Hatem A . Rashwan | Universitat Rovira i Virgili (original) (raw)
Papers by Hatem A . Rashwan
The Internet has been repeatedly demonstrated to be insufficiently secure for transferring sensit... more The Internet has been repeatedly demonstrated to be insufficiently secure for transferring sensitive information worldwide. This insecurity is an inherent characteristic as the Internet did not make any security considerations in its initial design. Rather, as is famously known, it was designed to connect "mutually trusting users". Such void motivated a long and extensive history of a variety of trust measures to secure Internet communications at its different levels or layers. To date, however, the proposed security measures have been identified as computationally demanding, especially as they utilize cryptographic computations. In light of the evolution of the Internet-of-Things (IoT) and therefore the growing reliance on elements with limited capabilities (in terms of computing and/or energy), facilitating security becomes an equally increasing challenge. Such elements include embedded systems, sensors/actuators, small-scale mobile and wireless devices, in addition to various elements utilized in real-time and/or delay-critical applications. Considerations must therefore be made for addressing the computational challenge while providing the required security. In the meanwhile, any meaningful security solution must be global (i.e., Internet-wide) in its operation. Our objective in this thesis is to demonstrate that an adaptive, end-to-end security solution for the next generation Internet is viable. Integral to our thesis is a holistic and innovative proposal for a Context-Aware and Real-time Entrustment framework or (CARE). The framework comprises a set of security components and modules designed to satisfy the observed and expected needs of next generation computing networks and their elements. While introducing the components and operations of our framework, we showcase how they can help into providing security services for the futuristic NGI communication trends. We then introduce a new approach in empirical analysis for cryptographic functions through which their use of computation resource can be identified and/or predicted. The outcome of this approach is applied in designing a robust security adaptation strategy for the CARE ii framework. A complementary resource-aide system is also presented in order to facilitate the secure endto-end operation. iii Dedication To my caring parents, Mohammad and Mona, …to my treasured wife, Hiba, …to my wonderful kids, Yusuf, Saif, and the not yet born Mustafa, …to my beloved siblings:
A visionbased 3D scene analysis system is described that is capable to model complex realworld sc... more A visionbased 3D scene analysis system is described that is capable to model complex realworld scenes like old building, bridges and vestiges automatically from a sequence of calibrated images. Input to the system is a sequence of calibrated stereoscopic images which can be taken with a hand held camera. The camera is then moved throughout the scene and a long sequence of closely spaced views is recorded. A multi-view algorithm is used to link the corresponding points along a sequence of images. 3D model is reconstructed using triangulation directly from the image sequence, which allows fusing 3D surface measurements from different viewpoints into a consistent 3D model scene using a Kalman filter. The surface geometry of each scene object is approximated by a triangular surface mesh which stores the surface texture in a texture map. From the textured 3D models, realistic looking image sequences from arbitrary view points can be used in many applications. We demonstrate the successful application of the approach to several outdoor image sequences for some famous Egyptian vestiges in a framework that aims to electronically document Egypts cultural and natural heritage.
arXiv (Cornell University), Jul 30, 2018
In this paper, an optic disc and cup segmentation method is proposed using U-Net followed by a mu... more In this paper, an optic disc and cup segmentation method is proposed using U-Net followed by a multi-scale feature matching network. The proposed method targets task 2 of the REFUGE challenge 2018. In order to solve the segmentation problem of task 2, we firstly crop the input image using single shot multibox detector (SSD). The cropped image is then passed to an encoder-decoder network with skip connections also known as generator. Afterwards, both the ground truth and generated images are fed to a convolution neural network (CNN) to extract their multi-level features. A dice loss function is then used to match the features of the two images by minimizing the error at each layer. The aggregation of error from each layer is back-propagated through the generator network to enforce it to generate a segmented image closer to the ground truth. The CNN network improves the performance of the generator network without increasing the complexity of the model.
Mobile computing proved to be essential in today's cyber communications. However, entities in mob... more Mobile computing proved to be essential in today's cyber communications. However, entities in mobile computing are known of having limited energy, physical, and logical resources. This imposes various challenges that greatly affect communication quality and performance of those mobile entities, especially when applying computationally-intensive security measures that are essential for protecting the communication sessions. Therefore, it becomes vital to seek suitable security techniques that balance between the communication performance and the resource context of those mobile entities. In this paper, we introduce the use of external aiding entities to assist in securing communications between feature-limited and resource-challenged next-generation mobile entities. We start with outlining different resource aiding approaches that help in securing communications. Then we discuss, in brief, both the design criteria and directions for a security resource aider. We, in the end, outline some of the challenges toward using security resource aiding in mobile and next generation communications.
