Successful PhD defense by SECRETLab PhD Student Rasib Khan

Congratulations to Dr. Rasib Khan, from SECRETLab, for successfully defending his thesis, titled “Towards Trustworthy Authentication in Service Oriented Computing”, supervised by Dr. Ragib Hasan.

Supervisory Committee:IMG_6380_1

Dr. Ragib Hasan, Chair (UAB CIS)

Dr. Purushotham Bangalore (UAB CIS)

Dr. Alan Sprague (UAB CIS)

Dr. Anthony Skjellum (Auburn)

Dr. John Sloan (UAB Justice Sciences)

Abstract:

Today’s Internet and network-based applications are highly driven by the service-oriented architecture model. Given the variety of online services, we hypothesized that there is a significant non-uniformity in the behavior of users pertaining to security-oriented practices on the Internet. We performed statistical analysis on open source user-survey datasets to establish the validity of the statement.  We performed further study with respect to the security-oriented behavioral practices in developing countries. We were able to determine certain traits and insecure practices that general Internet users from both developed and developing countries adopt, and addressed the corresponding issues to devise secure authentication technologies for online services.

The rapid growth in the number and type of online services has resulted in adopting diverse models for authentication. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management.

We adopted notions of real-life authentication with similar causal effects in service computing architectures. We introduced the concept of interaction provenance in service oriented computing as the only and unified authentication factor. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We presented a W3C PROV standard compliant model for interaction provenance, including secure provenance preservation techniques for service oriented computing architectures. We also applied the concept of interaction provenance to create secure frameworks for provenance-aware services. Next, we explored the causal relationship with the quality of past events to create a flexible and novel authentication and threshold based access control engine using fuzzy policies. We showed how linguistic terminologies, fuzzy ranges, and visualization of policies in fuzzy engines can be used to create simplistic yet innovative policies with additional benefits in the usability and maintenance of such systems.

3 Papers from SECRETLab Accepted in IEEE CLOUD

Three papers from SECRETLab accepted in the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD). Congratulations to Shahid Noor, Md. Mahmud Hossain, Rasib Khan, Shams Zawoad, and Ragib Hasan.

1. Shahid Al Noor, Rasib Khan, Md. Mahmud Hossain,and Ragib Hasan, “Litigo: A Cost-Driven Model for Opaque Cloud Services“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016. (Acceptance Rate 15%).

2. Md. Mahmud Hossain, Rasib Khan, Shahid Al Noor, and Ragib Hasan, “Jugo: A Generic Architecture for Composite Cloud as a Service“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.

3. Shams Zawoad and Ragib Hasan, “SECAP: Towards Securing Application Provenance in the Cloud“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.

Successful PhD defense by SECRETLab PhD Student Shams Zawoad

Congratulations to Dr. Shams Zawoad, from SECRETLab, for successfully defending his thesis, titled “Trustworthy and Efficient Forensics in the Cloud”, supervised by Dr. Ragib Hasan.

Supervisory Committee:

Dr. Ragib Hasan (UAB CIS), Chair

Dr. Alan Sprague (UAB CIS)

Dr. Purushotham Bangalore (UAB CIS)

Dr. Marjan Mernik (UM FERI)

Dr. Anthony Skjellum  (AU CSSE)

Abstract:

11700593_954869434634641_188699178773374445_oThe rise of cloud computing has changed the way of using computing services and resources. However, the black-box nature of clouds and the multi-tenant cloud models have brought new security risks, especially in terms of digital forensics. Current cloud computing architectures often lack support for digital forensic investigations since many of the assumptions that are valid for traditional computing environment are invalid in clouds.Current digital forensics tools and procedures rely on the physical access to the evidence. In clouds, computing and storage resources are no longer local and these resources are also shared between multiple cloud users. Hence, even with a subpoena, forensics investigators cannot confiscate a suspect’s computer and get access to the digital evidence that reside in the cloud. Data in the virtual machines (VM) are not also accessible after terminating the VMs. Hence, investigators need to depend on the Cloud Service Providers (CSP) to acquire various important evidence, such as activity logs of VMs, files stored in clouds, VM images, etc. Unfortunately, current cloud architectures do not guarantee that a CSP is providing valid evidence to investigators. A CSP in its entirety or a malicious employee of the CSP can collude with an adversary or a dishonest investigator to tamper with the evidence. Moreover, forensics investigators can also alter the evidence before presenting to a court. Hence, for a reliable digital forensics investigation in clouds, we need to ensure the integrity of the evidence and the privacy of users in the multi-tenant cloud environment.

