Browsing by Author "Younis, Mohamed"
Now showing 1 - 20 of 40
Results Per Page
Sort Options
Item A Distributed Lightweight PUF-Based Mutual Authentication Protocol for IoV(MDPI, 2023-11-21) Alkanhal, Mona; Alali, Abdulaziz; Younis, MohamedIn recent times, the advent of innovative technological paradigms like the Internet of Things has paved the way for numerous applications that enhance the quality of human life. A remarkable application of IoT that has emerged is the Internet of Vehicles (IoV), motivated by an unparalleled surge of connected vehicles on the roads. IoV has become an area of significant interest due to its potential in enhancing traffic safety as well as providing accurate routing information. The primary objective of IoV is to maintain strict latency standards while ensuring confidentiality and security. Given the high mobility and limited bandwidth, vehicles need to have rapid and frequent authentication. Securing Vehicle-to-Roadside unit (V2R) and Vehicle-to-Vehicle (V2V) communications in IoV is essential for preventing critical information leakage to an adversary or unauthenticated users. To address these challenges, this paper proposes a novel mutual authentication protocol which incorporates hardware-based security primitives, namely physically unclonable functions (PUFs) with Multi-Input Multi-Output (MIMO) physical layer communications. The protocol allows a V2V and V2R to mutually authenticate each other without the involvement of a trusted third-party (server). The protocol design effectively mitigates modeling attacks and impersonation attempts, where the accuracy of predicting the value of each PUF response bit does not exceed 54%, which is equivalent to a random guess.Item A Networked System Dependability Validation Framework Using Physical and Virtual Nodes(IEEE, 2023-11-06) Sanjana Mehjabin, Suhee; Tekeoglu, Ali; Younis, Mohamed; Ebrahimabadi, Mohammad; Chandran, Rahul; Sookoor, Tamim; Karimi, NaghmehEmerging applications in the context of smart cities pursue a decentralized design that often involves numerous networked components. To validate such a design, the scientific community has resorted to software based simulators to find a way around the complexity of building large scale physical network test-beds. Network Simulator-3 (ns-3) is one of the most popular platforms for this purpose where communication-related performance metrics, e.g., latency and throughput, can be evaluated. Yet, concerns exist about the viability of such a simulated approach when assessing dependability metrics, e.g., trust and resilience to cyberattacks, since the misbehavior is mainly defined by the evaluator. Incorporating physical nodes within the simulated network would be advantageous in that regard. Advances have been made to connect network simulators, e.g., ns-3, to virtual machines to emulate communication with real devices. However, all efforts in the literature so far have been limited to a single physical host. This paper presents a framework where many external physical devices can act as a part of the ns-3 simulator and interact seamlessly with the nodes within the simulated network via Docker containers. Hence, our framework enables scalable and cost effective experimentation to validate dependability metrics like fault-tolerance and attack resilience. We demonstrate the utility of the proposed framework in evaluating performance under a set of attack scenarios.Item An Adaptive DPPM for Efficient and Robust Visible Light Communication Across the Air-Water Interface(IEEE, 2020-05-02) Islam, Md Shafiqul; Younis, MohamedThe scarcity of the optical power is the main challenge for underwater visible light communication. It becomes worst for communication across the air-water interface because of the reflection of light from the air-water interface. Differential pulse position modulation (DPPM) is one of the power efficient modulation techniques. In L-DPPM a block of M = log₂L input data is mapped into one of the L distinct waveforms containing only one on’ chip. The size of the DPPM packet is variable and depends on the value of input data and L, which makes error detection quite challenging. In this paper, we propose a frame structure that efficiently enables error detection within a packet for various symbol length, L, of DPPM. We also propose an algorithm using such a frame structure to enable effective detection of packet errors and for adaptively changing the value of L for optimal power efficiency while meeting a certain bound on the packet error rate (PER). We have named our proposed protocol as adaptive differential pulse position modulation (ADPPM). The Bit rate and PER have been studied for different signal-to-noise ratio (SNR) through simulation. A comparison between ADPPM and OOK, DPPM with fixed L is provided.Item AI-Enabled Jammer Deception Using Decoy Packets(IEEE, 2023-01-11) Frisbie, Stephan; Younis, MohamedIn this work, we present a learning algorithm for a wireless communications network to transmit decoy packets to counter an adversarial sensing-reactive jammer. As the jammer is required to search across channels for data transmissions, decoy packets can have the effect of stalling the jammer on a particular channel, preventing it from continuing its search and leaving legitimate packets unimpeded. A reinforcement learning algorithm trains a deep neural network with an explorationexploitation algorithm and experience replay. The state- and action-space and reward function are presented as