Salam Khanji | Zayed University (original) (raw)
Papers by Salam Khanji
The evolution of Internet of Things (IoT) enables addressing problems with limited human assistan... more The evolution of Internet of Things (IoT) enables addressing problems with limited human assistance. It offers communication across various modern smart city applications, for example, using communication technologies like wireless sensor networks that would generate a huge amount of data. It is imperative to maintain reliable and trustworthy interactions over things to guarantee proliferation of IoT applications. As these applications are being rolled out in many fields, sensitive data need to be safeguarded against misuse and/or leakage. Moreover, promptness and real-time responses should feature all IoT services. This paper explores, through an experimental framework, the integration of blockchain into IoT in order to investigate its impact, security enhancements, and limitations or open challenges it might bring. A private fork on Ethereum blockchain platform is developed to connect IoT devices (Raspberry pi) deployed to detect car crashes so, that, the process of insurance claims are expediated. The same scenario is also deployed on public Ethereum network in order to offer a comprehensive overview of both public and private blockchain platforms and their related security issues and challenges. The findings formulate a rigid foundation upon which a proper and efficient IoT paradigm can be provisioned to unlock blockchain technology potentials in different other domains besides IoT.
Secure communication is a necessity that must be considered in any smart application to guarantee... more Secure communication is a necessity that must be considered in any smart application to guarantee the confidentiality of information. Recently, ZigBee has been utilized in different smart applications such as automatic metering, power fraud detection, industrial automation and many more. In this research paper, we evaluate the performance of ZigBee from a security perspective. We explore the ZigBee built-in security services, encryption techniques, security keys, and the trust center. The research findings serve as guidelines to focus on wireless communication security in general and on the ZigBee security issues in specific. There is a crucial need to fill in the gap where ZigBee has low-complexity processing capabilities and the need to integrate more robust enhancements and security controls.
Database auditing is a prerequisite in the process of database forensics. Log files of different ... more Database auditing is a prerequisite in the process of database forensics. Log files of different types and purposes are used in correlating evidence related to forensic investigation. In this paper, a new framework is proposed to explore and implement auditing features and DBMS-specific built-in utilities to aid in carrying out database forensics. The new framework is implemented in three phases, where ideal forensic auditing settings are suggested, techniques and approaches to conduct forensics are evaluated, and finally database forensic tools are investigated and evaluated. The research findings serve as guidelines toward focusing on database forensics. There is a crucial need to fill in the gap where forensic tools are few and not database specific.
Artificial intelligence (AI) is a transformative technology for potential replacement of human ta... more Artificial intelligence (AI) is a transformative technology for potential replacement of human tasks and activities within industrial, social, intellectual, and digital applications. Network intrusion detection is crucial to identify cyber-attacks in critical infrastructures where a dynamic collection and analysis of network traffic can be conducted using AI. In this research paper we develop a novel intrusion detection architecture to mitigate malicious traffic passing through cyber infrastructure of an organization. We propose to design scenarios based on AI for intelligent self-protection or alert system that will facilitate countering actual cyber-attacks. The system will utilize machine learning algorithm - Random Forest - to offer more flexibility to discover new attacks and to ensure training the system to predict them in the future. Moreover, we design spam filtering program on python to detect spam emails as per email is one of the main attacking vectors that threatens the security of critical infrastructures.
Forensic Science International: Digital Investigation, Oct 1, 2022
Evidence is a tangible demonstrative artifact that proves a fact and shapes the investigation of ... more Evidence is a tangible demonstrative artifact that proves a fact and shapes the investigation of various misconduct cases involving for instance corruption, misbehavior, or violation. It is imperative to maintain proper evidence management to guarantee the admissibility of an evidence in a court of law. Chain of custody forms the forensic link of evidence sequence of control, transfer, and analysis to preserve evidence's integrity and to prevent its contamination. Blockchain, a distributed tamper-resistant ledger can be leveraged to offer a decentralized secure digital evidence system. In this paper, we propose a secure chain of custody framework by utilizing the blockchain technology to store evidence metadata while the evidence is stored in a reliable storage medium. The framework is built on top of a private Ethereum blockchain to document every transmission from the moment the evidence is seized, thus ensuring that evidence can only be accessed or possessed by authorized parties. The framework is integrated with the digital evidence system where evidence is physically stored and locked using smart locks. To secure the sequence of evidence submission and retrieval, only an authorized party can possess the key to unlock the evidence. Our proposed framework offers a secure solution that maintains evidence integrity and admissibility among multiple stakeholders such as law enforcement agencies, lawyers, and forensic professionals. The research findings shed light on hidden opportunities for the efficient usage of blockchain in other realms beyond finance and cryptocurrencies.