In this dissertation, we explore techniques for ensuring the trustworthiness of various types of evidence in a strong adversarial scenario. We show that, without incurring high performance overheads, we can preserve and provide required evidence for digital forensics investigations involving clouds, while protecting the privacy and integrity of the evidence. We propose an Open Cloud Forensics model (OCF) and adapt this model to design forensics-enabled architectures for Infrastructure-as-a-Service (IaaS) and Storage-as-a- Service (STaaS) clouds. For IaaS clouds, we first focus on the trustworthiness of activity logs of cloud users. We design a logging scheme to securely retrieve, store, and expose these activity logs to forensics investigators. To ensure the trustworthiness of the time associated with the logs, we propose a tamper-evident scheme to prove the correctness of the system time of cloud hosts and VMs. To parse and store heterogeneous formats of logs securely in a convenient way, we develop the Forensics Aware Language (FAL) – a domain specific language. Next, we focus on the data possession information for STaaS clouds. In this regard, we first design a proof of past data possession scheme to prove the data possession of a particular user at a given past time. We then develop a secure litigation hold management scheme to provide the assurance of maintaining litigation holds on data stored in the cloud. Next, we investigate secure provenance for clouds and develop an efficient, secure data provenance scheme. We integrate all the proposed schemes with an open source cloud platform – OpenStack, and show the efficiency of the schemes. Finally, we investigate the big data forensics domain and design a cloud-based system to expedite the process of digital forensics investigations involving big data.

 

 

4 papers accepted in IEEE COMPSAC

Four papers from SECRETLab accepted in the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), 2016. Congratulations to Shams Zawoad, Rasib Khan, Ragib Hasan, Shahid Noor, Munirul Haque, and Darrell Burke.

1. Shams Zawoad and Ragib Hasan “Chronos: Towards Securing System Time in the Cloud for Reliable Forensics Investigation“, the 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Acceptance rate 18%).

Abstract: In digital forensics investigations, the system time of computing resources can provide critical information to implicate or exonerate a suspect. In clouds, alteration of the system time of a virtual machine (VM) or a cloud host machine can provide unreliable time information, which in turn can mislead an investigation in the wrong direction. In this paper, we propose Chronos to secure the system time of cloud hosts and VMs in an untrusted cloud environment. Since it is not possible to prevent a malicious user or a dishonest insider of a cloud provider from altering the system time of a VM or a host machine, we propose a tamper-evident scheme to detect this malicious behavior at the time of investigation.
We integrate Chronos with a popular open-source cloud platform – OpenStack and evaluate the feasibility of Chronos while running 20 VMs on a single host machine. Our test results suggest that, Chronos can be easily deployed in the existing cloud with very low overheads, while achieving a high degree of trustworthiness of the system time of the cloud hosts and VMs.

 

2. Ragib Hasan, Shams Zawoad, Shahid Noor, Md Munirul Haque, and Darrell Burke “How Secure is the Healthcare Network from Insider Attacks? An Audit Guideline for Vulnerability Analysis“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: In recent years, wireless communication has become popular in healthcare infrastructures. The availability of wireless interfaces with the new generation medical devices has spawned numerous opportunities in providing better healthcare support to patients. However, the weaknesses of available wireless communication channels also introduce various novel attacks on the medical devices. Since the smart mobile devices, such as smartphones, tablets, laptops are also equipped with the same communication channels (WiFi/Bluetooth), attacks on medical devices can be initiated from a compromised or malware infected mobile device. Since the compromised mobile devices are already inside the security perimeter of a healthcare network, it is very challenging to block attacks from such compromised mobile devices. In this paper, we systematically analyze the novel threats on healthcare devices and networks, which can be initiated from compromised mobile devices. We provide a detail audit guideline to evaluate the security strength of a healthcare network. Based on our proposed guideline, we evaluate the current security state of a large university healthcare facility. We also propose several mitigation strategies to mitigate some of the possible attacks.

 

3. Rasib Khan and Ragib Hasan, “The Story of Naive Alice: Behavioral Analysis of Susceptible Users on the Internet“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: The Internet has become an integral part of our everyday life. Unfortunately, not all of us are equally aware of the threats which come along when we use online services. Online criminals target users and steal their personal information for illicit benefits. The most susceptible to these online predators are naive users, who are generally less aware of security and privacy practices on the Internet. In this paper, we present a behavioral analysis of Internet users and their susceptibility to online malpractices. We have considered the dataset from the Global Internet User Survey for 10789 respondents to perform a security-oriented statistical analysis of correlated user behavior. The results were used to construct logistic regression models to analyze statistical predictability of susceptible and not-so-susceptible identity theft victims based on their behavior and knowledge of particular security and privacy practices. We posit that such a study can be used to assess the vulnerability of Internet users and can hence be used to leverage institutional and personal safety on the Internet by promoting online security education, threat awareness, and guided Internet-safe behavior.