components of the reinforcement learning framework. Our algorithm is tested with software simulations, modeling ZigBee communications nodes using time-division multiple access for medium access control. A reactive jammer is modeled in the simulation, with the goal of disrupting any detected ZigBee transmissions. A means to measure and distribute the reward function and system state to enable edge-learning in this context is presented as part of the implementation. The results demonstrate the effectiveness of our algorithm in mitigating the jamming attack, outperforming a random decoy strategy by a factor of two.Item An Attack Resilient PUF-based Authentication Mechanism for Distributed Systems(2022-02) Ebrahimabadi, Mohammad; Younis, Mohamed; Lalouani, Wassila; Karimi, NaghmehIn most PUF-based authentication schemes, a central server is usually engaged to verify the response of the device's PUF to challenge bit-streams. However, the server availability may be intermittent in practice. To tackle such an issue, this paper proposes a new protocol for supporting distributed authentication while avoiding vulnerability to information leakage where CRPs could be retrieved from hacked devices and collectively used to model the PUF. The main idea is to provision for scrambling the challenge bit-stream in a way that is dependent on the verifier. The scrambling pattern varies per authentication round for each device and independently across devices. In essence, the scrambling function becomes node-and packet-specific and the response received by two verifiers of one device for the same challenge bit-stream could vary. Thus, neither the scrambling function can be reverted, nor the PUF can be modeled even by a collusive set of malicious nodes. The validation results using data of an FPGA-based implementation demonstrate the effectiveness of our approach in thwarting PUF modeling attacks by collusive actors. We also discuss the approach resiliency against impersonation, Sybil, and reverse engineering attacks.Item A Blockchain-based Energy Trading Scheme for Dynamic Charging of Electric Vehicles(IEEE, 2022-02-02) Alshaeri, Abdulaziz; Younis, MohamedDynamic charging is a promising technology for Electric Vehicles (EVs) since it allows EVs to replenish its energy supply while on the move. The popular technology for such dynamic recharging utilizes magnetic induction by placing a large number of special charging pads on the roads that EVs pass over while traveling. Unlike the traditional stationary systems, dynamic charging introduces several challenges in how to handle billing, conduct EV authentication, and sustain privacy. The main issue is attributed to the high motion speed of EVs which allows a very short contact time between the resource constrained charging pads and the EVs. Therefore, we propose a lightweight and fast authentication protocol for EV-to-charging-pads; the protocol is incorporated in an energy trading scheme for the dynamic charging of EVs that is based on blockchain technology. We utilize Physically Unclonable Function (PUF) in the creation of a charging ticket in order to prevent double-spending of the ticket without incurring additional overhead. Furthermore, we leverage pseudonyms to preserve the privacy of EVs. Our analysis demonstrates that the proposed protocol is secure and allows a charging pad to authenticate EV in less than 13 μsec.Item Blockchain-Enabled and Data-Driven Smart Healthcare Solution for Secure and Privacy-Preserving Data Access(IEEE, 2021-07-12) Younis, Mohamed; Lalouani, Wassila; Lasla, Noureddine; Emokpae, Lloyd; Abdallah, MohamedThe major advances in body-mounted sensors and wireless technologies have been revolutionizing the healthcare industry, where patient’s conditions can be remotely monitored by medical staff. Such a model is gaining broad support due to its economic and social advantages. However, the wealth of sensor measurements pose major technical challenges on where to store the collected data, how to ensure its integrity, who control access permissions, and how to enable secure interaction between patients and medical facilities and professionals. This article aspires to provide a holistic solution based on blockchain technology. Our solution puts the patient in charge for granting and revoking access permissions and makes it easy for healthcare organizations and providers to meet privacy regulations. The sensor data are to reside on cloud storage, while access control and session logs are maintained on blockchain. In addition, a novel data-driven authentication and secure communication protocol is proposed to mitigate the risk of fraud and identity theft. In order to enforce such a protocol, all interactions between the cloud and patients and healthcare providers are regulated through smart contracts. The security properties of our solution are analyzed using AVISPA; it is also shown to be computationally efficient.Item Collusion-resistant PUF-based Distributed Device Authentication Protocol for Internet of Things(IEEE, 2023-01-11) Lalouani, Wassila; Younis, Mohamed; Ebrahimabadi, Mohammad; Karimi, NaghmehThe scale, unattended-operation and ad-hoc nature of an Internet-of-Things (IoT) make the network vulnerable to device impersonation, message replay, and Sybil attacks by either external actors or compromised nodes. This paper opts to tackle such vulnerability and presents a novel and effective solution for mutual authentication of IoT nodes. The proposed solution calls for embedding