Hafiz Malik - Academia.edu (original) (raw)

Papers by Hafiz Malik

2022 IEEE International Conference on Image Processing (ICIP)

This paper demonstrates a novel approach to improve facerecognition pose-invariance using semanti... more This paper demonstrates a novel approach to improve facerecognition pose-invariance using semantic-segmentation features. The proposed Seg-Distilled-ID network jointly learns identification and semantic-segmentation tasks, where the segmentation task is then "distilled" (MobileNet encoder). Performance is benchmarked against three state-ofthe-art encoders on a publicly available data-set emphasizing head-pose variations. Experimental evaluations show the Seg-Distilled-ID network shows notable robustness benefits, achieving 99.9% test-accuracy in comparison to 81.6% on ResNet-101, 96.1% on VGG-19 and 96.3% on InceptionV3. This is achieved using approximately one-tenth of the top encoder's inference parameters. These results demonstrate distilling semantic-segmentation features can efficiently address face-recognition pose-invariance.

Data-Centric Engineering

In this article, a novel drive mode, “intelligent vehicle drive mode” (IVDM), was proposed, which... more In this article, a novel drive mode, “intelligent vehicle drive mode” (IVDM), was proposed, which augments the vehicle engine performance in real-time. This drive mode predicts the driver behavior vector (DBV), which optimizes the vehicle engine performance, and the metric of optimal vehicle engine performance was defined using the elements of engine operating point (EOP) and heating ventilation and air conditioning system (HVAC). Deep learning (DL) models were developed by mapping the vehicle level vectors (VLV) with EOP and HVAC parameters, and the trained functions were utilized to predict the future states of DBV reflecting augmented vehicle engine performance. The iterative analysis was performed by empirically estimating the future states of VLV in the allowable range of DBV and was fed into the DL model to predict the performance vectors. The defined vehicle engine performance metric was applied to the predicted vectors, and thus optimal DBV is the instantaneous output of the...

Sensors, 2022

The use of face masks has increased dramatically since the COVID-19 pandemic started in order to ... more The use of face masks has increased dramatically since the COVID-19 pandemic started in order to to curb the spread of the disease. Additionally, breakthrough infections caused by the Delta and Omicron variants have further increased the importance of wearing a face mask, even for vaccinated individuals. However, the use of face masks also induces attenuation in speech signals, and this change may impact speech processing technologies, e.g., automated speaker verification (ASV) and speech to text conversion. In this paper we examine Automatic Speaker Verification (ASV) systems against the speech samples in the presence of three different types of face mask: surgical, cloth, and filtered N95, and analyze the impact on acoustics and other factors. In addition, we explore the effect of different microphones, and distance from the microphone, and the impact of face masks when speakers use ASV systems in real-world scenarios. Our analysis shows a significant deterioration in performance ...

Modern vehicles have evolved into supporting advanced internal networks and connecting System Bas... more Modern vehicles have evolved into supporting advanced internal networks and connecting System Based Chips (SBC), System in a Package (SiP) solutions or traditional micro controllers to foster an electronic ecosystem for high speed data transfers, precision and real-time control. The use of Controller Area Networks (CAN) is widely adopted as the backbone of internal vehicle communication infrastructure. Automotive applications such as ADAS, autonomous driving, battery management systems, power train systems, telematics and infotainment, all utilize CAN transmissions directly or through gateway management. The network transmissions lack robust integrity verification mechanisms to validate authentic data payloads, making it vulnerable to packet replay, spoofing, insertion, deletion and denial of service attacks. Additional methods exist to secure network data such as traditional cryptography. Utilizing this method will increase the computational complexity, processing latency and incre...

Applied Sciences, 2020

Diabetic patients are at the risk of developing different eye diseases i.e., diabetic retinopathy... more Diabetic patients are at the risk of developing different eye diseases i.e., diabetic retinopathy (DR), diabetic macular edema (DME) and glaucoma. DR is an eye disease that harms the retina and DME is developed by the accumulation of fluid in the macula, while glaucoma damages the optic disk and causes vision loss in advanced stages. However, due to slow progression, the disease shows few signs in early stages, hence making disease detection a difficult task. Therefore, a fully automated system is required to support the detection and screening process at early stages. In this paper, an automated disease localization and segmentation approach based on Fast Region-based Convolutional Neural Network (FRCNN) algorithm with fuzzy k-means (FKM) clustering is presented. The FRCNN is an object detection approach that requires the bounding-box annotations to work; however, datasets do not provide them, therefore, we have generated these annotations through ground-truths. Afterward, FRCNN is...

