Ragib Hasan | University of Alabama at Birmingham (original) (raw)

Papers by Ragib Hasan

Research paper thumbnail of Towards a Threat Model for Fog Computing

2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)

In recent years, the addition of billions of Internet of Thing (IoT) device spawned a massive dem... more In recent years, the addition of billions of Internet of Thing (IoT) device spawned a massive demand for computing service near the edge of the network. Due to latency, limited mobility, and location awareness, cloud computing is not capable enough to serve these devices. As a result, the focus is shifting more towards distributed platform service to put ample computing power near the edge of the networks. Thus, paradigms such as Fog and Edge computing are gaining attention from researchers as well as business stakeholders. Fog computing is a new computing paradigm, which places computing nodes in between the Cloud and the end user to reduce latency and increase availability. As an emerging technology, Fog computing also brings newer security challenges for the stakeholders to solve. Before designing the security models for Fog computing, it is better to understand the existing threats to Fog computing. In this regard, a thorough threat model can significantly help to identify these threats. Threat modeling is a sophisticated engineering process by which a computer-based system is analyzed to discover security flaws. In this paper, we applied two popular security threat modeling processes - CIAA and STRIDE - to identify and analyze attackers, their capabilities and motivations, and a list of potential threats in the context of Fog computing. We posit that such a systematic and thorough discussion of a threat model for Fog computing will help security researchers and professionals to design secure and reliable Fog computing systems.

Research paper thumbnail of Smartphone-based Distracted Pedestrian Localization using Bluetooth Low Energy Beacons

2020 SoutheastCon

Distracted pedestrian behavior is a significant public health concern. Extensive observational an... more Distracted pedestrian behavior is a significant public health concern. Extensive observational and simulated research suggests that distracted pedestrians have a higher risk of injury compared to attentive pedestrians. In the United States alone, an estimated 6,480 pedestrians were killed in traffic crashes in 2017 (5,150 annual average for the past decade), and nearly 200,000 pedestrians were injured. These numbers have been increasing recently, with researchers hypothesizing that distraction by smartphone use may be a major contributor to the increase. One strategy to prevent pedestrian injuries and death would be through intrusive interruptions that warn distracted pedestrians directly on their smartphones. We developed a system, which combines a Bluetooth beacon-based system with a mobile app, to localize the distracted pedestrians when they approach a potentially dangerous traffic intersection.

Research paper thumbnail of Cellcloud: Towards a Cost Effective Formation of Mobile Cloud Based on Bidding Incentive

Services Transactions on Cloud Computing, 2015

Research paper thumbnail of CrowdPick: A Generic Framework for Delivering Service Specific Crowd Infrastructure

2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2020

Crowdsourcing is an efficient and scalable way for the service providers (SP) to provide a broad ... more Crowdsourcing is an efficient and scalable way for the service providers (SP) to provide a broad range of services with a low initial service setup cost. With its growing popularity, people are continuously introducing new crowdsourcing-based applications and searching for suitable crowd platforms for the deployment of those applications as a service. Consequently, a contributor participates in multiple platforms from different SPs and concurrently executes various tasks in a time interval. As the number of SP increases, managing and monitoring each contributor separately becomes a primary challenge for each SP. Moreover, upgrading a service, ensuring service scalability, and migration is tough for any crowd-based service provider. Frequently, a service provider has difficulty finding the appropriate contributors that will satisfy their service specifications. Besides, as a contributor, it is also hard to decide whether or not they should participate in a task offered by an SP. Therefore, in this paper, we introduced CrowdPick, a middleware that provides a crowdsourced platform for the people who want to provide a crowdsourcing-based service. Each SP contacts CrowdPick for initiating any service chooses an appropriate application package from its repository and specifies its service requirements. Instead of joining individually to each SP, the contributor needs to register into CrowdPick. All the tasks associated with services are scheduled and monitored by CrowdPick, and the CrowdPick decides the corresponding monetary incentives. Along with providing a detailed cost-benefit analysis of an SP and a contributor, we describe the service level agreement (SLA) policies. We simulate our model to show that implementing CrowdPick in real life is viable, and beneficial for both an SP and a contributor.