The Industrial Internet-of-Things (IIoT) has gained significant interest from both the research a... more The Industrial Internet-of-Things (IIoT) has gained significant interest from both the research and industry communities. Such interest came with a vision towards enabling automation and intelligence for futuristic versions of our day to day devices. However, such a vision demands the need for accelerated research and development of IIoT systems, in which sensor integration, due to their diversity, impose a significant roadblock. Such roadblocks are embodied in both the cost and time to develop an IIoT platform, imposing limits on the innovation of sensor manufacturers, as a result of the demand to maintain interface compatibility for seamless integration and low development costs. In this paper, we propose an IIoT system architecture (SandBoxer) tailored for sensor integration, that utilizes a collaborative set of efforts from various technologies and research fields. The paper introduces the concept of "development-sandboxing" as a viable choice towards building the foundation for enabling true-plug-and-play IIoT. We start by outlining the key characteristics desired to create an architecture that catalyzes IIoT research and development. We then present our vision of the architecture through the use of a sensor-hosted EEPROM and scripting to "sandbox" the sensors, which in turn accelerates sensor integration for developers and creates a broader innovation path for sensor manufacturers. We also discuss multiple design alternative, challenges, and use cases in both the research and industry.
The IoT industry involves a wide diversity of sensing and control transducers, each using a diffe... more The IoT industry involves a wide diversity of sensing and control transducers, each using a different type of interfacing and operation technology. Such diversity creates a wide range of challenges to large-scale IoT development and deployment. Despite the numerous research efforts in current literature that aim to provide solutions for IoT transducer interfacing, there remains a massive lack of critical features that enable the broad adoption for large-scale applications. In this paper, we introduce a dynamic transducer interface, WhiteBus, that has the simplicity of bare-metal interfacing for IoT developers yet offers low-cost transducer integration flexibility for the manufacturers. WhiteBus exposes multiple peripherals from an IoT device to the connected transducers using a compact bus interface, mapping only the peripherals required by each transducer. Thus allowing manufacturers to reduce the time to market and reach a larger adoption audience without the need for integrating complex interfacing controllers, instead, only adding a memory unit to the transducer. We illustrate WhiteBus architecture and operational flow while outlining how it simplifies the integration and improves the cost-effectiveness for both IoT transducer manufacturers and platform developers. We then qualitatively compare WhiteBus with selected interfacing efforts for IoT, illustrating their essential differences and noting WhiteBus applicability in the IoT industry.
HAL (Le Centre pour la Communication Scientifique Directe), Apr 23, 2017
As 3D data is getting more popular, techniques for retrieving a particular 3D model are necessary... more As 3D data is getting more popular, techniques for retrieving a particular 3D model are necessary. We want to recognize a 3D model from a single photograph; as any user can easily get an image of a model he/she would like to find, requesting by an image is indeed simple and natural. However, a 2D intensity image is relative to viewpoint, texture and lighting condition and thus matching with a 3D geometric model is very challenging. This paper proposes a first step towards matching a 2D image to models, based on features repeatable in 2D images and in depth images (generated from 3D models); we show their independence to textures and lighting. Then, the detected features are matched to recognize 3D models by combining HOG (Histogram Of Gradients) descriptors and repeatability scores. The proposed methods reaches a recognition rate of 72% among 12 3D objects categories, and outperforms classical feature detection techniques for recognizing 3D models using a single image.