 

4. Rasib Khan and Ragib Hasan, “A Cloud You can Wear: Towards a Mobile and Wearable Personal Cloud“, 40th IEEE Computer Society International Conference on Computers, Software & Applications (COMPSAC), Atlanta, Georgia, June 2016. (Short Paper Acceptance Rate 20%)

Abstract: As we enter the age of mobile and wearable computing, we are using various wearable computing devices, such as, mobile phones, smart glasses, smart watches, and personal health monitors. To provide the expected user experience and the ability to run complex applications, all of these devices require powerful processors, long-lasting batteries, and uses provider-specific public clouds for the services. This makes design of such wearable devices complex, expensive, and with major personal data privacy concerns. In this paper, we show how we can simplify the design of personal wearable devices by introducing a wearable cloud — a complete yet compact and lightweight cloud which can be embedded into the clothing of a user. The wearable cloud makes the design of wearable devices simple and inexpensive, as these devices can now essentially be lightweight terminals tapping into the computing and storage power of the wearable cloud with proximal and private placement of the user’s personal data. We introduce five service delivery models using the proposed wearable cloud approach. We provide details of a prototype implementation of the wearable cloud embedded into a `Cloud Jacket’ along with a cheap touchscreen terminal device. The paper also presents experimental results on the usability of such a cloud in terms of reduced energy consumption and improved application performance.

 

Paper Accepted in IEEE TDSC

Our work “Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service” got accepted for publication in the IEEE Transactions on Dependable and Secure Computing (TDSC), SI-Cyber Crime, 2015. (Impact factor 1.351).

Congratulations Shams Zawoad, Amit Dutta, and Ragib Hasan.

Abstract: Collection and analysis of various logs (e.g., process logs, network logs) are fundamental activities in computer forensics. Ensuring the security of the activity logs is therefore crucial to ensure reliable forensics investigations. However, because of the black-box nature of clouds and the volatility and co-mingling of cloud data, providing the cloud logs to investigators while preserving users’ privacy and the integrity of logs is challenging. The current secure logging schemes, which consider the logger as trusted cannot be applied in clouds since there is a chance that cloud providers (logger) collude with malicious users or investigators to alter the logs.
In this paper, we analyze the threats on cloud users’ activity logs considering the collusion between cloud users, providers, and investigators. Based on the threat model, we propose Secure-Logging-as-a-Service (SecLaaS), which preserves various logs generated for the activity of virtual machines running in clouds and ensures the confidentiality and integrity of such logs. Investigators or the court authority can only access these logs by the RESTful APIs provided by SecLaaS, which ensures confidentiality of logs. The integrity of the logs is ensured by hash-chain scheme and proofs of past logs published periodically by the cloud providers. In prior research, we used two accumulator schemes Bloom filter and RSA accumulator to build the proofs of past logs. In this paper, we propose a new accumulator scheme – Bloom-Tree, which performs better than the other two accumulators in terms of time and space requirement.

Paper accepted in IEEE BigDataSecurity 2015

Congratulations to Shams Zawoad and Ragib Hasan for having their work on big data forensics accepted in the IEEE International Symposium on Big Data Security on Cloud (BigDataSecurity 2015), New York, USA.

Abstract::The age of big data opens new opportunities in various fields. While the availability of a big dataset can be helpful in some scenarios, it introduces new challenges in digital forensics investigations. The existing tools and infrastructures cannot meet the expected response time, when we investigate on a big dataset. Forensics investigators will face challenges while identifying necessary pieces of evidence from a big dataset, and collecting and analyzing those evidence. In this article, we propose the first working definition of big data forensics and systematically analyze the big data forensics domain to explore the challenges and issues in this forensics paradigm. We propose a conceptual model for supporting big data forensics investigation and present several use cases, where big data forensics can provide new insights to determine facts about criminal incidents.

2 papers accepted in the IEEE Cloud 2015

Congratulations to Maziar Foutohi, Shams Zawoad, Ragib Hasan, Abhishek Anand, and Anthony Skjellum for having their work accepted in the 8th IEEE International Conference on Cloud Computing.

