UAB - The University of Alabama at Birmingham

Mar 02

4 papers accepted in IEEE COMPSAC

Four papers from SECRETLab accepted in the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), 2016. Congratulations to Shams Zawoad, Rasib Khan, Ragib Hasan, Shahid Noor, Munirul Haque, and Darrell Burke.

1. Shams Zawoad and Ragib Hasan “Chronos: Towards Securing System Time in the Cloud for Reliable Forensics Investigation“, the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Acceptance rate 18%).

Abstract: In digital forensics investigations, the system time of computing resources can provide critical information to implicate or exonerate a suspect. In clouds, alteration of the system time of a virtual machine (VM) or a cloud host machine can provide unreliable time information, which in turn can mislead an investigation in the wrong direction. In this paper, we propose Chronos to secure the system time of cloud hosts and VMs in an untrusted cloud environment. Since it is not possible to prevent a malicious user or a dishonest insider of a cloud provider from altering the system time of a VM or a host machine, we propose a tamper-evident scheme to detect this malicious behavior at the time of investigation.
We integrate Chronos with a popular open-source cloud platform – OpenStack and evaluate the feasibility of Chronos while running 20 VMs on a single host machine. Our test results suggest that, Chronos can be easily deployed in the existing cloud with very low overheads, while achieving a high degree of trustworthiness of the system time of the cloud hosts and VMs.


2. Ragib Hasan, Shams Zawoad, Shahid Noor, Md Munirul Haque, and Darrell Burke “How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: In recent years, wireless communication has become popular in healthcare infrastructures. The availability of wireless interfaces with the new generation medical devices has spawned numerous opportunities in providing better healthcare support to patients. However, the weaknesses of available wireless communication channels also introduce various novel attacks on the medical devices. Since the smart mobile devices, such as smartphones, tablets, laptops are also equipped with the same communication channels (WiFi/Bluetooth), attacks on medical devices can be initiated from a compromised or malware infected mobile device. Since the compromised mobile devices are already inside the security perimeter of a healthcare network, it is very challenging to block attacks from such compromised mobile devices. In this paper, we systematically analyze the novel threats on healthcare devices and networks, which can be initiated from compromised mobile devices. We provide a detail audit guideline to evaluate the security strength of a healthcare network. Based on our proposed guideline, we evaluate the current security state of a large university healthcare facility. We also propose several mitigation strategies to mitigate some of the possible attacks.


3. Rasib Khan and Ragib Hasan, “The Story of Naive Alice: Behavioral Analysis of Susceptible Users on the Internet“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: The Internet has become an integral part of our everyday life. Unfortunately, not all of us are equally aware of the threats which come along when we use online services. Online criminals target users and steal their personal information for illicit benefits. The most susceptible to these online predators are naive users, who are generally less aware of security and privacy practices on the Internet. In this paper, we present a behavioral analysis of Internet users and their susceptibility to online malpractices. We have considered the dataset from the Global Internet User Survey for 10789 respondents to perform a security-oriented statistical analysis of correlated user behavior. The results were used to construct logistic regression models to analyze statistical predictability of susceptible and not-so-susceptible identity theft victims based on their behavior and knowledge of particular security and privacy practices. We posit that such a study can be used to assess the vulnerability of Internet users and can hence be used to leverage institutional and personal safety on the Internet by promoting online security education, threat awareness, and guided Internet-safe behavior.


4. Rasib Khan and Ragib Hasan, “A Cloud You can Wear: Towards a Mobile and Wearable Personal Cloud“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: As we enter the age of mobile and wearable computing, we are using various wearable computing devices, such as, mobile phones, smart glasses, smart watches, and personal health monitors. To provide the expected user experience and the ability to run complex applications, all of these devices require powerful processors, long-lasting batteries, and uses provider-specific public clouds for the services. This makes design of such wearable devices complex, expensive, and with major personal data privacy concerns. In this paper, we show how we can simplify the design of personal wearable devices by introducing a wearable cloud — a complete yet compact and lightweight cloud which can be embedded into the clothing of a user. The wearable cloud makes the design of wearable devices simple and inexpensive, as these devices can now essentially be lightweight terminals tapping into the computing and storage power of the wearable cloud with proximal and private placement of the user’s personal data. We introduce five service delivery models using the proposed wearable cloud approach. We provide details of a prototype implementation of the wearable cloud embedded into a `Cloud Jacket’ along with a cheap touchscreen terminal device. The paper also presents experimental results on the usability of such a cloud in terms of reduced energy consumption and improved application performance.