Forensic Science International: Digital Investigation
2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2019
The recent advancements in information and communication technologies are tackling problems in ci... more The recent advancements in information and communication technologies are tackling problems in cities that do strive for urbanization; from economy and transportation, to sustainable and luxury life style. The concept of smart cities is being widespread and several suggested sensing paradigms are currently adopted. Participatory sensing applications offer plenty advantages over the traditional networking sensors, however; its applicability is highly dependent on the voluntary participation of its owners which can be strictly bounded by security challenges. This paper highlights the security concerns in the context of urban sensing scheme and their direct implications on the embracement of such a paradigm. Moreover, it surveys suggested countermeasures to overcome the possible exposure of user's private information. The research's findings formulate the required knowledge upon which more robust and rigid urban sensing scheme can be visualized.
2019 4th International Conference on System Reliability and Safety (ICSRS), 2019
The evolution of Internet of Things (IoT) enables addressing problems with limited human assistan... more The evolution of Internet of Things (IoT) enables addressing problems with limited human assistance. It offers communication across various modern smart city applications, for example, using communication technologies like wireless sensor networks that would generate a huge amount of data. It is imperative to maintain reliable and trustworthy interactions over things to guarantee proliferation of IoT applications. As these applications are being rolled out in many fields, sensitive data need to be safeguarded against misuse and/or leakage. Moreover, promptness and real-time responses should feature all IoT services. This paper explores, through an experimental framework, the integration of blockchain into IoT in order to investigate its impact, security enhancements, and limitations or open challenges it might bring. A private fork on Ethereum blockchain platform is developed to connect IoT devices (Raspberry pi) deployed to detect car crashes so, that, the process of insurance clai...
2019 10th International Conference on Information and Communication Systems (ICICS), 2019
Ridesharing or carpooling has a valuable potential in large cities that suffer from traffic jams ... more Ridesharing or carpooling has a valuable potential in large cities that suffer from traffic jams and congestion especially in places with poor public transportation infrastructure and fuel trip expenses are too high. By increasing the level of vehicles occupancy; colleagues who share the same workplace can smoothly hop into each other’s vehicles to reach their destination. In this research paper we utilize the decentralization nature of the blockchain to build a smart ridesharing application – GreenRide - through incentivizing its users via token rewards. Our work investigates boosting ridesharing efficiency through utilizing the blockchain merits of decentralization, trustless, and scalability. We also emphasize on the application’s environmental impacts where it promotes carbon emission reduction, and enhances air quality. Moreover, the research paper identifies GreenRide’s economic and social impacts as per it helps road users to share the costly fuel expenses and to create friendships between like-minded people respectively. The research findings unlock the tremendous potential of the blockchain technology in other business-related fields not only limited to finance and cryptocurrencies.
2019 10th International Conference on Information and Communication Systems (ICICS), 2019
Secure communication is a necessity that must be considered in any smart application to guarantee... more Secure communication is a necessity that must be considered in any smart application to guarantee the confidentiality of information. Recently, ZigBee has been utilized in different smart applications such as automatic metering, power fraud detection, industrial automation and many more. In this research paper, we evaluate the performance of ZigBee from a security perspective. We explore the ZigBee built-in security services, encryption techniques, security keys, and the trust center. The research findings serve as guidelines to focus on wireless communication security in general and on the ZigBee security issues in specific. There is a crucial need to fill in the gap where ZigBee has low-complexity processing capabilities and the need to integrate more robust enhancements and security controls.
Advances in Intelligent Systems and Computing, 2019
Advanced Metering Infrastructure (AMI) is the aggregation of smart meters, communications network... more Advanced Metering Infrastructure (AMI) is the aggregation of smart meters, communications networks, and data management systems that are tailored to meet the efficient integration of renewable energy resources. The more complex features and soundless functionalities the AMI is enhanced with, the more cyber security concerns are raised and must be taken into consideration. It is imperative to assure consumer’s privacy and security to guarantee the proliferation of rolling out smart metering infrastructure. This research paper analyzes AMI from security perspectives; it discusses the possible vulnerabilities associated with different attack surfaces in the smart meter, their security and threat implications, and finally it recommends proper security controls and countermeasures. The research findings draw the foundation upon which robust security by design approach is geared for the deployment of the AMI in the future.