Research paper thumbnail of Bepari: A Cost-aware Comprehensive Agent Architecture for Opaque Cloud Services

2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), 2020

Cloud computing has become popular in various application domains based on infrastructure, platfo... more Cloud computing has become popular in various application domains based on infrastructure, platform, and software as a service model. Rapid deployment, high scalability, on-demand, and (theoretically) infinite resources have driven the industry towards the wide adoption of cloud computing services. However, the difficulty of cross-provider resource allocation and seamless resource transition is a major concern for such services. Therefore, the segregated cloud market forces its clients to use provider-specific and pre-configured options for their required resources and services. Thus, the overall market, even with the presence of multiple cloud service providers, operates as a direct service from the providers to the clients, and with non-negotiable pricing strategies for the cloud services. In this article, we propose Bepari, a cost-driven model for opaque service platforms for cloud computing. Bepari acts as a negotiation-based approach to deliver composite cross-provider cloud-based services to the end-users. Bepari provides a detailed service-oriented architecture for multiple cloud service providers to provide cross-platform and composite services. Furthermore, Bepari delivers a detailed cost model and comparison between establishing a cloud service vs. an opaque cloud service. Our empirical framework allows a Bepari service provider to analyze the profit model and create a market niche accordingly. Simulation results are provided, which validate the efficiency of a negotiated pricing strategy in terms of maximized resource utilization and profits for cloud service providers and cost reduction for the cloud users.

Research paper thumbnail of Secure Location Provenance for Mobile Devices

: Location based services allow mobile device users to access various services based on the users... more : Location based services allow mobile device users to access various services based on the users current physical location information. Path - critical applications, such as supply chain verification, require a chronological ordering of location proofs. It is a significant challenge in distributed and user - centric architectures for users to prove their presence and the path of travel in a privacy - protected and secure manner. So far, proposed schemes for secure location proofs are mostly subject to tampering, not resistant to collusion attacks, do not offer preservation of the provenance, and are not flexible enough for users to prove their provenance of location proofs. In this project, we focused our research on secure location provenance techniques for mobile devices. We created WORAL, a complete ready - to - deploy framework for generating and validating witness oriented asserted location provenance records. The WORAL framework is based a secure asserted location proof proto...

Research paper thumbnail of Malware Secrets: De-Obfuscating in the Cloud

2017 IEEE 10th International Conference on Cloud Computing (CLOUD), 2017

Malicious software, universally known as malware, is typically used to cause disruption as it tri... more Malicious software, universally known as malware, is typically used to cause disruption as it tries to steal sensitive information such as passwords, credit card numbers and other pertinent information. Malware infections have increased tremendously over the last decade. Recent reports indicate that around 70% of malware infections go undetected by the antivirus software. The infections that remain undetected fall into the category of zero-day malware, which is defined as malware that is new and is essentially an undiscovered and undisclosed threat. Furthermore, its substructure or the functioning has not been understood, and no signatures have been defined to distinguish the zero-day malware from others. Moreover, an average enterprise receives 17,000 malware alerts per week, and if 70% goes undetected, then one is certain to be infected by the zero-day malware every week. Therefore, the low detection rates and increasing vulnerabilities have created an unmet need for the researche...

Research paper thumbnail of InSight: A Bluetooth Beacon-based Ad-hoc Emergency Alert System for Smart Cities

2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), 2021

The purpose of alerts and warnings is to provide necessary information to the public that will le... more The purpose of alerts and warnings is to provide necessary information to the public that will lead to their safety in emergencies. The nation's alerting capabilities need to evolve and progress with the extensive use of smartphones, and newer technologies become available, especially to be more precisely targeted to sub-populations at risk. Historically, this has been a challenge as the delivery of alerts and warning messages to the public is primarily through broadcast media and signs. However, deploying such signs takes time and may not be visible to people imminent of natural hazards. Especially for road closing, marking hazards, emergency evacuation, etc., it would be beneficial to have an easy-to-deploy and automated alert/warning system that requires no line of sight. To this end, we have developed Insight - a Bluetooth beacon-based system that uses a smartphone application to sense signals from beacons marking hazard zones. The system does not require any Internet or communication infrastructure and therefore, it is resilient to breakdowns in communications during disasters. To demonstrate the feasibility of Insight, we conducted a study in an urban university campus location. The system demonstrated adequate usability and feasibility.