Sep 16

Paper Accepted in IEEE TDSC

Our work “Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service” got accepted for publication in the IEEE Transactions on Dependable and Secure Computing (TDSC), SI-Cyber Crime, 2015. (Impact factor 1.351).

Congratulations Shams Zawoad, Amit Dutta, and Ragib Hasan.

Abstract: Collection and analysis of various logs (e.g., process logs, network logs) are fundamental activities in computer forensics. Ensuring the security of the activity logs is therefore crucial to ensure reliable forensics investigations. However, because of the black-box nature of clouds and the volatility and co-mingling of cloud data, providing the cloud logs to investigators while preserving users’ privacy and the integrity of logs is challenging. The current secure logging schemes, which consider the logger as trusted cannot be applied in clouds since there is a chance that cloud providers (logger) collude with malicious users or investigators to alter the logs.
In this paper, we analyze the threats on cloud users’ activity logs considering the collusion between cloud users, providers, and investigators. Based on the threat model, we propose Secure-Logging-as-a-Service (SecLaaS), which preserves various logs generated for the activity of virtual machines running in clouds and ensures the confidentiality and integrity of such logs. Investigators or the court authority can only access these logs by the RESTful APIs provided by SecLaaS, which ensures confidentiality of logs. The integrity of the logs is ensured by hash-chain scheme and proofs of past logs published periodically by the cloud providers. In prior research, we used two accumulator schemes Bloom filter and RSA accumulator to build the proofs of past logs. In this paper, we propose a new accumulator scheme – Bloom-Tree, which performs better than the other two accumulators in terms of time and space requirement.

Sep 16

Paper Accepted in IEEE CloudCom 2015

Congratulations to Shahid Noor and Ragib Hasan for having their work accepted in the 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, Canada, November 2015. (Acceptance rate 48/189=25.4%)

Jun 13

Paper accepted in IEEE BigDataSecurity 2015

Congratulations to Shams Zawoad and Ragib Hasan for having their work on big data forensics accepted in the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity 2015), New York, USA.

Abstract::The age of big data opens new opportunities in various fields. While the availability of a big dataset can be helpful in some scenarios, it introduces new challenges in digital forensics investigations. The existing tools and infrastructures cannot meet the expected response time, when we investigate on a big dataset. Forensics investigators will face challenges while identifying necessary pieces of evidence from a big dataset, and collecting and analyzing those evidence. In this article, we propose the first working definition of big data forensics and systematically analyze the big data forensics domain to explore the challenges and issues in this forensics paradigm. We propose a conceptual model for supporting big data forensics investigation and present several use cases, where big data forensics can provide new insights to determine facts about criminal incidents.

Apr 20

2 papers accepted in the IEEE Cloud 2015

Congratulations to Maziar Foutohi, Shams Zawoad, Ragib Hasan, Abhishek Anand, and Anthony Skjellum for having their work accepted in the 8th IEEE International Conference on Cloud Computing.

1. Shams Zawoad, Ragib Hasan, Anthony Skjellum, “OCF: An Open Cloud Forensics Model for Reliable Digital Forensics”, the 8th IEEE International Conference on Cloud Computing, New York, USA, June 2015

Abstract: The rise of cloud computing has changed the way computing services and resources are used. However, existing digital forensics science cannot cope with the black-box nature of clouds nor with multi-tenant cloud models. Because of the fundamental characteristics of clouds, many assumptions of digital forensics are invalidated in clouds. In the digital forensics process involving clouds, the role of cloud service providers (CSP) is utterly important, a role which needs to be considered in the science of cloud forensics. In this paper, we define cloud forensics considering the role of the CSP and propose the Open Cloud Forensics (OCF) model. Based on this OCF model, we propose a cloud computing architecture and validate our proposed model using a case study, which is inspired from an actual civil lawsuit.