Computer Modeling in Engineering & Sciences, 2022

To discover and identify the influential nodes in any complex network has been an important issue... more To discover and identify the influential nodes in any complex network has been an important issue. It is a significant factor in order to control over the network. Through control on a network, any information can be spread and stopped in a short span of time. Both targets can be achieved, since network of information can be extended and as well destroyed. So, information spread and community formation have become one of the most crucial issues in the world of SNA (Social Network Analysis). In this work, the complex network of twitter social network has been formalized and results are analyzed. For this purpose, different network metrics have been utilized. Visualization of the network is provided in its original form and then filter out (different percentages) from the network to eliminate the less impacting nodes and edges for better analysis. This network is analyzed according to different centrality measures, like edge-betweenness, betweenness centrality, closeness centrality and eigenvector centrality. Influential nodes are detected and their impact is observed on the network. The communities are analyzed in terms of network coverage considering the Minimum Spanning Tree, shortest path distribution and network diameter. It is found that these are the very effective ways to find influential and central nodes from such big social networks like Facebook, Instagram, Twitter, LinkedIn, etc.

Vehicles, 2021

This article presents a novel methodology to predict the optimal adaptive cruise control set spee... more This article presents a novel methodology to predict the optimal adaptive cruise control set speed profile (ACCSSP) by optimizing the engine operating conditions (EOC) considering vehicle level vectors (VLV) (body parameter, environment, driver behaviour) as the affecting parameters. This paper investigates engine operating conditions (EOC) criteria to develop a predictive model of ACCSSP in real-time. We developed a deep learning (DL) model using the NARX method to predict engine operating point (EOP) mapping the VLV. We used real-world field data obtained from Cadillac test vehicles driven by activating the ACC feature for developing the DL model. We used a realistic set of assumptions to estimate the VLV for the future time steps for the range of allowable speed values and applied them at the input of the developed DL model to generate multiple sets of EOP’s. We imposed the defined EOC criteria on these EOPs, and the top three modes of speeds satisfying all the requirements are d...

2017 IEEE Workshop on Information Forensics and Security (WIFS), 2017

The Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle data communicati... more The Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle data communication. Simplicity, robustness, and suitability for real-time systems are the salient features of the CAN bus protocol. However, it lacks the basic security features such as massage authentication, which makes it vulnerable to the spoofing attacks. In a CAN network, linking CAN packet to the sender node is a challenging task. This paper aims to address this issue by developing a framework to link each CAN packet to its source. Physical signal attributes of the received packet consisting of channel and node (or device) which contains specific unique artifacts are considered to achieve this goal. Material and design imperfections in the physical channel and digital device, which are the main contributing factors behind the device-channel specific unique artifacts, are leveraged to link the received electrical signal to the transmitter. Generally, the inimitable patterns of signals from each ECUs exist over the course of time that can manifest the stability of the proposed method. Uniqueness of the channel-device specific attributes are also investigated for time-and frequency-domain. Feature vector is made up of both time and frequency domain physical attributes and then employed to train a neural network-based classifier. Performance of the proposed fingerprinting method is evaluated by using a dataset collected from 16 different channels and four identical ECUs transmitting same message. Experimental results indicate that the proposed method achieves correct detection rates of 95.2% and 98.3% for channel and ECU classification, respectively.

IEEE Access, 2020

All major banks in the USA and around the world offer remote check deposit services. Consumers ca... more All major banks in the USA and around the world offer remote check deposit services. Consumers can use their smart phones to deposit checks remotely. This new online check truncation system is vulnerable to a wide range of attacks, including digital check forgery. Shifting trust from a human teller or an automated teller machine (ATM) to a smart device (cell phone) provides new attack surfaces. This paper exploits security vulnerabilities in the existing remote check deposit system and presents an attack vector for existing remote check truncation systems. The proposed attack vector exploits vulnerabilities in the untrusted client-side check-deposit system that enables an attacker to instrument the check deposit application library. The instrumented library allows the attacker to induce digital check forgery with minimized tampering artifacts. It has been observed through this investigation that digital check forgery-based attacks are more powerful than conventional paper-based check forgery attacks. The effectiveness of these attacks is evaluated by targeting three leading banks in United States, finding that all three of the targeted banks are vulnerable to the proposed attacks. A set of countermeasures based on digital check verification is also proposed to combat digital check forgery attacks on existing remote check deposit systems. The proposed countermeasures rely on tamper detection in digital images and expert-system based decision fusion. The effectiveness of the proposed framework is evaluated using tampered check images. The tampered images used for performance evaluation also include set of tampered images used for successfully attacking the remote check deposit systems(being using by leading banks around the world today). Experimental results show that the proposed expert system-based framework is capable of detecting digital check forgery attacks. INDEX TERMS Check truncation system, online banking, remote check deposit, digital check forgery, forgery detection, image forensics, expert system, library instrumentation, JPEG artifacts. AUN IRTAZA received the Ph.D. degree from FAST-NUCES, Islamabad, Pakistan, in 2016. During his Ph.D., he remained working as a research scientist in the Gwangju Institute of Science and Technology (GIST), South Korea. He became an