International journal of computer and technology, Oct 15, 2013
The concept of Public key cryptosystems based on error correcting codes was invented by McEliece ... more The concept of Public key cryptosystems based on error correcting codes was invented by McEliece in 1978. In 1991 Gabidulin, Paramonov and Tretjakov proposed a new version of the McEliece cryptosystem (GPT) based on maximum rank distance codes instead of hamming distance codes. Respective structural attacks against different variants of the GPT cryptosystem were proposed by Gibson and lately by Overbeck. The Overbeck attack breaks all variants of the GPT cryptosystem and is turned out to be either polynomial or exponential depending on parameters of the cryptosystem. Furthermore, In 2013, Gaborit et al. have presented a decoding attack against the parameters of the simple variant of the GPT cryptosystem which were demonstrated to combat the GPT cryptosystem against Overbeck's attack. In this paper, we introduce two new secure approaches against both the structural (Overbeck's attack) and decoding (brute force) attacks. The first one is called Distortion Matrix Approach (DMA), and the second is called Advanced Approach for Reducible Rank Codes (ARC). The DMA based on proper choice of a distortion matrix X , while, the ARC based on a proper choice of a scramble matrix P. Furthermore, we evaluate the simple variant of GPT cryptosystem against Gaborit et al. attack and demonstrate a new set of parameters which are secure against all known attacks. Our results show the proposed approaches combat the structural and decoding attacks with a large reduction in the key size in comparison to the original McEliece cryptosystem.
Communication security measures are becoming prominent standards of next generation mobile networ... more Communication security measures are becoming prominent standards of next generation mobile networks. These measures usually involve resource-intensive cryptographic operations that can greatly affect communication performance, particularly when it comes to time-based guarantees such as delay and jitter. It this becomes vital to understand the computational characteristics of such operations from a communication perspective. The determination of these characteristics, however, is challenging with mobile computing as computational resources are dynamically managed for balanced performance and energy-efficiency. This paper investigates different mobile computing resource management features, and evaluates their impact on the evaluation of cryptographic functions used in message authentication, and on the design considerations for future context-aware security protocols.
The objective of this paper is to describe an approach to detect the slip and contact force in re... more The objective of this paper is to describe an approach to detect the slip and contact force in real-time feedback. In this novel approach DAVIS camera used as a vision tactile sensor due to its fast process speed and high resolution. Two hundred experiments were performed on four objects with different shape, size, weight and material to compare the accuracy and respond of the Baxter robot grippers to avoid slipping. The advanced approach is validated by using a force-sensitive resistor (FSR402). The events captured with DAVIS camera are processed with specific algorithms to provide feedback to the Baxter robot aiding it to detect the slip.
Sensors, Jun 29, 2020
The importance of securing communications on the Internet of Things (IoT) cannot be overstated. T... more The importance of securing communications on the Internet of Things (IoT) cannot be overstated. This is especially the case in light of the increasing proliferation of IoT devices and instances, as well as the growing dependence on their usage. Meanwhile, there have recently been mounting concerns over a wide array of vulnerabilities in IoT communications. The objective of this work is to address constraints in IoT devices that are "resource-constrained", which are devices that are limited in terms of computing, energy, communication, or range capabilities, whether in terms of nominal or temporal limitations. Specifically, we propose a framework for resource-aiding constrained devices to facilitate secure communication. Without loss of generalization, the framework's viability is illustrated by focusing on a group of security functions that utilize message authentication codes, which is a strongly representative example of resource-intensive security functions. Aspects of the framework are further demonstrated in processing cores commonly used in commercial IoT devices.
IEEE Internet of Things Journal, Oct 1, 2014
The next-generation mobile networks will be equipped with sophisticated communication security, e... more The next-generation mobile networks will be equipped with sophisticated communication security, ensuring the safety and authenticity of the transmitted information. However, many of today's prominent security measures are cryptography-based and present several operational challenges in mobile computing systems. Thus, enforcing security measures can greatly affect communication performance, particularly, when it comes to time-based guarantees such as delay and jitter. Moreover, mobile computing systems have limited energy sources, which can be depleted quickly by improperly enforcing such resource-intensive operations. Therefore, it becomes vital to understand the computational characteristics of security measures from a communication perspective. By observing these characteristics, it may be possible for existing and future mobile systems to be suited with security functions that provide the sufficient communication security while maintaining both the power-efficiency and the delay/jitter requirements. In this paper, we propose a benchmarking environment for evaluating cryptography-based security functions from a communication perspective. The paper investigates how mobile systems' design and operation characteristics have a significant impact on the computational characteristics of security functions. The paper explores the evaluation metrics that can be used in benchmarking security functions within various communication settings and proposes the use of a simple and effective delay-based metric for the benchmarking process. The computational characteristics of some selected security functions are evaluated under the proposed benchmarking environment and presented in this paper. While the main focus of the work is the widely utilized mobile communication settings, the proposed evaluation scheme can be applied for other communication settings and for noncryptographic security functions.