Cluster Computing, 2020
The constant development of interrelated computing devices and the emergence of new network techn... more The constant development of interrelated computing devices and the emergence of new network technologies have caused a dramatic growth in the number of Internet of Things (IoT) devices. It has brought great convenience to people’s lives where its applications have been leveraged to revolutionize everyday objects connected in different life aspects such as smart home, healthcare, transportation, environment, agriculture, and military. This interconnectivity of IoT objects takes place through networks on centralized cloud infrastructure that is not constrained to national or jurisdictional boundaries. It is crucial to maintain security, robustness, and trustless authentication to guarantee secure exchange of critical user data among IoT objects. Consequently, blockchain technology has recently emerged as a tenable solution to offer such prominent features. Blockchain’s secure decentralization can overcome security, authentication, and maintenance limitations of current IoT ecosystem. In this paper we conduct a comprehensive literature review to address recent security and privacy challenges related to IoT where they are categorized according to IoT layered architecture: perception, network, and application layer. Further, we investigate blockchain technology as a key pillar to overcome many of IoT security and privacy problems. Additionally, we explore the blockchain technology and its added values when combined with other new technologies as machine learning especially in intrusion detection systems. Moreover, we highlight challenges and privacy issues resulted due to integration of blockchain in IoT applications. Finally, we propose a framework of IoT security and privacy requirements via blockchain technology. Our main contribution is to exhaust the literature to highlight the recent IoT security and privacy issues and how blockchain can be utilized to overcome these issues, nevertheless; we address challenges and open security issues that blockchain may impose on the current IoT systems. Research findings formulate a rigid foundation upon which an efficient and secure adoption of IoT and blockchain is highlighted accordingly.
2016 7th International Conference on Information, Intelligence, Systems & Applications (IISA), 2016
Smart city applications are developed to facilitate the urbanization and massive development all ... more Smart city applications are developed to facilitate the urbanization and massive development all over the world. This is achieved with real time responses to challenges faced by different sectors, such as health, transportation, water and energy. Smart meter is one of the smart city applied solutions, which facilitates to overcome the increased demand on electricity. This research examines smart meter in the context of energy sector to exploit its related features in the process of Demand Side Management (DSM) to facilitate energy efficiency. A smartphone application is developed that facilitate integration of client in DSM for energy efficiency. The feasibility of such application is reflected on the smart meter business model adopted in Abu Dhabi. Consequently, fundamentals are established to initiate cost-benefit analysis to evaluate the rolling out of advanced metering infrastructure.
2016 7th International Conference on Information and Communication Systems (ICICS), 2016
Humans communication and interaction have dramatically changed in the last century with the intro... more Humans communication and interaction have dramatically changed in the last century with the introduction of advanced technologies. One important form of communication are electronic mails (email), as it is not only used for personal purposes but also used on a professional level. With the increase of electronic communication, spams have widely increased targeting individuals, having a doubtful intention such as stealing personal information to be misused or even to paralyze the Email system by injecting viruses. Therefore, to protect email users from spams and viruses, it is crucial to protect our SMTP server. In this paper, a case study is raised by configuring two SMTP servers and 6 different scenarios, for the purpose of evaluating and addressing email security issues. Various anti-spam and filtering techniques were highlighted and analyzed, along with reporting and visualizing functionalities to further assist system administrators to control and monitor SMTP server.
2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), 2015
Database auditing is a prerequisite in the process of database forensics. Log files of different ... more Database auditing is a prerequisite in the process of database forensics. Log files of different types and purposes are used in correlating evidence related to forensic investigation. In this paper, a new framework is proposed to explore and implement auditing features and DBMS-specific built-in utilities to aid in carrying out database forensics. The new framework is implemented in three phases, where ideal forensic auditing settings are suggested, techniques and approaches to conduct forensics are evaluated, and finally database forensic tools are investigated and evaluated. The research findings serve as guidelines toward focusing on database forensics. There is a crucial need to fill in the gap where forensic tools are few and not database specific.