a Physically Unclonable Function (PUF) on each device, and employs a lightweight protocol for validating the identity of the individual devices based on querying the PUF. To authenticate a “prover” node, a verifier node will send a challenge bit-stream to the prover, where the latter provides the response of its PUF to such a challenge to be matched by what the verifier expects. To prevent the PUF of a prover from being modeled by an eavesdropper or a collusive set of compromised verifiers, the proposed protocol makes the response to a challenge dependent on the verifier. In addition, our protocol combines such an identitybased response generation with a simple Elliptic curve to thwart any attempts by a compromised verifier to reverse engineer the response generation process. The robustness of our PUF-based IoT Device Authentication (PIDA) protocol, is validated using data collected from an FPGA-based implementation.Item Countering PUF Modeling Attacks through Adversarial Machine Learning(IEEE, 2021-07) Ebrahimabadi, Mohammad; Lalouani, Wassila; Younis, Mohamed; Karimi, NaghmehA Physically Unclonable Function (PUF) is an effective option for device authentication, especially for IoT frameworks with resource-constrained devices. However, PUFs are vulnerable to modeling attacks which build a PUF model using a small subset of its Challenge-Response Pairs (CRPs). We propose an effective countermeasure against such an attack by employing adversarial machine learning techniques that introduce errors (poison) to the adversary’s model. The approach intermittently provides wrong response for the fed challenges. Coordination among the communicating parties is pursued to prevent the poisoned CRPs from causing the device authentication to fail. The experimental results extracted for a PUF implemented on FPGA demonstrate the efficacy of the proposed approach in thwarting modeling attacks. We also discuss the resiliency of the proposed scheme against impersonation and Sybil attacks.Item A Cross-Stack QoS Routing Approach For Underwater Acoustic Sensor Networks(IEEE, 2018-10-18) Emokpae, Lloyd E.; Liu, Zhiqiang; Edelmann, Geoffrey F.; Younis, MohamedIn this paper, we utilize a novel cross-stackc design that factors in the dynamics of the underwater channel to optimize the single-hop performance amongst multiple node pairs. This will result in a set of links that meet or exceed QoS requirements, which is further leveraged for network discovery and energy-efficient routing with minimum end-to-end packet delay. Thus, our proposed routing approach will provide means to guarantee application-specific QoS while also maximizing the network lifetime. Simulation experiments were conducted to validate the approach in a shallow water multipath environment.Item Detection Algorithm for Cellular Synchronization Signals in Airborne Applications(IEEE, 2021-04-07) Stevens, Brian; Younis, MohamedCellular to air communication is critical for the booming aerial package delivery and transportation business. Detecting cellular signals in airborne applications is challenging because it requires receiving and processing waveforms that are subject to significantly more interference than those experienced in terrestrial settings. This paper highlights and tackles the complexity of 4G Long Term Evolution (LTE) signal synchronization in high altitude applications, e.g., cell access onboard an aircraft. Specifically, we design a novel cell detector that operates efficiently under high interference levels found in airborne applications, maintains a constant false alarm rate using an optimized threshold implementation for Zadoff Chu sequences, and monitors multiple towers with different time delays simultaneously. We validate our cell detector through simulation and experimentation. Lastly, the cell detector is used to estimate the interference in live waveforms taken from an aircraft at 2 to 2.5 km altitude and velocities of 200–400 km/h. Our cell detection model can be adapted to support 5G New Radio (NR) synchronization signals as NR deploys aerial support in the future. The threshold implementation to handle correlation spurs can be applied directly to other Zadoff Chu based signals such as random access signals found in both LTE and NR.Item Digital Twin Based Topology Fingerprinting for Detecting False Data Injection Attacks in Cyber-Physical Systems(2024-06-09) Bahrami, Javad; Ebrahimabadi, Mohammad; Younis, Mohamed; Karimi, NaghmehA Cyber-Physical System (CPS) employs interconnected sensing and actuation modules and applies distributed control strategies. With the major advances in communication technology, the CPS design methodology is getting broadly adopted, including in safety and mission-critical applications. The incorporation of digital twins within a CPS facilitates localized decision-making by the individual control modules within the system in a timely manner without risking stability and performance. However, cyberattacks could be detrimental when false data is injected to degrade the accuracy of the underlying digital twins so that a CPS module takes non-optimal or even risky action that causes application failure. This paper proposes a novel approach for detecting such an attack scenario through a combination of a predictive data model and a topology fingerprinting scheme. Specifically, we employ a recurrent neural network (RNN) to predict the next state (data) for the individual modules and use it to reason about the periodic updates provided by these