With the increased popularity of both Internet and mobile computing, several security mechanisms,... more With the increased popularity of both Internet and mobile computing, several security mechanisms, each using various cryptography functions, have been proposed to ensure that future generation Internets will guarantee both authenticity and data integrity. These functions are usually computationally intensive resulting in large communication delays and energy consumption for the power-limited mobile systems. The functions are also implemented in variety of ways with different resource demands, and may run differently depending on platform. Since communications within the next generation Internet are to be secured, it is important for a mobile system to be suited to the function that provide sufficient communication security while maintaining both power-efficiency and delay requirements. This paper benchmarks mobile systems with cryptographic functions used in message authentication. This paper also introduces a metric, namely apparent processing, that makes benchmarking meaningful for mobile systems with multiple processing cores or utilizing hardware-based cryptography. In addition, this paper discusses some of evaluated functions' computational characteristics observed through benchmarking on selected mobile computing architectures.
Bandwidth adaptation (BA) mechanisms provide an effective solution for handling congestion in wir... more Bandwidth adaptation (BA) mechanisms provide an effective solution for handling congestion in wireless multimedia networks. Several factors go into the design of a bandwidth adaptation mechanism. In this paper, we investigate some of these factors and study their effect on the performance of bandwidth adaptation mechanisms. A simple model was proposed to help us with our study. Simulation results show that each of the studied factors can positively affect the performance of bandwidth adaptation mechanisms in certain scenarios.
This paper discusses energy consumption reduction in Zigbee based networks. We introduce energy c... more This paper discusses energy consumption reduction in Zigbee based networks. We introduce energy consumption benchmarking platform (ECBP) - a versatile data acquisition based energy consumption profiling system for WSNs. The ECBP can be utilized to find power intensive processes in a given system, discover energy consumption anomalies and wasted power, measure active duty and sleep cycles, measure voltage, current, power, and energy consumption for a given time period, and discover power consumption related faults in sensor networks. We show how to use ECBP on a Zigbee based sensor network to reduce power consumption by an order of magnitude, thus, extending the network lifetime by the same factor.
The Internet has been repeatedly demonstrated to be insufficiently secure for transferring sensit... more The Internet has been repeatedly demonstrated to be insufficiently secure for transferring sensitive information worldwide. This insecurity is an inherent characteristic as the Internet did not make any security considerations in its initial design. Rather, as is famously known, it was designed to connect "mutually trusting users". Such void motivated a long and extensive history of a variety of trust measures to secure Internet communications at its different levels or layers. To date, however, the proposed security measures have been identified as computationally demanding, especially as they utilize cryptographic computations. In light of the evolution of the Internet-of-Things (IoT) and therefore the growing reliance on elements with limited capabilities (in terms of computing and/or energy), facilitating security becomes an equally increasing challenge. Such elements include embedded systems, sensors/actuators, small-scale mobile and wireless devices, in addition to various elements utilized in real-time and/or delay-critical applications. Considerations must therefore be made for addressing the computational challenge while providing the required security. In the meanwhile, any meaningful security solution must be global (i.e., Internet-wide) in its operation. Our objective in this thesis is to demonstrate that an adaptive, end-to-end security solution for the next generation Internet is viable. Integral to our thesis is a holistic and innovative proposal for a Context-Aware and Real-time Entrustment framework or (CARE). The framework comprises a set of security components and modules designed to satisfy the observed and expected needs of next generation computing networks and their elements. While introducing the components and operations of our framework, we showcase how they can help into providing security services for the futuristic NGI communication trends. We then introduce a new approach in empirical analysis for cryptographic functions through which their use of computation resource can be identified and/or predicted. The outcome of this approach is applied in designing a robust security adaptation strategy for the CARE ii framework. A complementary resource-aide system is also presented in order to facilitate the secure endto-end operation. iii Dedication To my caring parents, Mohammad and Mona, …to my treasured wife, Hiba, …to my wonderful kids, Yusuf, Saif, and the not yet born Mustafa, …to my beloved siblings:
A visionbased 3D scene analysis system is described that is capable to model complex realworld sc... more A visionbased 3D scene analysis system is described that is capable to model complex realworld scenes like old building, bridges and vestiges automatically from a sequence of calibrated images. Input to the system is a sequence of calibrated stereoscopic images which can be taken with a hand held camera. The camera is then moved throughout the scene and a long sequence of closely spaced views is recorded. A multi-view algorithm is used to link the corresponding points along a sequence of images. 3D model is reconstructed using triangulation directly from the image sequence, which allows fusing 3D surface measurements from different viewpoints into a consistent 3D model scene using a Kalman filter. The surface geometry of each scene object is approximated by a triangular surface mesh which stores the surface texture in a texture map. From the textured 3D models, realistic looking image sequences from arbitrary view points can be used in many applications. We demonstrate the successful application of the approach to several outdoor image sequences for some famous Egyptian vestiges in a framework that aims to electronically document Egypts cultural and natural heritage.