2. Maziar Foutohi, Abhishek Anand, Ragib Hasan, “PLAG: Practical Landmark Allocation for Cloud Geolocation”, the 8th IEEE International Conference on Cloud Computing, New York, USA, June 2015.

Abstract: Knowing the physical location of files in a cloud system is of a great importance for any user, as is it can affect the whole service drastically. However, pinpointing the exact coordinates for the location of a server is very challenging. Providers prefer not to share the location of their data centers with public for security reasons, and this fact also adds to the complexity of this concept. Researchers have recently developed delay based schemes for cloud data geolocation, some of which use proprietary landmarks for location verification. Unfortunately, such landmark-based schemes are often impractical due to high cost and latency. In this paper, we have developed a practical scheme for landmark allocation in cloud data geolocation. We augment existing approaches with a new landmark allocation modification to get the same or often better accuracy, while decreasing the cost considerably. Our approach improves the existing state of the art by introducing the concept of publicly distributed landmarks for all delay based geolocation techniques.

Apr 18

2 researchers from SECRETLab receive Sigma Xi Grant-in-Aid of Research

Congratulations to SECRETLab researchers, Shams Zawoad and Rasib Khan, supervised by Ragib Hasan, Ph.D., on receiving their Sigma Xi Grant-in-Aid of Research (GIAR). The GIARs were received by the two SECRETLab researchers two separate projects for funding their research projects. Shams Zawoad, a Ph.D. candidate at SECRETLab, received the fund for his project on forensics enabled cloud framework. Rasib Khan, who is also a Ph.D. candidate at SECRETLab, received the fund for his project on secure PIN-based authentication service. The Sigma Xi GIAR program has a highly competitive application process and only less than 17% of applicants received any level of funding.

Apr 18

2 papers accepted at the 12th IEEE International Conference on Services Computing

Congratulations to Rasib Khan and Ragib Hasan for having 2 papers accepted at the 12th IEEE International Conference on Services Computing (SCC).


1. Rasib Khan, Ragib Hasan, “Fuzzy Authentication using Interaction Provenance in Service Oriented Computing”, the 12th IEEE International Conference on Services Computing (SCC), New York, USA, June 2015.

Abstract: In service oriented computing, authentication factors have their vulnerabilities when considered exclusively. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management. In contrast, social authentication is based on the nature, quality, and length of previous encounters with each other. We posit that human-to-machine authentication is a similar causal effect of an earlier interaction with the verifying party. We use this notion to propose interaction provenance as the only unified representation model for all authentication factors in service oriented computing. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We extend our model with fuzzy authentication using past interactions and linguistic policies. The paper presents an interaction provenance recording and authentication protocol and a proof-of-concept implementation with extensive experimental evaluation.



2. Rasib Khan, Ragib Hasan, “MIDEP: Multiparty Identity Establishment Protocol for Decentralized Collaborative Services”, the 12th IEEE International Conference on Services Computing (SCC), New York, USA, June 2015.

Abstract: Decentralized collaborative architectures are gaining popularity in all application areas, varying from peer-to-peer communication and content management to cloud and ubiquitous services. However, the public identity of the user is still a major concern, in terms of privacy, traceability, verifiability, masquerading, and other attacks in such environments. We demonstrate two new attacks, identity shadowing and the Man-in-the-Loop (MITL) attacks, which are applicable in particular to multiparty collaborative environments. In this paper, we propose MIDEP, a Multiparty IDentity Establishment Protocol for collaborative environments. The proposed protocol allows a client to establish a secure, multiparty, probabilistic, temporal, verifiable, and non-traceable public identity with the collaborating peers in a decentralized architecture. MIDEP allows a client to avoid identity shadowing and protects the service from the resulting threats as well as from colluded information sharing among the collaborating peers. We illustrate how existing collaborative service frameworks can utilize MIDEP to securely establish the public identity prior to beginning the service session. A prototype implementation is utilized to perform extensive experimental analysis. Our results show that MIDEP is highly suitable in terms of overhead to ensure secure identity establishment for underlying decentralized collaborative services.