Proceedings of the 2014 Asia-Pacific Conference on Computer Science and Applications (CSAC 2014), Shanghai, China, 27-28 December 2014, 2015

2012 IEEE Statistical Signal Processing Workshop (SSP), 2012

ABSTRACT Acoustic environment leaves its fingerprint in the audio recording captured in it. Acous... more ABSTRACT Acoustic environment leaves its fingerprint in the audio recording captured in it. Acoustic reverberation and background noise are generally used to characterize an acoustic environment. Acoustic reverberation depends on the shape and the composition of a room, whereas, the background noise can be modeled using a dynamical random process. Inconsistencies in the acoustic environment traces can be used in a forensic and ballistic settings and acoustic environment identification (AEI). We describe a statistical framework to characterize recording environment. The proposed scheme uses inverse filtering to estimate reverberation component and particle filtering to estimate background noise from audio recording. A multi-class support vector machine (SVM) classifier is used for AEI. Experimental results show that the proposed system can successfully identify a recording environment for regular as well as blind AEI.

2013 International Symposium on Biometrics and Security Technologies, 2013

Biometric based access control systems (BACS) are widely used for robust and reliable identity ve... more Biometric based access control systems (BACS) are widely used for robust and reliable identity verification, but these systems also raise some serious privacy concerns. The biometric templates, used for access control process, are stored in the system database which is vulnerable to variety of attacks. This paper presents a two stage solution for securing biometric templates. The proposed method first models the fuzziness of template bits, which is used to select stable template bits. Channel coding based on low density parity check coding is then used to protect selected template against adversary attacks. To enhance the security of the proposed method further, both human irises are used for the access control process. Security performance of the developed algorithm is evaluated using publicly available CASIA database. Simulation results show that the proposed method provides stronger computational security than existing iris template security method.

IEEE Transactions on Information Forensics and Security, 2016

Numerous methods for detecting audio splicing have been proposed. Environmental-signature-based m... more Numerous methods for detecting audio splicing have been proposed. Environmental-signature-based methods are considered to be the most effective forgery detection methods. The performance of existing audio forensic analysis methods is generally measured in the absence of any anti-forensic attack. Effectiveness of these methods in the presence of anti-forensic attacks is therefore unknown. In this paper, we propose an effective anti-forensic attack for environmental-signature-based splicing detection method and countermeasures to detect the presence of the anti-forensic attack. For anti-forensic attack, dereverberation-based processing is proposed. Three dereverberation methods are considered to tamper with the acoustic environment signature. Experimental results indicate that the proposed dereverberation-based anti-forensic attack significantl degrades the performance of the selected splicing detection method. The proposed countermeasures exploit artifacts introduced by the anti-forensic processing. To detect the presence of potential anti-forensic processing, a machine learning-based framework is proposed. Specificall , the proposed anti-forensic detection method uses a rich-feature model consisting of Fourier coefficients spectral properties, high-order statistics of "musical noise" residuals, and modulation spectral coefficient to capture traces of dereverberation attacks. The performance of the proposed framework is evaluated on both synthetic data and realworld speech recordings. The experimental results show that the proposed rich-feature model can detect the presence of antiforensic processing with an average accuracy of 95%.

2022 American Control Conference (ACC)

There is ample evidence in the automotive cybersecurity literature that the car brake ECUs can be... more There is ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed. Motivated by such threat, this paper investigates the capabilities of an adversary who can directly control the frictional brake actuators and would like to induce wheel lockup conditions leading to catastrophic road injuries. This paper demonstrates that the adversary despite having a limited knowledge of the tire-road interaction characteristics has the capability of driving the states of the vehicle traction dynamics to a vicinity of the lockup manifold in a finite time by means of a properly designed attack policy for the frictional brakes. This attack policy relies on employing a predefinedtime controller and a nonlinear disturbance observer acting on the wheel slip error dynamics. Simulations under various road conditions demonstrate the effectiveness of the proposed attack policy.