2016 18th International Conference on Advanced Communication Technology (ICACT), 2016
Business enterprises are competing to get their applications up and running faster with improved ... more Business enterprises are competing to get their applications up and running faster with improved manageability and less maintenance by reassigning the ability to IT specialists to adjust resources in order to meet business fluctuating needs. This can be achieved through utilizing the Cloud Computing Model which is distinguished by 'pay as you go' model. The model offers solutions of storage, convenient and on-demand access to a shared pool of configurable computing resources. As with any novel technology, Cloud Computing is subject to security threats and vulnerabilities including network threats, information threats and underlying infrastructure threats. In this paper, we present a framework by which penetration testing is conducted to highlight possible vulnerabilities within our private Cloud Computing infrastructure, simulate attacks to exploit discovered vulnerabilities such as Denial of Service (DoS) and Man-in-the-Cloud attacks , apply countermeasures to prevent such attacks, and then to exemplify a recommended best practice protection mechanism which will contribute to the Cloud Computing security.
2016 IEEE International Workshop on Information Forensics and Security (WIFS), 2016
This paper highlights the challenges faced due to non-availability of trusted specialized forensi... more This paper highlights the challenges faced due to non-availability of trusted specialized forensic tools for conducting investigation on gaming consoles. We have developed a framework to examine existing state-of-the-art forensic acquisition and analysis tools by exploring their applicability to eighth generation gaming consoles such as the Xbox One and PlayStation 4. The framework is used to validate the acquired images, compare the retrieved artifacts before and after restoring the console to the factory settings, and to conduct network forensics on both devices. The paper reveals the need of specialized forensic tools for forensic analysis of these devices.
Artificial intelligence (AI) is a transformative technology for potential replacement of human ta... more Artificial intelligence (AI) is a transformative technology for potential replacement of human tasks and activities within industrial, social, intellectual, and digital applications. Network intrusion detection is crucial to identify cyber-attacks in critical infrastructures where a dynamic collection and analysis of network traffic can be conducted using AI. In this research paper we develop a novel intrusion detection architecture to mitigate malicious traffic passing through cyber infrastructure of an organization. We propose to design scenarios based on AI for intelligent self-protection or alert system that will facilitate countering actual cyber-attacks. The system will utilize machine learning algorithm - Random Forest - to offer more flexibility to discover new attacks and to ensure training the system to predict them in the future. Moreover, we design spam filtering program on python to detect spam emails as per email is one of the main attacking vectors that threatens the security of critical infrastructures.
2019 4th International Conference on System Reliability and Safety (ICSRS), 2019
The evolution of Internet of Things (IoT) enables addressing problems with limited human assistan... more The evolution of Internet of Things (IoT) enables addressing problems with limited human assistance. It offers communication across various modern smart city applications, for example, using communication technologies like wireless sensor networks that would generate a huge amount of data. It is imperative to maintain reliable and trustworthy interactions over things to guarantee proliferation of IoT applications. As these applications are being rolled out in many fields, sensitive data need to be safeguarded against misuse and/or leakage. Moreover, promptness and real-time responses should feature all IoT services. This paper explores, through an experimental framework, the integration of blockchain into IoT in order to investigate its impact, security enhancements, and limitations or open challenges it might bring. A private fork on Ethereum blockchain platform is developed to connect IoT devices (Raspberry pi) deployed to detect car crashes so, that, the process of insurance clai...
The evolution of Internet of Things (IoT) enables addressing problems with limited human assistan... more The evolution of Internet of Things (IoT) enables addressing problems with limited human assistance. It offers communication across various modern smart city applications, for example, using communication technologies like wireless sensor networks that would generate a huge amount of data. It is imperative to maintain reliable and trustworthy interactions over things to guarantee proliferation of IoT applications. As these applications are being rolled out in many fields, sensitive data need to be safeguarded against misuse and/or leakage. Moreover, promptness and real-time responses should feature all IoT services. This paper explores, through an experimental framework, the integration of blockchain into IoT in order to investigate its impact, security enhancements, and limitations or open challenges it might bring. A private fork on Ethereum blockchain platform is developed to connect IoT devices (Raspberry pi) deployed to detect car crashes so, that, the process of insurance claims are expediated. The same scenario is also deployed on public Ethereum network in order to offer a comprehensive overview of both public and private blockchain platforms and their related security issues and challenges. The findings formulate a rigid foundation upon which a proper and efficient IoT paradigm can be provisioned to unlock blockchain technology potentials in different other domains besides IoT.