Research paper thumbnail of IoTbed: A Generic Architecture for Testbed as a Service for Internet of Things-Based Systems

2017 IEEE International Congress on Internet of Things (ICIOT), 2017

Research paper thumbnail of StreetBit: A Bluetooth Beacon-based Personal Safety Application for Distracted Pedestrians

2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), 2021

Research paper thumbnail of P-HIP: A Lightweight and Privacy-Aware Host Identity Protocol for Internet of Things

IEEE Internet of Things Journal, 2021

The host identity protocol (HIP) has emerged as the most suitable solution to uniquely identify s... more The host identity protocol (HIP) has emerged as the most suitable solution to uniquely identify smart devices in the mobile and distributed Internet-of-Things (IoT) systems, such as smart cities, homes, cars, and healthcare. The HIP provides authentication methods that enable secure communications between HIP peers. However, the authentication methods provided by the HIP cannot be adopted by the IoT devices with limited processing power because of the computation-intensive cryptographic operations involved in hash generation, signature validation, and session-key establishment. Moreover, IoT devices cannot utilize the HIP as is to communicate securely in the low power and lossy networks as there is a considerable communication overhead, such as packet fragmentation and reassembly, for exchanging certificates over a lossy link. Additionally, the use of static host identifiers makes IoT devices vulnerable to cyber espionage and user-targeted attacks. In this article, we propose an authentication scheme, P-HIP, that protects the identity privacy of an IoT device by enabling the device to compute and use unique host identifiers from networks to networks and sessions to sessions. To make the HIP suitable for resource-constrained IoT devices, P-HIP provides methods that unburden IoT devices from computation-intensive operations, such as modular exponentiation, involved in authentication and session-key exchange. Additionally, P-HIP minimizes the communication overheads for exchanging certificates in lossy networks. We implement a prototype of P-HIP on Contiki-enabled IoT that shows P-HIP can reduce computation costs, communication overheads, and the session-key establishment time when used by low-powered devices in a lossy network.

Research paper thumbnail of CACROS: A Context-Aware Cloud Content Roaming Service

2016 IEEE International Conference on Smart Cloud (SmartCloud), 2016

Research paper thumbnail of Developing Hands-on Labware for Emerging Database Security

Proceedings of the 17th Annual Conference on Information Technology Education, 2016

Database systems are at the heart of modern information systems and have become primary targets o... more Database systems are at the heart of modern information systems and have become primary targets of cyber-attacks. With the advent of mobile and big data computing, new database models and systems, such as mobile and NoSQL databases, have been emerging and gaining popularity. These new database systems contain similar crucial vulnerabilities as traditional database systems' along with new and unique security challenges. However, neither mobile and NoSQL database system security education is well-represented in current computing curriculum or educational materials are readily available. This paper presents our ongoing work on developing a set of innovative Role Based Security Labware for Emerging Database Systems (REALAB) for teaching real-world mobile and NoSQL database security threat analysis and defense. We first review the security challenges in these databases and then we discuss and evaluate existing hands-on exercises of cyber security education. After that we present a list of proposed mobile and NoSQL database security hands-on labs and use a SQLite Injection lab as an example to illustrate the design of the proposed labs offered by REALAB. Student survey results validate the importance and feasibility of REALAB for enhancing current database cyber security education and increasing qualified database security workforce

Research paper thumbnail of SEPIA: Secure-PIN-Authentication-as-a-Service for ATM Using Mobile and Wearable Devices

2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, 2015

Research paper thumbnail of The Story of Naive Alice: Behavioral Analysis of Susceptible Internet Users

2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016

Research paper thumbnail of Trustworthy Digital Forensics in the Cloud

Research paper thumbnail of VFbed: An Architecture for Testbed-as-a-Service for Vehicular Fog-based Systems

2020 IEEE 6th World Forum on Internet of Things (WF-IoT), 2020

In recent years, vehicles are becoming smart with sensing, computing, and communication capabilit... more In recent years, vehicles are becoming smart with sensing, computing, and communication capabilities. Hence, different vehicular networking paradigms are becoming popular in numerous use cases related to vehicle safety and driving assistance. Before incorporating into real-world vehicles, these applications must be tested and validated. However, developing and testing vehicular applications are challenging for newer computing paradigms such as vehicular fog, due to high cost and maintenance issues to run the applications on real vehicles in various traffic scenarios. Understanding and modeling the network protocol is also tricky for the same reason. In this paper, we have proposed VFbed, a vehicular fog testbed to allow easy and secure access to researchers for running experiments on vehicular fog architecture. In our proposed testbed, we have used wheeled robots to represent real vehicles for generating different traffic scenarios, which can be used to test various vehicular fog applications and network protocols. We have also provided a rating based incentive model for the testbed devices to draw the interest of the testbed providers.