2022 7th International Conference on Data Science and Machine Learning Applications (CDMA), 2022

2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 2019

Fake audio detection is expected to become an important research area in the field of smart speak... more Fake audio detection is expected to become an important research area in the field of smart speakers such as Google Home, Amazon Echo and chatbots developed for these platforms. This paper presents replay attack vulnerability of voice-driven interfaces and proposes a countermeasure to detect replay attack on these platforms. This paper presents a novel framework to model replay attack distortion, and then use a non-learning-based method for replay attack detection on smart speakers. The reply attack distortion is modeled as a higher-order nonlinearity in the replay attack audio. Higher-order spectral analysis (HOSA) is used to capture characteristics distortions in the replay audio. Effectiveness of the proposed countermeasure scheme is evaluated on original speech as well as corresponding replayed recordings. The replay attack recordings are successfully injected into the Google Home device via Amazon Alexa using the drop-in conferencing feature.

2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 2019

Voice cloning technologies have found applications in a variety of areas ranging from personalize... more Voice cloning technologies have found applications in a variety of areas ranging from personalized speech interfaces to advertisement, robotics, and so on. Existing voice cloning systems are capable of learning speaker characteristics and use trained models to synthesize a person's voice from only a few audio samples. Advances in cloned speech generation technologies are capable of generating perceptually indistinguishable speech from a bona-fide speech. These advances pose new security and privacy threats to voice-driven interfaces and speech-based access control systems. The state-of-the-art speech synthesis technologies use trained or tuned generative models for cloned speech generation. Trained generative models rely on linear operations, learned weights, and excitation source for cloned speech synthesis. These systems leave characteristic artifacts in the synthesized speech. Higher-order spectral analysis is used to capture differentiating attributes between bona-fide and cloned audios. Specifically, quadrature phase coupling (QPC) in the estimated bicoherence, Gaussianity test statistics, and linearity test statistics are used to capture generative model artifacts. Performance of the proposed method is evaluated on cloned audios generated using speaker adaptation-and speaker encoding-based approaches. Experimental results for a dataset consisting of 126 cloned speech and 8 bona-fide speech samples indicate that the proposed method is capable of detecting bona-fide and cloned audios with close to a perfect detection rate.

Developing Charging Infrastructure and Technologies for Electric Vehicles, 2022

Charging infrastructure is a key factor in successful electric vehicle adoption. Charging station... more Charging infrastructure is a key factor in successful electric vehicle adoption. Charging stations are still a fragmented market in terms of ownership, lack of standards, and charging protocols. The increasing decentralised grid has made energy and communication flow bi-directional. Challenges arise in maintaining the increasing decentralised structure, security, and privacy of the network. Blockchain facilitates the interconnectedness of such a distributed and decentralised network. Blockchain's versatility lies in its transparent and immutable decentralized architecture that enables direct transactions between users without the need of a middleman. It provides powerful safeguards against cyberattacks with its advanced cryptography enabling privacy-preserving authentication. This chapter presents a comprehensive review on the application of blockchain technology in EV charging infrastructure such as facilitating the peer-to-peer energy exchange, increased security and privacy, ...

ArXiv, 2018

Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical... more Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both...

Compromising lower levels of the computing stack is attractive to attackers since malware that re... more Compromising lower levels of the computing stack is attractive to attackers since malware that resides in layers that span firmware and hardware are notoriously difficult to detect and remove. This trend raises concerns about the security of the system components that we have grown accustomed to trusting, especially as the number of supply chain attacks continues to rise. In this work, we explore the risks associated with application security in the presence of untrusted firmware. We present a novel firmware attack that leverages system management cycles to covertly collect data from the application layer. We show that system interrupts that are used for managing the platform, can be leveraged to extract sensitive application data from outgoing requests even when the HTTPS protocol is used. We evaluate the robustness of our attack under diverse and stressful application usage conditions running on Ubuntu 18.04 and Android 8.1 operating systems. We conduct a proof-of-concept implemen...