Secure communication is a necessity that must be considered in any smart application to guarantee... more Secure communication is a necessity that must be considered in any smart application to guarantee the confidentiality of information. Recently, ZigBee has been utilized in different smart applications such as automatic metering, power fraud detection, industrial automation and many more. In this research paper, we evaluate the performance of ZigBee from a security perspective. We explore the ZigBee built-in security services, encryption techniques, security keys, and the trust center. The research findings serve as guidelines to focus on wireless communication security in general and on the ZigBee security issues in specific. There is a crucial need to fill in the gap where ZigBee has low-complexity processing capabilities and the need to integrate more robust enhancements and security controls.
Database auditing is a prerequisite in the process of database forensics. Log files of different ... more Database auditing is a prerequisite in the process of database forensics. Log files of different types and purposes are used in correlating evidence related to forensic investigation. In this paper, a new framework is proposed to explore and implement auditing features and DBMS-specific built-in utilities to aid in carrying out database forensics. The new framework is implemented in three phases, where ideal forensic auditing settings are suggested, techniques and approaches to conduct forensics are evaluated, and finally database forensic tools are investigated and evaluated. The research findings serve as guidelines toward focusing on database forensics. There is a crucial need to fill in the gap where forensic tools are few and not database specific.
Artificial intelligence (AI) is a transformative technology for potential replacement of human ta... more Artificial intelligence (AI) is a transformative technology for potential replacement of human tasks and activities within industrial, social, intellectual, and digital applications. Network intrusion detection is crucial to identify cyber-attacks in critical infrastructures where a dynamic collection and analysis of network traffic can be conducted using AI. In this research paper we develop a novel intrusion detection architecture to mitigate malicious traffic passing through cyber infrastructure of an organization. We propose to design scenarios based on AI for intelligent self-protection or alert system that will facilitate countering actual cyber-attacks. The system will utilize machine learning algorithm - Random Forest - to offer more flexibility to discover new attacks and to ensure training the system to predict them in the future. Moreover, we design spam filtering program on python to detect spam emails as per email is one of the main attacking vectors that threatens the security of critical infrastructures.
Forensic Science International: Digital Investigation, Oct 1, 2022
Evidence is a tangible demonstrative artifact that proves a fact and shapes the investigation of ... more Evidence is a tangible demonstrative artifact that proves a fact and shapes the investigation of various misconduct cases involving for instance corruption, misbehavior, or violation. It is imperative to maintain proper evidence management to guarantee the admissibility of an evidence in a court of law. Chain of custody forms the forensic link of evidence sequence of control, transfer, and analysis to preserve evidence's integrity and to prevent its contamination. Blockchain, a distributed tamper-resistant ledger can be leveraged to offer a decentralized secure digital evidence system. In this paper, we propose a secure chain of custody framework by utilizing the blockchain technology to store evidence metadata while the evidence is stored in a reliable storage medium. The framework is built on top of a private Ethereum blockchain to document every transmission from the moment the evidence is seized, thus ensuring that evidence can only be accessed or possessed by authorized parties. The framework is integrated with the digital evidence system where evidence is physically stored and locked using smart locks. To secure the sequence of evidence submission and retrieval, only an authorized party can possess the key to unlock the evidence. Our proposed framework offers a secure solution that maintains evidence integrity and admissibility among multiple stakeholders such as law enforcement agencies, lawyers, and forensic professionals. The research findings shed light on hidden opportunities for the efficient usage of blockchain in other realms beyond finance and cryptocurrencies.
Forensic Science International: Digital Investigation
2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2019
The recent advancements in information and communication technologies are tackling problems in ci... more The recent advancements in information and communication technologies are tackling problems in cities that do strive for urbanization; from economy and transportation, to sustainable and luxury life style. The concept of smart cities is being widespread and several suggested sensing paradigms are currently adopted. Participatory sensing applications offer plenty advantages over the traditional networking sensors, however; its applicability is highly dependent on the voluntary participation of its owners which can be strictly bounded by security challenges. This paper highlights the security concerns in the context of urban sensing scheme and their direct implications on the embracement of such a paradigm. Moreover, it surveys suggested countermeasures to overcome the possible exposure of user's private information. The research's findings formulate the required knowledge upon which more robust and rigid urban sensing scheme can be visualized.