Apr 05

Our work on litigation hold enabled cloud storage accepted in DFRWS 2015

Congratulations to Shams Zawoad, Ragib Hasan, and John W Grimes for having their work on litigation hold enabled cloud storage accepted in the 15th Annual DFRWS (USA) Conference.

Shams Zawoad, Ragib Hasan, and John W Grimes, “LINCS: Towards Building a Trustworthy Litigation Hold Enabled Cloud Storage System”, the 15th Annual DFRWS (USA) Conference, Philadelphia, PA, August 2015.

Mar 17

Our work on Cloud-based Spam URL Deduplication for Big Datasets Accepted in the International Journal of Cloud Computing (IJCC)

Congratulations to Shams Zawoad, Ragib Hasan, Gary Warner, and Md Munirul Haque for having their work on Cloud-based Spam URL Deduplication for Big Datasets accepted in the International Journal of Cloud Computing (IJCC).

Shams Zawoad, Ragib Hasan, Gary Warner, Md Munirul Haque “Towards a Cloud-based Approach for Spam URL Deduplication for Big Datasets”, International Journal of Cloud Computing (IJCC), 2(3), 2014, pp. 1-14.

Spam emails are often used to advertise phishing websites and lure users to visit such sites. URL blacklisting is a widely used technique for blocking malicious phishing websites. To prepare an effective blacklist, it is necessary to analyze possible threats and include the identified malicious sites in the blacklist. However, the number of URLs acquired from spam emails is quite large. Fetching and analyzing the content of this large number of websites are very expensive tasks given limited computing and storage resources. To solve the problem of massive computing and storage resource requirements, we need a highly distributed and scalable architecture, where we can provision additional resources to fetch and analyze on the fly. Moreover, there is a high degree of redundancy in the URLs extracted from spam emails, where more than one spam emails contain the same URL. Hence, preserving the contents of all the websites causes significant storage waste. Additionally, fetching content from a fixed IP address introduces the possibility of being reversed blacklisted by malicious websites. In this paper, we propose and develop CURLA – a Cloud-based spam URL Analyzer, built on top of Amazon Elastic Computer Cloud (EC2) and Amazon Simple Queue Service (SQS). CURLA allows deduplicating large number of spam-based URLs in parallel, which reduces the cost of establishing equally capable local infrastructure. Our system builds a database of unique spam-based URL and accumulates the content of these unique websites in a central repository. This database and website repository will be a great resource to identify phishing websites and other counterfeit websites. We show the effectiveness of our architecture using real-life, large-scale spam-based URL data.

Jan 15

Three papers accepted in IEEE Mobile Cloud 2015

Congratulations to Ragib Hasan, Shams Zawoad, Rasib Khan, Md. Mahmud Hossain, and Jinfang Xu on having three papers accepted in the 3rd International Conference on Mobile Cloud Computing, Services, and Engineering, San Francisco (IEEE Mobile Cloud), Mar 2015.

Rasib Khan, Ragib Hasan, Jinfang Xu, “SEPIA: Secure-PIN-Authentication-as-a-Service for ATM using Mobile and Wearable Devices”, accepted as full paper in IEEE Mobile Cloud 2015.

Ragib Hasan, Md. Mahmud Hossain, Rasib Khan, “Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outsourcing”, accepted as short paper in IEEE Mobile Cloud 2015.

Shams Zawoad and Ragib Hasan, “Towards a Systematic Analysis of Challenges and Issues in Secure Mobile Cloud Forensics”, accepted as poster paper in IEEE Mobile Cloud 2015.

Older posts «

» Newer posts