2022 IEEE International Conference on Image Processing (ICIP)

This paper demonstrates a novel approach to improve facerecognition pose-invariance using semanti... more This paper demonstrates a novel approach to improve facerecognition pose-invariance using semantic-segmentation features. The proposed Seg-Distilled-ID network jointly learns identification and semantic-segmentation tasks, where the segmentation task is then "distilled" (MobileNet encoder). Performance is benchmarked against three state-ofthe-art encoders on a publicly available data-set emphasizing head-pose variations. Experimental evaluations show the Seg-Distilled-ID network shows notable robustness benefits, achieving 99.9% test-accuracy in comparison to 81.6% on ResNet-101, 96.1% on VGG-19 and 96.3% on InceptionV3. This is achieved using approximately one-tenth of the top encoder's inference parameters. These results demonstrate distilling semantic-segmentation features can efficiently address face-recognition pose-invariance.

Data-Centric Engineering

In this article, a novel drive mode, “intelligent vehicle drive mode” (IVDM), was proposed, which... more In this article, a novel drive mode, “intelligent vehicle drive mode” (IVDM), was proposed, which augments the vehicle engine performance in real-time. This drive mode predicts the driver behavior vector (DBV), which optimizes the vehicle engine performance, and the metric of optimal vehicle engine performance was defined using the elements of engine operating point (EOP) and heating ventilation and air conditioning system (HVAC). Deep learning (DL) models were developed by mapping the vehicle level vectors (VLV) with EOP and HVAC parameters, and the trained functions were utilized to predict the future states of DBV reflecting augmented vehicle engine performance. The iterative analysis was performed by empirically estimating the future states of VLV in the allowable range of DBV and was fed into the DL model to predict the performance vectors. The defined vehicle engine performance metric was applied to the predicted vectors, and thus optimal DBV is the instantaneous output of the...

Sensors, 2022

The use of face masks has increased dramatically since the COVID-19 pandemic started in order to ... more The use of face masks has increased dramatically since the COVID-19 pandemic started in order to to curb the spread of the disease. Additionally, breakthrough infections caused by the Delta and Omicron variants have further increased the importance of wearing a face mask, even for vaccinated individuals. However, the use of face masks also induces attenuation in speech signals, and this change may impact speech processing technologies, e.g., automated speaker verification (ASV) and speech to text conversion. In this paper we examine Automatic Speaker Verification (ASV) systems against the speech samples in the presence of three different types of face mask: surgical, cloth, and filtered N95, and analyze the impact on acoustics and other factors. In addition, we explore the effect of different microphones, and distance from the microphone, and the impact of face masks when speakers use ASV systems in real-world scenarios. Our analysis shows a significant deterioration in performance ...

Modern vehicles have evolved into supporting advanced internal networks and connecting System Bas... more Modern vehicles have evolved into supporting advanced internal networks and connecting System Based Chips (SBC), System in a Package (SiP) solutions or traditional micro controllers to foster an electronic ecosystem for high speed data transfers, precision and real-time control. The use of Controller Area Networks (CAN) is widely adopted as the backbone of internal vehicle communication infrastructure. Automotive applications such as ADAS, autonomous driving, battery management systems, power train systems, telematics and infotainment, all utilize CAN transmissions directly or through gateway management. The network transmissions lack robust integrity verification mechanisms to validate authentic data payloads, making it vulnerable to packet replay, spoofing, insertion, deletion and denial of service attacks. Additional methods exist to secure network data such as traditional cryptography. Utilizing this method will increase the computational complexity, processing latency and incre...

Applied Sciences, 2020

Diabetic patients are at the risk of developing different eye diseases i.e., diabetic retinopathy... more Diabetic patients are at the risk of developing different eye diseases i.e., diabetic retinopathy (DR), diabetic macular edema (DME) and glaucoma. DR is an eye disease that harms the retina and DME is developed by the accumulation of fluid in the macula, while glaucoma damages the optic disk and causes vision loss in advanced stages. However, due to slow progression, the disease shows few signs in early stages, hence making disease detection a difficult task. Therefore, a fully automated system is required to support the detection and screening process at early stages. In this paper, an automated disease localization and segmentation approach based on Fast Region-based Convolutional Neural Network (FRCNN) algorithm with fuzzy k-means (FKM) clustering is presented. The FRCNN is an object detection approach that requires the bounding-box annotations to work; however, datasets do not provide them, therefore, we have generated these annotations through ground-truths. Afterward, FRCNN is...

