Service Oriented Computing”, supervised by Dr. Ragib Hasan.

Supervisory Committee:IMG_6380_1

Dr. Ragib Hasan, Chair (UAB CIS)

Dr. Purushotham Bangalore (UAB CIS)

Dr. Alan Sprague (UAB CIS)

Dr. Anthony Skjellum (Auburn)

Dr. John Sloan (UAB Justice Sciences)

Abstract:

Today’s Internet and network-based applications are highly driven by the service-oriented architecture model. Given the variety of online services, we hypothesized that there is a significant non-uniformity in the behavior of users pertaining to security-oriented practices on the Internet. We performed statistical analysis on open source user-survey datasets to establish the validity of the statement.  We performed further study with respect to the security-oriented behavioral practices in developing countries. We were able to determine certain traits and insecure practices that general Internet users from both developed and developing countries adopt, and addressed the corresponding issues to devise secure authentication technologies for online services.

The rapid growth in the number and type of online services has resulted in adopting diverse models for authentication. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management.

We adopted notions of real-life authentication with similar causal effects in service computing architectures. We introduced the concept of interaction provenance in service oriented computing as the only and unified authentication factor. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We presented a W3C PROV standard compliant model for interaction provenance, including secure provenance preservation techniques for service oriented computing architectures. We also applied the concept of interaction provenance to create secure frameworks for provenance-aware services. Next, we explored the causal relationship with the quality of past events to create a flexible and novel authentication and threshold based access control engine using fuzzy policies. We showed how linguistic terminologies, fuzzy ranges, and visualization of policies in fuzzy engines can be used to create simplistic yet innovative policies with additional benefits in the usability and maintenance of such systems.

Successful PhD defense by SECRETLab PhD Student Shams Zawoad

Congratulations to Dr. Shams Zawoad, from SECRETLab, for successfully defending his thesis, titled “Trustworthy and Efficient Forensics in the Cloud”, supervised by Dr. Ragib Hasan.

Supervisory Committee:

Dr. Ragib Hasan (UAB CIS), Chair

Dr. Alan Sprague (UAB CIS)

Dr. Purushotham Bangalore (UAB CIS)

Dr. Marjan Mernik (UM FERI)

Dr. Anthony Skjellum  (AU CSSE)

Abstract:

11700593_954869434634641_188699178773374445_oThe rise of cloud computing has changed the way of using computing services and resources. However, the black-box nature of clouds and the multi-tenant cloud models have brought new security risks, especially in terms of digital forensics. Current cloud computing architectures often lack support for digital forensic investigations since many of the assumptions that are valid for traditional computing environment are invalid in clouds.Current digital forensics tools and procedures rely on the physical access to the evidence. In clouds, computing and storage resources are no longer local and these resources are also shared between multiple cloud users. Hence, even with a subpoena, forensics investigators cannot confiscate a suspect’s computer and get access to the digital evidence that reside in the cloud. Data in the virtual machines (VM) are not also accessible after terminating the VMs. Hence, investigators need to depend on the Cloud Service Providers (CSP) to acquire various important evidence, such as activity logs of VMs, files stored in clouds, VM images, etc. Unfortunately, current cloud architectures do not guarantee that a CSP is providing valid evidence to investigators. A CSP in its entirety or a malicious employee of the CSP can collude with an adversary or a dishonest investigator to tamper with the evidence. Moreover, forensics investigators can also alter the evidence before presenting to a court. Hence, for a reliable digital forensics investigation in clouds, we need to ensure the integrity of the evidence and the privacy of users in the multi-tenant cloud environment.

In this dissertation, we explore techniques for ensuring the trustworthiness of various types of evidence in a strong adversarial scenario. We show that, without incurring high performance overheads, we can preserve and provide required evidence for digital forensics investigations involving clouds, while protecting the privacy and integrity of the evidence. We propose an Open Cloud Forensics model (OCF) and adapt this model to design forensics-enabled architectures for Infrastructure-as-a-Service (IaaS) and Storage-as-a- Service (STaaS) clouds. For IaaS clouds, we first focus on the trustworthiness of activity logs of cloud users. We design a logging scheme to securely retrieve, store, and expose these activity logs to forensics investigators. To ensure the trustworthiness of the time associated with the logs, we propose a tamper-evident scheme to prove the correctness of the system time of cloud hosts and VMs. To parse and store heterogeneous formats of logs securely in a convenient way, we develop the Forensics Aware Language (FAL) – a domain specific language. Next, we focus on the data possession information for STaaS clouds. In this regard, we first design a proof of past data possession scheme to prove the data possession of a particular user at a given past time. We then develop a secure litigation hold management scheme to provide the assurance of maintaining litigation holds on data stored in the cloud. Next, we investigate secure provenance for clouds and develop an efficient, secure data provenance scheme. We integrate all the proposed schemes with an open source cloud platform – OpenStack, and show the efficiency of the schemes. Finally, we investigate the big data forensics domain and design a cloud-based system to expedite the process of digital forensics investigations involving big data.