Research paper thumbnail of Reducing distracted pedestrian behavior using Bluetooth beacon technology: A crossover trial

Accident Analysis & Prevention, 2021

BACKGROUND The number of fatal pedestrian injuries in the United States has steadily increased ov... more BACKGROUND The number of fatal pedestrian injuries in the United States has steadily increased over the past decade. Multiple factors likely contribute to this trend, but the growth of pedestrians distracted by mobile devices is widely hypothesized to play a major role. Existing strategies to reduce distracted pedestrian behavior are few and mostly ineffective. The present study evaluated StreetBit, a mostly-passive primary prevention program to reduce distracted pedestrian behavior by alerting distracted pedestrians directly on their smartphone when they approach an intersection, reminding them to attend to traffic as they crossed. METHODS 385 individuals who regularly crossed a target street corner at an urban university downloaded StreetBit on their phones and participated in a crossover design study whereby the app was inactive for 3 weeks (baseline behavior phase), actively provided alerts for 3 weeks (intervention phase), and then was inactive again for 4 weeks (post-intervention phase). User distraction while crossing the intersection was collected electronically for a total of 34,923 street-crossing events throughout the 10-week study. RESULTS In crude (unadjusted) models, participant distraction was similar across all phases of the research; this result was maintained after adjusting for potential covariates as well as after conducting a sensitivity analysis limited to data from only week 3 of each study intervention phase. In a model stratified by phone/warning type and baseline distraction rates, Android phone users who received a warning that blocked the full screen and had a high baseline distraction rate (≥75% distracted crossings) had a 64% decreased odds of distraction during the alert phase (OR 0.36, 95% CI 0.25-0.51) and a 52% decreased odds of distraction during the post-intervention phase (OR 0.48, 95% CI 0.25-0.94). Users reported positive impressions about the StreetBit app in a post-intervention survey. DISCUSSION StreetBit, an innovative app designed to prevent distracted pedestrian behavior through a mostly-passive primary prevention strategy relying on intrusive reminders, proved effective among smartphone users who received a warning blocking the full screen and who were frequently distracted at baseline, but not among other users. The results appear to reflect the confluence of two influencing factors. First, due to software development limitations, visually-distracted Android users received a highly intrusive app warning that blocked their smartphone screen whereas iOS users received a less intrusive banner notification blocking a small upper portion of the screen. Second, most users were curious to see if the app was functioning properly, creating artificially-inflated estimates of distraction as users purposefully watched their phones when crossing. Thus, our results indicate promise for StreetBit as an effective intervention and warrant continued software development and empirical testing.

Research paper thumbnail of Towards an Analysis of the Architecture, Security, and Privacy Issues in Vehicular Fog Computing

Research paper thumbnail of SECAP: Towards Securing Application Provenance in the Cloud

2016 IEEE 9th International Conference on Cloud Computing (CLOUD), 2016

Provenance for an application can provide important insights about the behavior and life cycle of... more Provenance for an application can provide important insights about the behavior and life cycle of the application. However, currently, there are no provenance management systems which collect and preserve provenance records securely for the applications running in a virtual machine hosted on the cloud. Moreover, the black-box nature of clouds and the possibility of cloud providers being malicious can make the secure application provenance management challenging. In this paper, we analyze the threats on trustworthy application provenance in the context of clouds while considering the collusion between users and cloud providers. Based on this threat model, we present the SECure Application Provenance (SECAP) scheme, which ensures the required integrity and confidentiality properties for application provenance efficiently. We evaluate the performance of the SECAP scheme on an OpenStack-based cloud. The experimental results suggest that SECAP performs better than several other state-of-the-art secure provenance schemes in terms of time and space requirements.