Computer Modeling in Engineering & Sciences, 2022

To discover and identify the influential nodes in any complex network has been an important issue... more To discover and identify the influential nodes in any complex network has been an important issue. It is a significant factor in order to control over the network. Through control on a network, any information can be spread and stopped in a short span of time. Both targets can be achieved, since network of information can be extended and as well destroyed. So, information spread and community formation have become one of the most crucial issues in the world of SNA (Social Network Analysis). In this work, the complex network of twitter social network has been formalized and results are analyzed. For this purpose, different network metrics have been utilized. Visualization of the network is provided in its original form and then filter out (different percentages) from the network to eliminate the less impacting nodes and edges for better analysis. This network is analyzed according to different centrality measures, like edge-betweenness, betweenness centrality, closeness centrality and eigenvector centrality. Influential nodes are detected and their impact is observed on the network. The communities are analyzed in terms of network coverage considering the Minimum Spanning Tree, shortest path distribution and network diameter. It is found that these are the very effective ways to find influential and central nodes from such big social networks like Facebook, Instagram, Twitter, LinkedIn, etc.

Vehicles, 2021

This article presents a novel methodology to predict the optimal adaptive cruise control set spee... more This article presents a novel methodology to predict the optimal adaptive cruise control set speed profile (ACCSSP) by optimizing the engine operating conditions (EOC) considering vehicle level vectors (VLV) (body parameter, environment, driver behaviour) as the affecting parameters. This paper investigates engine operating conditions (EOC) criteria to develop a predictive model of ACCSSP in real-time. We developed a deep learning (DL) model using the NARX method to predict engine operating point (EOP) mapping the VLV. We used real-world field data obtained from Cadillac test vehicles driven by activating the ACC feature for developing the DL model. We used a realistic set of assumptions to estimate the VLV for the future time steps for the range of allowable speed values and applied them at the input of the developed DL model to generate multiple sets of EOP’s. We imposed the defined EOC criteria on these EOPs, and the top three modes of speeds satisfying all the requirements are d...

2017 IEEE Workshop on Information Forensics and Security (WIFS), 2017

The Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle data communicati... more The Controller Area Network (CAN) bus serves as a legacy protocol for in-vehicle data communication. Simplicity, robustness, and suitability for real-time systems are the salient features of the CAN bus protocol. However, it lacks the basic security features such as massage authentication, which makes it vulnerable to the spoofing attacks. In a CAN network, linking CAN packet to the sender node is a challenging task. This paper aims to address this issue by developing a framework to link each CAN packet to its source. Physical signal attributes of the received packet consisting of channel and node (or device) which contains specific unique artifacts are considered to achieve this goal. Material and design imperfections in the physical channel and digital device, which are the main contributing factors behind the device-channel specific unique artifacts, are leveraged to link the received electrical signal to the transmitter. Generally, the inimitable patterns of signals from each ECUs exist over the course of time that can manifest the stability of the proposed method. Uniqueness of the channel-device specific attributes are also investigated for time-and frequency-domain. Feature vector is made up of both time and frequency domain physical attributes and then employed to train a neural network-based classifier. Performance of the proposed fingerprinting method is evaluated by using a dataset collected from 16 different channels and four identical ECUs transmitting same message. Experimental results indicate that the proposed method achieves correct detection rates of 95.2% and 98.3% for channel and ECU classification, respectively.

IEEE Access, 2020

All major banks in the USA and around the world offer remote check deposit services. Consumers ca... more All major banks in the USA and around the world offer remote check deposit services. Consumers can use their smart phones to deposit checks remotely. This new online check truncation system is vulnerable to a wide range of attacks, including digital check forgery. Shifting trust from a human teller or an automated teller machine (ATM) to a smart device (cell phone) provides new attack surfaces. This paper exploits security vulnerabilities in the existing remote check deposit system and presents an attack vector for existing remote check truncation systems. The proposed attack vector exploits vulnerabilities in the untrusted client-side check-deposit system that enables an attacker to instrument the check deposit application library. The instrumented library allows the attacker to induce digital check forgery with minimized tampering artifacts. It has been observed through this investigation that digital check forgery-based attacks are more powerful than conventional paper-based check forgery attacks. The effectiveness of these attacks is evaluated by targeting three leading banks in United States, finding that all three of the targeted banks are vulnerable to the proposed attacks. A set of countermeasures based on digital check verification is also proposed to combat digital check forgery attacks on existing remote check deposit systems. The proposed countermeasures rely on tamper detection in digital images and expert-system based decision fusion. The effectiveness of the proposed framework is evaluated using tampered check images. The tampered images used for performance evaluation also include set of tampered images used for successfully attacking the remote check deposit systems(being using by leading banks around the world today). Experimental results show that the proposed expert system-based framework is capable of detecting digital check forgery attacks. INDEX TERMS Check truncation system, online banking, remote check deposit, digital check forgery, forgery detection, image forensics, expert system, library instrumentation, JPEG artifacts. AUN IRTAZA received the Ph.D. degree from FAST-NUCES, Islamabad, Pakistan, in 2016. During his Ph.D., he remained working as a research scientist in the Gwangju Institute of Science and Technology (GIST), South Korea. He became an