1. Shams Zawoad, Ragib Hasan, Anthony Skjellum, “OCF: An Open Cloud Forensics Model for Reliable Digital Forensics”, the 8th IEEE International Conference on Cloud Computing, New York, USA, June 2015

Abstract: The rise of cloud computing has changed the way computing services and resources are used. However, existing digital forensics science cannot cope with the black-box nature of clouds nor with multi-tenant cloud models. Because of the fundamental characteristics of clouds, many assumptions of digital forensics are invalidated in clouds. In the digital forensics process involving clouds, the role of cloud service providers (CSP) is utterly important, a role which needs to be considered in the science of cloud forensics. In this paper, we define cloud forensics considering the role of the CSP and propose the Open Cloud Forensics (OCF) model. Based on this OCF model, we propose a cloud computing architecture and validate our proposed model using a case study, which is inspired from an actual civil lawsuit.

2. Maziar Foutohi, Abhishek Anand, Ragib Hasan, “PLAG: Practical Landmark Allocation for Cloud Geolocation”, the 8th IEEE International Conference on Cloud Computing, New York, USA, June 2015.

Abstract: Knowing the physical location of files in a cloud system is of a great importance for any user, as is it can affect the whole service drastically. However, pinpointing the exact coordinates for the location of a server is very challenging. Providers prefer not to share the location of their data centers with public for security reasons, and this fact also adds to the complexity of this concept. Researchers have recently developed delay based schemes for cloud data geolocation, some of which use proprietary landmarks for location verification. Unfortunately, such landmark-based schemes are often impractical due to high cost and latency. In this paper, we have developed a practical scheme for landmark allocation in cloud data geolocation. We augment existing approaches with a new landmark allocation modification to get the same or often better accuracy, while decreasing the cost considerably. Our approach improves the existing state of the art by introducing the concept of publicly distributed landmarks for all delay based geolocation techniques.

2 researchers from SECRETLab receive Sigma Xi Grant-in-Aid of Research

Congratulations to SECRETLab researchers, Shams Zawoad and Rasib Khan, supervised by Ragib Hasan, Ph.D., on receiving their Sigma Xi Grant-in-Aid of Research (GIAR). The GIARs were received by the two SECRETLab researchers two separate projects for funding their research projects. Shams Zawoad, a Ph.D. candidate at SECRETLab, received the fund for his project on forensics enabled cloud framework. Rasib Khan, who is also a Ph.D. candidate at SECRETLab, received the fund for his project on secure PIN-based authentication service. The Sigma Xi GIAR program has a highly competitive application process and only less than 17% of applicants received any level of funding.

2 papers accepted at the 12th IEEE International Conference on Services Computing

Congratulations to Rasib Khan and Ragib Hasan for having 2 papers accepted at the 12th IEEE International Conference on Services Computing (SCC).

 

1. Rasib Khan, Ragib Hasan, “Fuzzy Authentication using Interaction Provenance in Service Oriented Computing”, the 12th IEEE International Conference on Services Computing (SCC), New York, USA, June 2015.

Abstract: In service oriented computing, authentication factors have their vulnerabilities when considered exclusively. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management. In contrast, social authentication is based on the nature, quality, and length of previous encounters with each other. We posit that human-to-machine authentication is a similar causal effect of an earlier interaction with the verifying party. We use this notion to propose interaction provenance as the only unified representation model for all authentication factors in service oriented computing. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We extend our model with fuzzy authentication using past interactions and linguistic policies. The paper presents an interaction provenance recording and authentication protocol and a proof-of-concept implementation with extensive experimental evaluation.

 

 

2. Rasib Khan, Ragib Hasan, “MIDEP: Multiparty Identity Establishment Protocol for Decentralized Collaborative Services”, the 12th IEEE International Conference on Services Computing (SCC), New York, USA, June 2015.

Abstract: Decentralized collaborative architectures are gaining popularity in all application areas, varying from peer-to-peer communication and content management to cloud and ubiquitous services. However, the public identity of the user is still a major concern, in terms of privacy, traceability, verifiability, masquerading, and other attacks in such environments. We demonstrate two new attacks, identity shadowing and the Man-in-the-Loop (MITL) attacks, which are applicable in particular to multiparty collaborative environments. In this paper, we propose MIDEP, a Multiparty IDentity Establishment Protocol for collaborative environments. The proposed protocol allows a client to establish a secure, multiparty, probabilistic, temporal, verifiable, and non-traceable public identity with the collaborating peers in a decentralized architecture. MIDEP allows a client to avoid identity shadowing and protects the service from the resulting threats as well as from colluded information sharing among the collaborating peers. We illustrate how existing collaborative service frameworks can utilize MIDEP to securely establish the public identity prior to beginning the service session. A prototype implementation is utilized to perform extensive experimental analysis. Our results show that MIDEP is highly suitable in terms of overhead to ensure secure identity establishment for underlying decentralized collaborative services.