 

 

2 researchers from SECRETLab receive Sigma Xi Grant-in-Aid of Research

Congratulations to SECRETLab researchers, Shams Zawoad and Rasib Khan, supervised by Ragib Hasan, Ph.D., on receiving their Sigma Xi Grant-in-Aid of Research (GIAR). The GIARs were received by the two SECRETLab researchers two separate projects for funding their research projects. Shams Zawoad, a Ph.D. candidate at SECRETLab, received the fund for his project on forensics enabled cloud framework. Rasib Khan, who is also a Ph.D. candidate at SECRETLab, received the fund for his project on secure PIN-based authentication service. The Sigma Xi GIAR program has a highly competitive application process and only less than 17% of applicants received any level of funding.

2 papers accepted at the 12th IEEE International Conference on Services Computing

Congratulations to Rasib Khan and Ragib Hasan for having 2 papers accepted at the 12th IEEE International Conference on Services Computing (SCC).

 

1. Rasib Khan, Ragib Hasan, “Fuzzy Authentication using Interaction Provenance in Service Oriented Computing”, the 12th IEEE International Conference on Services Computing (SCC), New York, USA, June 2015.

Abstract: In service oriented computing, authentication factors have their vulnerabilities when considered exclusively. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management. In contrast, social authentication is based on the nature, quality, and length of previous encounters with each other. We posit that human-to-machine authentication is a similar causal effect of an earlier interaction with the verifying party. We use this notion to propose interaction provenance as the only unified representation model for all authentication factors in service oriented computing. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We extend our model with fuzzy authentication using past interactions and linguistic policies. The paper presents an interaction provenance recording and authentication protocol and a proof-of-concept implementation with extensive experimental evaluation.

 

 

2. Rasib Khan, Ragib Hasan, “MIDEP: Multiparty Identity Establishment Protocol for Decentralized Collaborative Services”, the 12th IEEE International Conference on Services Computing (SCC), New York, USA, June 2015.

Abstract: Decentralized collaborative architectures are gaining popularity in all application areas, varying from peer-to-peer communication and content management to cloud and ubiquitous services. However, the public identity of the user is still a major concern, in terms of privacy, traceability, verifiability, masquerading, and other attacks in such environments. We demonstrate two new attacks, identity shadowing and the Man-in-the-Loop (MITL) attacks, which are applicable in particular to multiparty collaborative environments. In this paper, we propose MIDEP, a Multiparty IDentity Establishment Protocol for collaborative environments. The proposed protocol allows a client to establish a secure, multiparty, probabilistic, temporal, verifiable, and non-traceable public identity with the collaborating peers in a decentralized architecture. MIDEP allows a client to avoid identity shadowing and protects the service from the resulting threats as well as from colluded information sharing among the collaborating peers. We illustrate how existing collaborative service frameworks can utilize MIDEP to securely establish the public identity prior to beginning the service session. A prototype implementation is utilized to perform extensive experimental analysis. Our results show that MIDEP is highly suitable in terms of overhead to ensure secure identity establishment for underlying decentralized collaborative services.

Three papers accepted in IEEE Mobile Cloud 2015

Congratulations to Ragib Hasan, Shams Zawoad, Rasib Khan, Md. Mahmud Hossain, and Jinfang Xu on having three papers accepted in the 3rd International Conference on Mobile Cloud Computing, Services, and Engineering, San Francisco (IEEE Mobile Cloud), Mar 2015.

Rasib Khan, Ragib Hasan, Jinfang Xu, “SEPIA: Secure-PIN-Authentication-as-a-Service for ATM using Mobile and Wearable Devices”, accepted as full paper in IEEE Mobile Cloud 2015.