Research paper thumbnail of Towards a Threat Model for Fog Computing

2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)

In recent years, the addition of billions of Internet of Thing (IoT) device spawned a massive dem... more In recent years, the addition of billions of Internet of Thing (IoT) device spawned a massive demand for computing service near the edge of the network. Due to latency, limited mobility, and location awareness, cloud computing is not capable enough to serve these devices. As a result, the focus is shifting more towards distributed platform service to put ample computing power near the edge of the networks. Thus, paradigms such as Fog and Edge computing are gaining attention from researchers as well as business stakeholders. Fog computing is a new computing paradigm, which places computing nodes in between the Cloud and the end user to reduce latency and increase availability. As an emerging technology, Fog computing also brings newer security challenges for the stakeholders to solve. Before designing the security models for Fog computing, it is better to understand the existing threats to Fog computing. In this regard, a thorough threat model can significantly help to identify these threats. Threat modeling is a sophisticated engineering process by which a computer-based system is analyzed to discover security flaws. In this paper, we applied two popular security threat modeling processes - CIAA and STRIDE - to identify and analyze attackers, their capabilities and motivations, and a list of potential threats in the context of Fog computing. We posit that such a systematic and thorough discussion of a threat model for Fog computing will help security researchers and professionals to design secure and reliable Fog computing systems.

Research paper thumbnail of Smartphone-based Distracted Pedestrian Localization using Bluetooth Low Energy Beacons

2020 SoutheastCon

Distracted pedestrian behavior is a significant public health concern. Extensive observational an... more Distracted pedestrian behavior is a significant public health concern. Extensive observational and simulated research suggests that distracted pedestrians have a higher risk of injury compared to attentive pedestrians. In the United States alone, an estimated 6,480 pedestrians were killed in traffic crashes in 2017 (5,150 annual average for the past decade), and nearly 200,000 pedestrians were injured. These numbers have been increasing recently, with researchers hypothesizing that distraction by smartphone use may be a major contributor to the increase. One strategy to prevent pedestrian injuries and death would be through intrusive interruptions that warn distracted pedestrians directly on their smartphones. We developed a system, which combines a Bluetooth beacon-based system with a mobile app, to localize the distracted pedestrians when they approach a potentially dangerous traffic intersection.

Research paper thumbnail of Cellcloud: Towards a Cost Effective Formation of Mobile Cloud Based on Bidding Incentive

Services Transactions on Cloud Computing, 2015

Research paper thumbnail of CrowdPick: A Generic Framework for Delivering Service Specific Crowd Infrastructure

2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2020

Crowdsourcing is an efficient and scalable way for the service providers (SP) to provide a broad ... more Crowdsourcing is an efficient and scalable way for the service providers (SP) to provide a broad range of services with a low initial service setup cost. With its growing popularity, people are continuously introducing new crowdsourcing-based applications and searching for suitable crowd platforms for the deployment of those applications as a service. Consequently, a contributor participates in multiple platforms from different SPs and concurrently executes various tasks in a time interval. As the number of SP increases, managing and monitoring each contributor separately becomes a primary challenge for each SP. Moreover, upgrading a service, ensuring service scalability, and migration is tough for any crowd-based service provider. Frequently, a service provider has difficulty finding the appropriate contributors that will satisfy their service specifications. Besides, as a contributor, it is also hard to decide whether or not they should participate in a task offered by an SP. Therefore, in this paper, we introduced CrowdPick, a middleware that provides a crowdsourced platform for the people who want to provide a crowdsourcing-based service. Each SP contacts CrowdPick for initiating any service chooses an appropriate application package from its repository and specifies its service requirements. Instead of joining individually to each SP, the contributor needs to register into CrowdPick. All the tasks associated with services are scheduled and monitored by CrowdPick, and the CrowdPick decides the corresponding monetary incentives. Along with providing a detailed cost-benefit analysis of an SP and a contributor, we describe the service level agreement (SLA) policies. We simulate our model to show that implementing CrowdPick in real life is viable, and beneficial for both an SP and a contributor.