Proceedings of the 2014 Asia-Pacific Conference on Computer Science and Applications (CSAC 2014), Shanghai, China, 27-28 December 2014, 2015

2012 IEEE Statistical Signal Processing Workshop (SSP), 2012

ABSTRACT Acoustic environment leaves its fingerprint in the audio recording captured in it. Acous... more ABSTRACT Acoustic environment leaves its fingerprint in the audio recording captured in it. Acoustic reverberation and background noise are generally used to characterize an acoustic environment. Acoustic reverberation depends on the shape and the composition of a room, whereas, the background noise can be modeled using a dynamical random process. Inconsistencies in the acoustic environment traces can be used in a forensic and ballistic settings and acoustic environment identification (AEI). We describe a statistical framework to characterize recording environment. The proposed scheme uses inverse filtering to estimate reverberation component and particle filtering to estimate background noise from audio recording. A multi-class support vector machine (SVM) classifier is used for AEI. Experimental results show that the proposed system can successfully identify a recording environment for regular as well as blind AEI.

2013 International Symposium on Biometrics and Security Technologies, 2013

Biometric based access control systems (BACS) are widely used for robust and reliable identity ve... more Biometric based access control systems (BACS) are widely used for robust and reliable identity verification, but these systems also raise some serious privacy concerns. The biometric templates, used for access control process, are stored in the system database which is vulnerable to variety of attacks. This paper presents a two stage solution for securing biometric templates. The proposed method first models the fuzziness of template bits, which is used to select stable template bits. Channel coding based on low density parity check coding is then used to protect selected template against adversary attacks. To enhance the security of the proposed method further, both human irises are used for the access control process. Security performance of the developed algorithm is evaluated using publicly available CASIA database. Simulation results show that the proposed method provides stronger computational security than existing iris template security method.

IEEE Transactions on Information Forensics and Security, 2016

Numerous methods for detecting audio splicing have been proposed. Environmental-signature-based m... more Numerous methods for detecting audio splicing have been proposed. Environmental-signature-based methods are considered to be the most effective forgery detection methods. The performance of existing audio forensic analysis methods is generally measured in the absence of any anti-forensic attack. Effectiveness of these methods in the presence of anti-forensic attacks is therefore unknown. In this paper, we propose an effective anti-forensic attack for environmental-signature-based splicing detection method and countermeasures to detect the presence of the anti-forensic attack. For anti-forensic attack, dereverberation-based processing is proposed. Three dereverberation methods are considered to tamper with the acoustic environment signature. Experimental results indicate that the proposed dereverberation-based anti-forensic attack significantl degrades the performance of the selected splicing detection method. The proposed countermeasures exploit artifacts introduced by the anti-forensic processing. To detect the presence of potential anti-forensic processing, a machine learning-based framework is proposed. Specificall , the proposed anti-forensic detection method uses a rich-feature model consisting of Fourier coefficients spectral properties, high-order statistics of "musical noise" residuals, and modulation spectral coefficient to capture traces of dereverberation attacks. The performance of the proposed framework is evaluated on both synthetic data and realworld speech recordings. The experimental results show that the proposed rich-feature model can detect the presence of antiforensic processing with an average accuracy of 95%.

2022 American Control Conference (ACC)

There is ample evidence in the automotive cybersecurity literature that the car brake ECUs can be... more There is ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed. Motivated by such threat, this paper investigates the capabilities of an adversary who can directly control the frictional brake actuators and would like to induce wheel lockup conditions leading to catastrophic road injuries. This paper demonstrates that the adversary despite having a limited knowledge of the tire-road interaction characteristics has the capability of driving the states of the vehicle traction dynamics to a vicinity of the lockup manifold in a finite time by means of a properly designed attack policy for the frictional brakes. This attack policy relies on employing a predefinedtime controller and a nonlinear disturbance observer acting on the wheel slip error dynamics. Simulations under various road conditions demonstrate the effectiveness of the proposed attack policy.

