Secure Identities in Service Oriented Computing

service-oriented-computing

In today’s world, a digital identity on the Internet can be considered synonymous to a currency. The reputation of a digital identity reflects the person and affects his real-life in social contexts. Current or future jobs, credit scores, loans, public and social reputation are all affected by a person’s identity on the Internet. A user is vulnerable to identity thefts in various means and ways. Our research explores secure technologies, models, security frameworks, and protocols for the different domains of Internet-enabled services: peer-to-peer systems, decentralized and distributed architectures, interactive systems, and general client-server models. Our protocol designs are engineered based on analyzing threat models for the target service infrastructure and cryptographic technologies. The protocols and systems are tested and evaluated using our private 5-node OpenStack cloud, numerous Raspberry Pi-s and Arduinos, various mobile and tablet devices, Google watches, and Google Glasses. We use advanced statistical toolkits to perform data mining and analytical modeling on security practices and susceptibility of users on the Internet. Read More

Cloud Forensicscloudforensics

Throughout history, it has been observed that general technological developments have continually created new opportunities for criminal activity. This is also true for the emergence of cloud computing. While the high degree of scalability, very convenient pay-as-you-go service, and low cost computing provided by clouds drive the rapid adoption of clouds, the same features can motivate a malicious individual to launch attacks from machines inside a inside a cloud, or use clouds to store contraband documents . To investigate these type of cases, we need to execute digital forensics procedures in the cloud to determine the facts about an incident, which is known as cloud forensics. Currently, forensics investigators need to depend on the cloud service providers to collect evidence. However, investigators need to believe the CSPs blindly as they cannot verify whether a cloud provider is providing valid evidence. In this project, we are working towards designing a complete trustworthy forensics-enabled cloud computing architecture. Read More

Cloud Securitybanner1

Unlike the previous attempt of introducing computing as a service, Cloud market is growing faster and becoming a dominant part of current computing and storage. While the economic feature of Cloud is fascinating, the security challenges it poses are very critical and arguably the most significant barrier to widespread acceptance of cloud computing. As cloud is nothing but a new paradigm of distributed system, it is vulnerable to any of the traditional security threat. To make it worse, for the unique characteristic of on-demand self service, broad network access, resource pooling, rapid elasticity cloud creates a versatile field of security concerns.

Secured or not, the long dreamt Computing as a utility is the future of computing and storage. The obvious question arises here whether Cloud is ready to take the responsibility. Therefore finding out the potential security problem and create cloud sustainable is really a requirement. Our research goal is to find out the security concerns of this state-of-arts technology and make secured protocol for Cloud.

Mobile Cloud

cell cloudThe problem with current cloud services is that they require a very high initial set up time. Moreover, the fixed infrastructure of cloud system suffers if there is a rapid increase or decrease in clients’ demands for cloud services. Therefore, current cloud providers cannot provide satisfactory performance for the client who seeks for low cost instant cloud service. Moreover, the existing mobile cloud architecture fails to attract the mobile device owners due to the absence of a proper incentive model.

We proposed CellCloud, a mobile cloud architecture based on bidding incentives. In CellCloud, mobile devices known as bidders are hired after a bidding process. During the bidding process, each bidder is offered monetary incentive based on their available resource and rating point. CellCloud accepts a task from client and distributes it among the bidders based on their total resources. CellCloud sends the reduced result back to the client after the bidders computed their assigned portion of the task. Read More

Mobile Malware Security

The proliferation of mobile computing devices has enabled immense opportunities for everyday users. At the same time, however, this has opened up new, and per- haps more severe, possibilities for attacks. In this project, we explore a novel generation of mobile malware called the Manchurian Malware. It exploits the rich variety of sensors available on current mobile devices.


Two properties distinguish the proposed malware from the existing state-of-the-art. First, in addition to the misuse of the various traditional services available on modern mobile devices, this malware can be used for the purpose of targeted context-aware attacks. Second such a malware can be commanded and controlled over context-aware, out-of-band channels as opposed to a centralized infrastructure. These communication channels can be used to reach out to a large number of infected devices, while remaining covert. To demonstrate the feasibility of the Manchurian Malware, we have designed different flavors of command and control channels based on acoustic, visual and magnetic signaling. We further built a proof-of- concept Android application implementing many such channels. See Project Main Page

This is a joint project led by Dr. Ragib Hasan of UAB SECRETLab and Dr. Nitesh Saxena of SPIES Lab.

 

Internet-of-Things (IoT) Securityiot_ecosystem

Internet-of-Things is a result of a technical revolution, which reflects with future computing and communications including existing and evolving internet. Over the time Internet technologies have evolved, and become Internet of Things. With the advent of this paradigm the dream to convergence everything, and everyone under a single umbrella has come true. Machine-to-machine (M2M), Radio Frequency Identification (RFID), context-aware computing, wearables, ubiquitous computing, and web-of-things all are considered to be seamlessly integrated into a global information network, which has the  self configuring capabilities based on standard and inter-operable communication protocols . Read More

Sockpuppet Detection in WikipediaWikipedia-Sockpuppet

Sockpuppet is a false user who deceptively intends to manipulate an article in Wikipedia. Our goal is to identify a sock puppet based on their posts and comments using authorship attribution. Currently we have a semi-automatic tool to detect a sock puppet. We are working to release a complete tool for this detection.

Improving Readability of an Article in Wikipedia

The goal of this research is to find potential attribute or key features that change the quality of a Wikipedia article in terms of readability score. The higher the score is difficult to read an article. We gather values of other attributes and find relationship between readability and other attributes using statistical analysis.