Research paper thumbnail of Bepari: A Cost-aware Comprehensive Agent Architecture for Opaque Cloud Services

2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), 2020

Cloud computing has become popular in various application domains based on infrastructure, platfo... more Cloud computing has become popular in various application domains based on infrastructure, platform, and software as a service model. Rapid deployment, high scalability, on-demand, and (theoretically) infinite resources have driven the industry towards the wide adoption of cloud computing services. However, the difficulty of cross-provider resource allocation and seamless resource transition is a major concern for such services. Therefore, the segregated cloud market forces its clients to use provider-specific and pre-configured options for their required resources and services. Thus, the overall market, even with the presence of multiple cloud service providers, operates as a direct service from the providers to the clients, and with non-negotiable pricing strategies for the cloud services. In this article, we propose Bepari, a cost-driven model for opaque service platforms for cloud computing. Bepari acts as a negotiation-based approach to deliver composite cross-provider cloud-based services to the end-users. Bepari provides a detailed service-oriented architecture for multiple cloud service providers to provide cross-platform and composite services. Furthermore, Bepari delivers a detailed cost model and comparison between establishing a cloud service vs. an opaque cloud service. Our empirical framework allows a Bepari service provider to analyze the profit model and create a market niche accordingly. Simulation results are provided, which validate the efficiency of a negotiated pricing strategy in terms of maximized resource utilization and profits for cloud service providers and cost reduction for the cloud users.

Research paper thumbnail of Secure Location Provenance for Mobile Devices

: Location based services allow mobile device users to access various services based on the users... more : Location based services allow mobile device users to access various services based on the users current physical location information. Path - critical applications, such as supply chain verification, require a chronological ordering of location proofs. It is a significant challenge in distributed and user - centric architectures for users to prove their presence and the path of travel in a privacy - protected and secure manner. So far, proposed schemes for secure location proofs are mostly subject to tampering, not resistant to collusion attacks, do not offer preservation of the provenance, and are not flexible enough for users to prove their provenance of location proofs. In this project, we focused our research on secure location provenance techniques for mobile devices. We created WORAL, a complete ready - to - deploy framework for generating and validating witness oriented asserted location provenance records. The WORAL framework is based a secure asserted location proof proto...

Research paper thumbnail of Malware Secrets: De-Obfuscating in the Cloud

2017 IEEE 10th International Conference on Cloud Computing (CLOUD), 2017

Malicious software, universally known as malware, is typically used to cause disruption as it tri... more Malicious software, universally known as malware, is typically used to cause disruption as it tries to steal sensitive information such as passwords, credit card numbers and other pertinent information. Malware infections have increased tremendously over the last decade. Recent reports indicate that around 70% of malware infections go undetected by the antivirus software. The infections that remain undetected fall into the category of zero-day malware, which is defined as malware that is new and is essentially an undiscovered and undisclosed threat. Furthermore, its substructure or the functioning has not been understood, and no signatures have been defined to distinguish the zero-day malware from others. Moreover, an average enterprise receives 17,000 malware alerts per week, and if 70% goes undetected, then one is certain to be infected by the zero-day malware every week. Therefore, the low detection rates and increasing vulnerabilities have created an unmet need for the researche...

Research paper thumbnail of InSight: A Bluetooth Beacon-based Ad-hoc Emergency Alert System for Smart Cities

2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), 2021

The purpose of alerts and warnings is to provide necessary information to the public that will le... more The purpose of alerts and warnings is to provide necessary information to the public that will lead to their safety in emergencies. The nation's alerting capabilities need to evolve and progress with the extensive use of smartphones, and newer technologies become available, especially to be more precisely targeted to sub-populations at risk. Historically, this has been a challenge as the delivery of alerts and warning messages to the public is primarily through broadcast media and signs. However, deploying such signs takes time and may not be visible to people imminent of natural hazards. Especially for road closing, marking hazards, emergency evacuation, etc., it would be beneficial to have an easy-to-deploy and automated alert/warning system that requires no line of sight. To this end, we have developed Insight - a Bluetooth beacon-based system that uses a smartphone application to sense signals from beacons marking hazard zones. The system does not require any Internet or communication infrastructure and therefore, it is resilient to breakdowns in communications during disasters. To demonstrate the feasibility of Insight, we conducted a study in an urban university campus location. The system demonstrated adequate usability and feasibility.