2022 7th International Conference on Data Science and Machine Learning Applications (CDMA), 2022

2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 2019

Fake audio detection is expected to become an important research area in the field of smart speak... more Fake audio detection is expected to become an important research area in the field of smart speakers such as Google Home, Amazon Echo and chatbots developed for these platforms. This paper presents replay attack vulnerability of voice-driven interfaces and proposes a countermeasure to detect replay attack on these platforms. This paper presents a novel framework to model replay attack distortion, and then use a non-learning-based method for replay attack detection on smart speakers. The reply attack distortion is modeled as a higher-order nonlinearity in the replay attack audio. Higher-order spectral analysis (HOSA) is used to capture characteristics distortions in the replay audio. Effectiveness of the proposed countermeasure scheme is evaluated on original speech as well as corresponding replayed recordings. The replay attack recordings are successfully injected into the Google Home device via Amazon Alexa using the drop-in conferencing feature.

2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 2019

Voice cloning technologies have found applications in a variety of areas ranging from personalize... more Voice cloning technologies have found applications in a variety of areas ranging from personalized speech interfaces to advertisement, robotics, and so on. Existing voice cloning systems are capable of learning speaker characteristics and use trained models to synthesize a person's voice from only a few audio samples. Advances in cloned speech generation technologies are capable of generating perceptually indistinguishable speech from a bona-fide speech. These advances pose new security and privacy threats to voice-driven interfaces and speech-based access control systems. The state-of-the-art speech synthesis technologies use trained or tuned generative models for cloned speech generation. Trained generative models rely on linear operations, learned weights, and excitation source for cloned speech synthesis. These systems leave characteristic artifacts in the synthesized speech. Higher-order spectral analysis is used to capture differentiating attributes between bona-fide and cloned audios. Specifically, quadrature phase coupling (QPC) in the estimated bicoherence, Gaussianity test statistics, and linearity test statistics are used to capture generative model artifacts. Performance of the proposed method is evaluated on cloned audios generated using speaker adaptation-and speaker encoding-based approaches. Experimental results for a dataset consisting of 126 cloned speech and 8 bona-fide speech samples indicate that the proposed method is capable of detecting bona-fide and cloned audios with close to a perfect detection rate.

Developing Charging Infrastructure and Technologies for Electric Vehicles, 2022

Charging infrastructure is a key factor in successful electric vehicle adoption. Charging station... more Charging infrastructure is a key factor in successful electric vehicle adoption. Charging stations are still a fragmented market in terms of ownership, lack of standards, and charging protocols. The increasing decentralised grid has made energy and communication flow bi-directional. Challenges arise in maintaining the increasing decentralised structure, security, and privacy of the network. Blockchain facilitates the interconnectedness of such a distributed and decentralised network. Blockchain's versatility lies in its transparent and immutable decentralized architecture that enables direct transactions between users without the need of a middleman. It provides powerful safeguards against cyberattacks with its advanced cryptography enabling privacy-preserving authentication. This chapter presents a comprehensive review on the application of blockchain technology in EV charging infrastructure such as facilitating the peer-to-peer energy exchange, increased security and privacy, ...

ArXiv, 2018

Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical... more Nowadays with the help of advanced technology, modern vehicles are not only made up of mechanical devices but also consist of highly complex electronic devices and connections to the outside world. There are around 70 Electronic Control Units (ECUs) in modern vehicle which are communicating with each other over the standard communication protocol known as Controller Area Network (CAN-Bus) that provides the communication rate up to 1Mbps. There are different types of in-vehicle network protocol and bus system namely Controlled Area Network (CAN), Local Interconnected Network (LIN), Media Oriented System Transport (MOST), and FlexRay. Even though CAN-Bus is considered as de-facto standard for in-vehicle network communication, it inherently lacks the fundamental security features by design like message authentication. This security limitation has paved the way for adversaries to penetrate into the vehicle network and do malicious activities which can pose a dangerous situation for both...

Compromising lower levels of the computing stack is attractive to attackers since malware that re... more Compromising lower levels of the computing stack is attractive to attackers since malware that resides in layers that span firmware and hardware are notoriously difficult to detect and remove. This trend raises concerns about the security of the system components that we have grown accustomed to trusting, especially as the number of supply chain attacks continues to rise. In this work, we explore the risks associated with application security in the presence of untrusted firmware. We present a novel firmware attack that leverages system management cycles to covertly collect data from the application layer. We show that system interrupts that are used for managing the platform, can be leveraged to extract sensitive application data from outgoing requests even when the HTTPS protocol is used. We evaluate the robustness of our attack under diverse and stressful application usage conditions running on Ubuntu 18.04 and Android 8.1 operating systems. We conduct a proof-of-concept implemen...