modules. Then, we apply a data-driven fingerprinting scheme that characterizes the inter-module interaction to infer and classify anomalies based on the module-provided data. The validation results using a dataset of a smart power grid application demonstrate the effectiveness of our approach.Item Digital Twin Integrity Protection in Distributed Control Systems(2023-10-11) Ebrahimabadi, Mohammad; Bahrami, Javad; Younis, Mohamed; Karimi, NaghmehThe notion of Cyber-Physical Systems (CPS) reflects real-time control applications that are realized through distributed coordination among multiple modules. Such coordination is founded on frequent exchange of status and sensor data among the various modules so that actuation decisions are made autonomously. The formation of digital twins has emerged as an effective methodology where data-driven models are employed to enable effective decision making. Hence, the accuracy of these models become very critical for system stability; no wonder data forgery is a major threat for CPS where an attacker strives to inject faulty data to degrade the digital twin of one or multiple modules. Such an attack could be taking the form of impersonating a component, or manipulating/replaying status update packets. This paper proposes an effective scheme for mitigating such a threat by employing hardware-based fingerprinting primitives, namely, Physically Unclonable Functions (PUFs). The proposed PUF-based Integrity protection of digital Twins (PIT) scheme, ensures the authenticity of data sources, and the freshness and integrity of the shared status. PIT is validated using analysis and prototype implementation on an FPGA.Item Dynamic Local Vehicular Flow Optimization Using Real-Time Traffic Conditions at Multiple Road Intersections(IEEE, 2019-02-21) Lee, Sookyoung; Younis, Mohamed; Murali, Aiswarya; Lee, MeejeongDynamic management of vehicular traffic congestion to maximize throughput in urban areas has been drawing increased attention in recent years. For that purpose, a number of adaptive control algorithms have been proposed for individual traffic lights based on the in-flow rate. However, little attention has been given to the traffic throughput maximization problem considering real-time road conditions from multiple intersections . In this paper, we formulate such a problem as maximum integer multi-commodity flow by considering incoming vehicles that have different outgoing directions. Then, we propose a novel adaptive traffic light signal control algorithm which opts to maximize traffic flow through and reduce the waiting time of vehicles at an intersection. The proposed algorithm adjusts traffic light signal phases and durations depending on real-time road condition of local and neighboring intersections. Via SUMO simulation, we demonstrate the effectiveness of the proposed algorithm in terms of traffic throughput and average travel time.Item Efficient Distributed Authentication for Intelligent Transportation Systems Using Mobile Devices(IEEE, 2024-03-27) Alshaeri, Abdulaziz; Younis, MohamedIntelligent Transportation Systems (ITS) opt to improve safety and efficiency by internetworking vehicles, road infrastructure, pedestrians, etc. Given the ad-hoc connectivity and dynamic topology of such a network, robust authentication of member nodes is essential. The authentication process should also suit the resource constrained ITS nodes. This paper proposes an efficient approach for Distributed Authentication for ITS (DAITS). DAITS employs drivers’ mobile devices to act as verifiers, and hence message authentication is provided in an as-a-service basis for the ITS nodes. Moreover, DAITS is a certificateless system, which deploys private smart contracts in a permissioned blockchain, for certifying nodes. Furthermore, the smart contracts store authentication tokens for the ITS nodes which ensure authentication between the ITS nodes and road infrastructure. DAITS relies on lightweight security primitives such as hash function, bitwise XOR, and Hash-based Message Authentication Code (HMAC). Extensive security analysis shows that DAITS can resist various security attacks. The simulation results demonstrate that DAITS is both resource-efficient and scalable, and outperforms competing schemes in terms of computation and communication overhead, and verification delay.Item An Efficient Pulse Position Modulation Scheme to Improve the Bit Rate of Photoacoustic Communication(IEEE, 2023-06-07) Islam, Md Shafiqul; Younis, Mohamed; Mahmud, Muntasir; Choa, Fow-SenWireless communication from air-to-underwater is quite challenging because of the lack of proper physical signal that propagates well in both air and water medium. Photoacoustic energy transfer mechanism is the most promising method for such cross-medium communication, where a high energy pulsed light is focused on the water surface, causing the generation of an acoustic signal inside the water. Since acoustic signals can travel a long distance inside the water, this method enables an airborne unit to reach nodes at increased underwater depth. Yet the achievable bit rate for this process is very low. When a pulsed laser light with a higher repetition rate is focused inside the water, a vapor cloud is generated around the focus point, which blocks subsequent generation of acoustic signal and consequently limits the achievable bit rate. This paper opts to overcome such a limitation by proposing a novel pulse position modulation technique which can avoid such generation