Research paper thumbnail of IoTbed: A Generic Architecture for Testbed as a Service for Internet of Things-Based Systems

2017 IEEE International Congress on Internet of Things (ICIOT), 2017

Research paper thumbnail of StreetBit: A Bluetooth Beacon-based Personal Safety Application for Distracted Pedestrians

2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), 2021

Research paper thumbnail of P-HIP: A Lightweight and Privacy-Aware Host Identity Protocol for Internet of Things

IEEE Internet of Things Journal, 2021

The host identity protocol (HIP) has emerged as the most suitable solution to uniquely identify s... more The host identity protocol (HIP) has emerged as the most suitable solution to uniquely identify smart devices in the mobile and distributed Internet-of-Things (IoT) systems, such as smart cities, homes, cars, and healthcare. The HIP provides authentication methods that enable secure communications between HIP peers. However, the authentication methods provided by the HIP cannot be adopted by the IoT devices with limited processing power because of the computation-intensive cryptographic operations involved in hash generation, signature validation, and session-key establishment. Moreover, IoT devices cannot utilize the HIP as is to communicate securely in the low power and lossy networks as there is a considerable communication overhead, such as packet fragmentation and reassembly, for exchanging certificates over a lossy link. Additionally, the use of static host identifiers makes IoT devices vulnerable to cyber espionage and user-targeted attacks. In this article, we propose an authentication scheme, P-HIP, that protects the identity privacy of an IoT device by enabling the device to compute and use unique host identifiers from networks to networks and sessions to sessions. To make the HIP suitable for resource-constrained IoT devices, P-HIP provides methods that unburden IoT devices from computation-intensive operations, such as modular exponentiation, involved in authentication and session-key exchange. Additionally, P-HIP minimizes the communication overheads for exchanging certificates in lossy networks. We implement a prototype of P-HIP on Contiki-enabled IoT that shows P-HIP can reduce computation costs, communication overheads, and the session-key establishment time when used by low-powered devices in a lossy network.

Research paper thumbnail of CACROS: A Context-Aware Cloud Content Roaming Service

2016 IEEE International Conference on Smart Cloud (SmartCloud), 2016

Research paper thumbnail of Developing Hands-on Labware for Emerging Database Security

Proceedings of the 17th Annual Conference on Information Technology Education, 2016

Database systems are at the heart of modern information systems and have become primary targets o... more Database systems are at the heart of modern information systems and have become primary targets of cyber-attacks. With the advent of mobile and big data computing, new database models and systems, such as mobile and NoSQL databases, have been emerging and gaining popularity. These new database systems contain similar crucial vulnerabilities as traditional database systems' along with new and unique security challenges. However, neither mobile and NoSQL database system security education is well-represented in current computing curriculum or educational materials are readily available. This paper presents our ongoing work on developing a set of innovative Role Based Security Labware for Emerging Database Systems (REALAB) for teaching real-world mobile and NoSQL database security threat analysis and defense. We first review the security challenges in these databases and then we discuss and evaluate existing hands-on exercises of cyber security education. After that we present a list of proposed mobile and NoSQL database security hands-on labs and use a SQLite Injection lab as an example to illustrate the design of the proposed labs offered by REALAB. Student survey results validate the importance and feasibility of REALAB for enhancing current database cyber security education and increasing qualified database security workforce

Research paper thumbnail of SEPIA: Secure-PIN-Authentication-as-a-Service for ATM Using Mobile and Wearable Devices

2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, 2015

Research paper thumbnail of The Story of Naive Alice: Behavioral Analysis of Susceptible Internet Users

2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016

Research paper thumbnail of Trustworthy Digital Forensics in the Cloud

Research paper thumbnail of VFbed: An Architecture for Testbed-as-a-Service for Vehicular Fog-based Systems

2020 IEEE 6th World Forum on Internet of Things (WF-IoT), 2020

In recent years, vehicles are becoming smart with sensing, computing, and communication capabilit... more In recent years, vehicles are becoming smart with sensing, computing, and communication capabilities. Hence, different vehicular networking paradigms are becoming popular in numerous use cases related to vehicle safety and driving assistance. Before incorporating into real-world vehicles, these applications must be tested and validated. However, developing and testing vehicular applications are challenging for newer computing paradigms such as vehicular fog, due to high cost and maintenance issues to run the applications on real vehicles in various traffic scenarios. Understanding and modeling the network protocol is also tricky for the same reason. In this paper, we have proposed VFbed, a vehicular fog testbed to allow easy and secure access to researchers for running experiments on vehicular fog architecture. In our proposed testbed, we have used wheeled robots to represent real vehicles for generating different traffic scenarios, which can be used to test various vehicular fog applications and network protocols. We have also provided a rating based incentive model for the testbed devices to draw the interest of the testbed providers.