arXiv (Cornell University), Jul 30, 2018
In this paper, an optic disc and cup segmentation method is proposed using U-Net followed by a mu... more In this paper, an optic disc and cup segmentation method is proposed using U-Net followed by a multi-scale feature matching network. The proposed method targets task 2 of the REFUGE challenge 2018. In order to solve the segmentation problem of task 2, we firstly crop the input image using single shot multibox detector (SSD). The cropped image is then passed to an encoder-decoder network with skip connections also known as generator. Afterwards, both the ground truth and generated images are fed to a convolution neural network (CNN) to extract their multi-level features. A dice loss function is then used to match the features of the two images by minimizing the error at each layer. The aggregation of error from each layer is back-propagated through the generator network to enforce it to generate a segmented image closer to the ground truth. The CNN network improves the performance of the generator network without increasing the complexity of the model.
Mobile computing proved to be essential in today's cyber communications. However, entities in mob... more Mobile computing proved to be essential in today's cyber communications. However, entities in mobile computing are known of having limited energy, physical, and logical resources. This imposes various challenges that greatly affect communication quality and performance of those mobile entities, especially when applying computationally-intensive security measures that are essential for protecting the communication sessions. Therefore, it becomes vital to seek suitable security techniques that balance between the communication performance and the resource context of those mobile entities. In this paper, we introduce the use of external aiding entities to assist in securing communications between feature-limited and resource-challenged next-generation mobile entities. We start with outlining different resource aiding approaches that help in securing communications. Then we discuss, in brief, both the design criteria and directions for a security resource aider. We, in the end, outline some of the challenges toward using security resource aiding in mobile and next generation communications.
The Industrial Internet-of-Things (IIoT) has gained significant interest from both the research a... more The Industrial Internet-of-Things (IIoT) has gained significant interest from both the research and industry communities. Such interest came with a vision towards enabling automation and intelligence for futuristic versions of our day to day devices. However, such a vision demands the need for accelerated research and development of IIoT systems, in which sensor integration, due to their diversity, impose a significant roadblock. Such roadblocks are embodied in both the cost and time to develop an IIoT platform, imposing limits on the innovation of sensor manufacturers, as a result of the demand to maintain interface compatibility for seamless integration and low development costs. In this paper, we propose an IIoT system architecture (SandBoxer) tailored for sensor integration, that utilizes a collaborative set of efforts from various technologies and research fields. The paper introduces the concept of "development-sandboxing" as a viable choice towards building the foundation for enabling true-plug-and-play IIoT. We start by outlining the key characteristics desired to create an architecture that catalyzes IIoT research and development. We then present our vision of the architecture through the use of a sensor-hosted EEPROM and scripting to "sandbox" the sensors, which in turn accelerates sensor integration for developers and creates a broader innovation path for sensor manufacturers. We also discuss multiple design alternative, challenges, and use cases in both the research and industry.
The IoT industry involves a wide diversity of sensing and control transducers, each using a diffe... more The IoT industry involves a wide diversity of sensing and control transducers, each using a different type of interfacing and operation technology. Such diversity creates a wide range of challenges to large-scale IoT development and deployment. Despite the numerous research efforts in current literature that aim to provide solutions for IoT transducer interfacing, there remains a massive lack of critical features that enable the broad adoption for large-scale applications. In this paper, we introduce a dynamic transducer interface, WhiteBus, that has the simplicity of bare-metal interfacing for IoT developers yet offers low-cost transducer integration flexibility for the manufacturers. WhiteBus exposes multiple peripherals from an IoT device to the connected transducers using a compact bus interface, mapping only the peripherals required by each transducer. Thus allowing manufacturers to reduce the time to market and reach a larger adoption audience without the need for integrating complex interfacing controllers, instead, only adding a memory unit to the transducer. We illustrate WhiteBus architecture and operational flow while outlining how it simplifies the integration and improves the cost-effectiveness for both IoT transducer manufacturers and platform developers. We then qualitatively compare WhiteBus with selected interfacing efforts for IoT, illustrating their essential differences and noting WhiteBus applicability in the IoT industry.