Ragib Hasan, Md. Mahmud Hossain, Rasib Khan, “Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outsourcing”, accepted as short paper in IEEE Mobile Cloud 2015.

Shams Zawoad and Ragib Hasan, “Towards a Systematic Analysis of Challenges and Issues in Secure Mobile Cloud Forensics”, accepted as poster paper in IEEE Mobile Cloud 2015.

Our work “WORAL” to appear in IEEE Transactions on Emerging Topics in Computing SI on Cyber Security

 

Congratulations to Ragib Hasan, Rasib Khan, Shams Zawoad, and Munirul Haque for having their work “WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices” accepted for publication in IEEE Transactions on Emerging Topics in Computing.

 

Ragib Hasan, Rasib Khan, Shams Zawoad, Md Haque, “WORAL: A Witness Oriented Secure Location Provenance Framework for Mobile Devices”, to appear in IEEE Transactions on Emerging Topics in Computing (TETC) SI on Cyber Security, 2015

 

Abstract

Location based services allow mobile device users to access various services based on the users’ current physical location information. Path-critical applications, such as supply chain verification, require a chronological ordering of location proofs. It is a significant challenge in distributed and user-centric architectures for users to prove their presence and the path of travel in a privacy-protected and secure manner. So far, proposed schemes for secure location proofs are mostly subject to tampering, not resistant to collusion attacks, do not offer preservation of the provenance, and are not flexible enough for users to prove their provenance of location proofs. In this paper, we present WORAL, a complete ready-to-deploy framework for generating and validating witness oriented asserted location provenance records. The WORAL framework is based on the Asserted Location Proof protocol [1] and the OTIT model [2] for generating secure location provenance on the mobile devices. WORAL allows user-centric, collusion resistant, tamper-evident, privacy protected, verifiable, and provenance preserving location proofs for mobile devices. The paper presents the schematic development, feasibility of usage, comparative advantage over similar protocols, and implementation of WORAL for Android device users including a Google Glass based client for enhanced usability.

 

Look at our videos online

1. Ragib Hasan, 2013 DHS S&T PI Meeting, VA, USA
2. WORAL Project Promo Video

 

References

[1] Rasib Khan, Shams Zawoad, Md Munirul Haque and Ragib Hasan, “Who, When, and Where? Location Proof Assertion for Mobile Devices“, DBSEC 2014 Vienna, Austria, July 14-16, 2014. [pdf]

[2] Rasib Khan, Shams Zawoad, Md. Haque, and Ragib Hasan, “OTIT: Towards Secure Provenance Modeling for Location Proofs“, in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Kyoto, Japan, June 2014.  [pdf]

Paper published in Journal of Digital Forensics (JDFSL)

Hot Zone Identification: Analyzing Effects of Data Sampling on Spam Clustering
Authors: Rasib Khan, Mainul Mizan, Ragib Hasan, and Alan Sprague,
Journal of Digital Forensics, Security and Law (JDFSL), 9(1): 67-82, 2014

This paper was selected as one of the best papers from ADFSL Conference on Digital Forensics, Security and Law for publication in Journal of Digital Forensics (JDFSL).

Abstract: Email is the most common and comparatively the most efficient means of exchanging information in today’s world. However, given the widespread use of emails in all sectors, they have been the target of spammers since the beginning. Filtering spam emails has now led to critical actions such as forensic activities based on mining spam email. The data mine for spam emails at the University of Alabama at Birmingham is considered to be one of the most prominent resources for mining and identifying spam sources. It is a widely researched repository used by researchers from different global organizations. The usual process of mining the spam data involves going through every email in the data mine and clustering them based on their different attributes. However, given the size of the data mine, it takes an exceptionally long time to execute the clustering mechanism each time. In this paper, we have illustrated sampling as an efficient tool for data reduction, while preserving the information within the clusters, which would thus allow the spam forensic experts to quickly and effectively identify the ‘hot zone’ from the spam campaigns. We have provided detailed comparative analysis of the quality of the clusters after sampling, the overall distribution of clusters on the spam data, and timing measurements for our sampling approach. Additionally, we present different strategies which allowed us to optimize the sampling process using data-preprocessing and using the database engine’s computational resources, and thus improving the performance of the clustering process.