Research paper thumbnail of Reducing distracted pedestrian behavior using Bluetooth beacon technology: A crossover trial

Accident Analysis & Prevention, 2021

BACKGROUND The number of fatal pedestrian injuries in the United States has steadily increased ov... more BACKGROUND The number of fatal pedestrian injuries in the United States has steadily increased over the past decade. Multiple factors likely contribute to this trend, but the growth of pedestrians distracted by mobile devices is widely hypothesized to play a major role. Existing strategies to reduce distracted pedestrian behavior are few and mostly ineffective. The present study evaluated StreetBit, a mostly-passive primary prevention program to reduce distracted pedestrian behavior by alerting distracted pedestrians directly on their smartphone when they approach an intersection, reminding them to attend to traffic as they crossed. METHODS 385 individuals who regularly crossed a target street corner at an urban university downloaded StreetBit on their phones and participated in a crossover design study whereby the app was inactive for 3 weeks (baseline behavior phase), actively provided alerts for 3 weeks (intervention phase), and then was inactive again for 4 weeks (post-intervention phase). User distraction while crossing the intersection was collected electronically for a total of 34,923 street-crossing events throughout the 10-week study. RESULTS In crude (unadjusted) models, participant distraction was similar across all phases of the research; this result was maintained after adjusting for potential covariates as well as after conducting a sensitivity analysis limited to data from only week 3 of each study intervention phase. In a model stratified by phone/warning type and baseline distraction rates, Android phone users who received a warning that blocked the full screen and had a high baseline distraction rate (≥75% distracted crossings) had a 64% decreased odds of distraction during the alert phase (OR 0.36, 95% CI 0.25-0.51) and a 52% decreased odds of distraction during the post-intervention phase (OR 0.48, 95% CI 0.25-0.94). Users reported positive impressions about the StreetBit app in a post-intervention survey. DISCUSSION StreetBit, an innovative app designed to prevent distracted pedestrian behavior through a mostly-passive primary prevention strategy relying on intrusive reminders, proved effective among smartphone users who received a warning blocking the full screen and who were frequently distracted at baseline, but not among other users. The results appear to reflect the confluence of two influencing factors. First, due to software development limitations, visually-distracted Android users received a highly intrusive app warning that blocked their smartphone screen whereas iOS users received a less intrusive banner notification blocking a small upper portion of the screen. Second, most users were curious to see if the app was functioning properly, creating artificially-inflated estimates of distraction as users purposefully watched their phones when crossing. Thus, our results indicate promise for StreetBit as an effective intervention and warrant continued software development and empirical testing.

Research paper thumbnail of Towards an Analysis of the Architecture, Security, and Privacy Issues in Vehicular Fog Computing

Research paper thumbnail of SECAP: Towards Securing Application Provenance in the Cloud

2016 IEEE 9th International Conference on Cloud Computing (CLOUD), 2016

Provenance for an application can provide important insights about the behavior and life cycle of... more Provenance for an application can provide important insights about the behavior and life cycle of the application. However, currently, there are no provenance management systems which collect and preserve provenance records securely for the applications running in a virtual machine hosted on the cloud. Moreover, the black-box nature of clouds and the possibility of cloud providers being malicious can make the secure application provenance management challenging. In this paper, we analyze the threats on trustworthy application provenance in the context of clouds while considering the collusion between users and cloud providers. Based on this threat model, we present the SECure Application Provenance (SECAP) scheme, which ensures the required integrity and confidentiality properties for application provenance efficiently. We evaluate the performance of the SECAP scheme on an OpenStack-based cloud. The experimental results suggest that SECAP performs better than several other state-of-the-art secure provenance schemes in terms of time and space requirements.