HAL (Le Centre pour la Communication Scientifique Directe), Apr 23, 2017
As 3D data is getting more popular, techniques for retrieving a particular 3D model are necessary... more As 3D data is getting more popular, techniques for retrieving a particular 3D model are necessary. We want to recognize a 3D model from a single photograph; as any user can easily get an image of a model he/she would like to find, requesting by an image is indeed simple and natural. However, a 2D intensity image is relative to viewpoint, texture and lighting condition and thus matching with a 3D geometric model is very challenging. This paper proposes a first step towards matching a 2D image to models, based on features repeatable in 2D images and in depth images (generated from 3D models); we show their independence to textures and lighting. Then, the detected features are matched to recognize 3D models by combining HOG (Histogram Of Gradients) descriptors and repeatability scores. The proposed methods reaches a recognition rate of 72% among 12 3D objects categories, and outperforms classical feature detection techniques for recognizing 3D models using a single image.
International journal of computer and technology, Oct 15, 2013
The concept of Public key cryptosystems based on error correcting codes was invented by McEliece ... more The concept of Public key cryptosystems based on error correcting codes was invented by McEliece in 1978. In 1991 Gabidulin, Paramonov and Tretjakov proposed a new version of the McEliece cryptosystem (GPT) based on maximum rank distance codes instead of hamming distance codes. Respective structural attacks against different variants of the GPT cryptosystem were proposed by Gibson and lately by Overbeck. The Overbeck attack breaks all variants of the GPT cryptosystem and is turned out to be either polynomial or exponential depending on parameters of the cryptosystem. Furthermore, In 2013, Gaborit et al. have presented a decoding attack against the parameters of the simple variant of the GPT cryptosystem which were demonstrated to combat the GPT cryptosystem against Overbeck's attack. In this paper, we introduce two new secure approaches against both the structural (Overbeck's attack) and decoding (brute force) attacks. The first one is called Distortion Matrix Approach (DMA), and the second is called Advanced Approach for Reducible Rank Codes (ARC). The DMA based on proper choice of a distortion matrix X , while, the ARC based on a proper choice of a scramble matrix P. Furthermore, we evaluate the simple variant of GPT cryptosystem against Gaborit et al. attack and demonstrate a new set of parameters which are secure against all known attacks. Our results show the proposed approaches combat the structural and decoding attacks with a large reduction in the key size in comparison to the original McEliece cryptosystem.
Communication security measures are becoming prominent standards of next generation mobile networ... more Communication security measures are becoming prominent standards of next generation mobile networks. These measures usually involve resource-intensive cryptographic operations that can greatly affect communication performance, particularly when it comes to time-based guarantees such as delay and jitter. It this becomes vital to understand the computational characteristics of such operations from a communication perspective. The determination of these characteristics, however, is challenging with mobile computing as computational resources are dynamically managed for balanced performance and energy-efficiency. This paper investigates different mobile computing resource management features, and evaluates their impact on the evaluation of cryptographic functions used in message authentication, and on the design considerations for future context-aware security protocols.
The objective of this paper is to describe an approach to detect the slip and contact force in re... more The objective of this paper is to describe an approach to detect the slip and contact force in real-time feedback. In this novel approach DAVIS camera used as a vision tactile sensor due to its fast process speed and high resolution. Two hundred experiments were performed on four objects with different shape, size, weight and material to compare the accuracy and respond of the Baxter robot grippers to avoid slipping. The advanced approach is validated by using a force-sensitive resistor (FSR402). The events captured with DAVIS camera are processed with specific algorithms to provide feedback to the Baxter robot aiding it to detect the slip.