of vapor cloud and increases the bit rate significantly.Item Efficient Distributed Admission and Revocation using Blockchain for Cooperative ITS(IEEE, 2018) Lasla, Noureddine; Younis, Mohamed; Znaidi, Wassim; Arbia, Dhafer BenCooperative Intelligent Transportation System (C-ITS) enables inter-networking of vehicles for alerts exchanging in order to improve road safety. While this technology is about to enter the market in the upcoming years, critical questions related to the communication security continue to be challenging research concerns. Current solutions to secure inter-vehicle com-munication depend mainly on the use of digital certificates for authentication. However, such an approach imposes significant overhead on vehicles since it is computationally demanding and requires validation of the certificate within a limited period. In addition, relying on a central node for deciding on issuing and revoking certificates introduces a single point of failure and could even risk the safety of motorists. In this paper, we propose the use of Blockchain to keep track of the certificate of each vehicle (valid or revoked) in distributed and immutable records. In essence we replace certificate verification with a lightweight blockchain-based authentication approach. In addition, we pro-pose a fully distributed vehicle admission/revocation scheme. We show that our scheme could alleviate the computation overhead and enhance the response time while improving the overall system security.Item Energy-Aware Cross-Layer Technique for Countering Traffic Analysis Attacks on Wireless Sensor Network(IEEE, 2022-12-16) Ebrahimi, Yousef; Younis, MohamedThe vital role of a base station (BS) in a wireless sensor network (WSN) has made it a favorable target in hostile environments. Despite attempts to physically make the BS hidden to prying eyes, traffic analysis would give an adversary insight into the network topology and the BS whereabouts. Evidence Theory (ET) is a prominent methodology for performing such an analysis. Unfortunately, all existing countermeasures not only overlook patterns of energy usage in WSNs, but also impose untamed overhead that shortens the WSN lifetime. In this paper, we first propose a novel energy-aware and multi-zone scheme to significantly reduce the overhead of countermeasures on highly overburdened nodes in the BS proximity, and hence significantly improve the WSN lifespan. We also show how our proposed scheme improves resilience against ET via diminishing the collected evidence by an adversary. We then propose a novel cross-layer technique that exploits transmission range adjustment to confuse the adversary about the data paths. This results in a versatile and effective countermeasure that significantly improves anonymity of the BS. The performance is validated through extensive simulation experiments.Item Flow-based Service Type Identification using Deep Learning(IEEE, 2021-07-26) Elsaadawy, Mona; Basta, Petar; Zheng, Yunjia; Kemme, Bettina; Younis, MohamedAutomatic identification of the service type used by network flows (e.g., HTTP and MySQL) is an essential part of many cloud management and monitoring tasks for quality of service, security monitoring, resource allocation, etc. Several studies have adapted deep learning models for accurate service type identification of network traffic. These models vary in how the message flow data is used and what datasets are considered. There are no published guidelines on selecting the best approach for automating the service identification process. In this paper, we opt to fill such a technical gap and provide a detailed study of the trade-offs of different deep-learning based approaches for service type identification of network traffic. Towards this end, we generate flow-based datasets for a wide range of service types that are commonly deployed in the cloud. We consider two different deep learning models that have shown promising results in this context, and show their performance for both payload- and header-based datasets, considering fundamental parameters such as dynamic service port configuration, flow direction and the packet order in the flow stream.Item Geospatial Cognitive Networking Protocols and Sensing Algorithms for 5G NR Beamforming(IEEE, 2022-09-06) Stevens, Brian; Younis, MohamedAlthough 5G New Radio (NR) has created new opportunities for cognitive radio networks, its increased physical layer security and flexibility limit the usefulness of traditional cognitive detectors such as energy and blind control channel algorithms. This paper presents CASINO-NR, a novel framework for establishing a cognitive self-reliant secondary network with no additional physical infrastructure, collaboration from the primary network nodes, and software or hardware changes to the existing 5G network. CASINO-NR includes a novel beam detection algorithm that finds and ranks 5G NR synchronization signals to determine geospatially non-interfering beams for secondary communications. We compare the developed beam detector with multiple existing approaches for sensitivity to interference and phase distortions. We also apply power control to prevent interference on neighboring beams. CASINO-NR is analyzed against the estimated throughput capacity and capabilities of other cognitive detectors found in literature. Finally, we examine an experimental beamforming example to demonstrate our beam detection algorithm and present a case for geospatial resources for cognitive radio communications.