Sensors, Jun 29, 2020
The importance of securing communications on the Internet of Things (IoT) cannot be overstated. T... more The importance of securing communications on the Internet of Things (IoT) cannot be overstated. This is especially the case in light of the increasing proliferation of IoT devices and instances, as well as the growing dependence on their usage. Meanwhile, there have recently been mounting concerns over a wide array of vulnerabilities in IoT communications. The objective of this work is to address constraints in IoT devices that are "resource-constrained", which are devices that are limited in terms of computing, energy, communication, or range capabilities, whether in terms of nominal or temporal limitations. Specifically, we propose a framework for resource-aiding constrained devices to facilitate secure communication. Without loss of generalization, the framework's viability is illustrated by focusing on a group of security functions that utilize message authentication codes, which is a strongly representative example of resource-intensive security functions. Aspects of the framework are further demonstrated in processing cores commonly used in commercial IoT devices.
IEEE Internet of Things Journal, Oct 1, 2014
The next-generation mobile networks will be equipped with sophisticated communication security, e... more The next-generation mobile networks will be equipped with sophisticated communication security, ensuring the safety and authenticity of the transmitted information. However, many of today's prominent security measures are cryptography-based and present several operational challenges in mobile computing systems. Thus, enforcing security measures can greatly affect communication performance, particularly, when it comes to time-based guarantees such as delay and jitter. Moreover, mobile computing systems have limited energy sources, which can be depleted quickly by improperly enforcing such resource-intensive operations. Therefore, it becomes vital to understand the computational characteristics of security measures from a communication perspective. By observing these characteristics, it may be possible for existing and future mobile systems to be suited with security functions that provide the sufficient communication security while maintaining both the power-efficiency and the delay/jitter requirements. In this paper, we propose a benchmarking environment for evaluating cryptography-based security functions from a communication perspective. The paper investigates how mobile systems' design and operation characteristics have a significant impact on the computational characteristics of security functions. The paper explores the evaluation metrics that can be used in benchmarking security functions within various communication settings and proposes the use of a simple and effective delay-based metric for the benchmarking process. The computational characteristics of some selected security functions are evaluated under the proposed benchmarking environment and presented in this paper. While the main focus of the work is the widely utilized mobile communication settings, the proposed evaluation scheme can be applied for other communication settings and for noncryptographic security functions.
With the increased popularity of both Internet and mobile computing, several security mechanisms,... more With the increased popularity of both Internet and mobile computing, several security mechanisms, each using various cryptography functions, have been proposed to ensure that future generation Internets will guarantee both authenticity and data integrity. These functions are usually computationally intensive resulting in large communication delays and energy consumption for the power-limited mobile systems. The functions are also implemented in variety of ways with different resource demands, and may run differently depending on platform. Since communications within the next generation Internet are to be secured, it is important for a mobile system to be suited to the function that provide sufficient communication security while maintaining both power-efficiency and delay requirements. This paper benchmarks mobile systems with cryptographic functions used in message authentication. This paper also introduces a metric, namely apparent processing, that makes benchmarking meaningful for mobile systems with multiple processing cores or utilizing hardware-based cryptography. In addition, this paper discusses some of evaluated functions' computational characteristics observed through benchmarking on selected mobile computing architectures.
Bandwidth adaptation (BA) mechanisms provide an effective solution for handling congestion in wir... more Bandwidth adaptation (BA) mechanisms provide an effective solution for handling congestion in wireless multimedia networks. Several factors go into the design of a bandwidth adaptation mechanism. In this paper, we investigate some of these factors and study their effect on the performance of bandwidth adaptation mechanisms. A simple model was proposed to help us with our study. Simulation results show that each of the studied factors can positively affect the performance of bandwidth adaptation mechanisms in certain scenarios.
This paper discusses energy consumption reduction in Zigbee based networks. We introduce energy c... more This paper discusses energy consumption reduction in Zigbee based networks. We introduce energy consumption benchmarking platform (ECBP) - a versatile data acquisition based energy consumption profiling system for WSNs. The ECBP can be utilized to find power intensive processes in a given system, discover energy consumption anomalies and wasted power, measure active duty and sleep cycles, measure voltage, current, power, and energy consumption for a given time period, and discover power consumption related faults in sensor networks. We show how to use ECBP on a Zigbee based sensor network to reduce power consumption by an order of magnitude, thus, extending the network lifetime by the same factor.