2019 4th International Conference on System Reliability and Safety (ICSRS), 2019
The evolution of Internet of Things (IoT) enables addressing problems with limited human assistan... more The evolution of Internet of Things (IoT) enables addressing problems with limited human assistance. It offers communication across various modern smart city applications, for example, using communication technologies like wireless sensor networks that would generate a huge amount of data. It is imperative to maintain reliable and trustworthy interactions over things to guarantee proliferation of IoT applications. As these applications are being rolled out in many fields, sensitive data need to be safeguarded against misuse and/or leakage. Moreover, promptness and real-time responses should feature all IoT services. This paper explores, through an experimental framework, the integration of blockchain into IoT in order to investigate its impact, security enhancements, and limitations or open challenges it might bring. A private fork on Ethereum blockchain platform is developed to connect IoT devices (Raspberry pi) deployed to detect car crashes so, that, the process of insurance clai...
2019 10th International Conference on Information and Communication Systems (ICICS), 2019
Ridesharing or carpooling has a valuable potential in large cities that suffer from traffic jams ... more Ridesharing or carpooling has a valuable potential in large cities that suffer from traffic jams and congestion especially in places with poor public transportation infrastructure and fuel trip expenses are too high. By increasing the level of vehicles occupancy; colleagues who share the same workplace can smoothly hop into each other’s vehicles to reach their destination. In this research paper we utilize the decentralization nature of the blockchain to build a smart ridesharing application – GreenRide - through incentivizing its users via token rewards. Our work investigates boosting ridesharing efficiency through utilizing the blockchain merits of decentralization, trustless, and scalability. We also emphasize on the application’s environmental impacts where it promotes carbon emission reduction, and enhances air quality. Moreover, the research paper identifies GreenRide’s economic and social impacts as per it helps road users to share the costly fuel expenses and to create friendships between like-minded people respectively. The research findings unlock the tremendous potential of the blockchain technology in other business-related fields not only limited to finance and cryptocurrencies.
2019 10th International Conference on Information and Communication Systems (ICICS), 2019
Secure communication is a necessity that must be considered in any smart application to guarantee... more Secure communication is a necessity that must be considered in any smart application to guarantee the confidentiality of information. Recently, ZigBee has been utilized in different smart applications such as automatic metering, power fraud detection, industrial automation and many more. In this research paper, we evaluate the performance of ZigBee from a security perspective. We explore the ZigBee built-in security services, encryption techniques, security keys, and the trust center. The research findings serve as guidelines to focus on wireless communication security in general and on the ZigBee security issues in specific. There is a crucial need to fill in the gap where ZigBee has low-complexity processing capabilities and the need to integrate more robust enhancements and security controls.
Advances in Intelligent Systems and Computing, 2019
Advanced Metering Infrastructure (AMI) is the aggregation of smart meters, communications network... more Advanced Metering Infrastructure (AMI) is the aggregation of smart meters, communications networks, and data management systems that are tailored to meet the efficient integration of renewable energy resources. The more complex features and soundless functionalities the AMI is enhanced with, the more cyber security concerns are raised and must be taken into consideration. It is imperative to assure consumer’s privacy and security to guarantee the proliferation of rolling out smart metering infrastructure. This research paper analyzes AMI from security perspectives; it discusses the possible vulnerabilities associated with different attack surfaces in the smart meter, their security and threat implications, and finally it recommends proper security controls and countermeasures. The research findings draw the foundation upon which robust security by design approach is geared for the deployment of the AMI in the future.
Cluster Computing, 2020
The constant development of interrelated computing devices and the emergence of new network techn... more The constant development of interrelated computing devices and the emergence of new network technologies have caused a dramatic growth in the number of Internet of Things (IoT) devices. It has brought great convenience to people’s lives where its applications have been leveraged to revolutionize everyday objects connected in different life aspects such as smart home, healthcare, transportation, environment, agriculture, and military. This interconnectivity of IoT objects takes place through networks on centralized cloud infrastructure that is not constrained to national or jurisdictional boundaries. It is crucial to maintain security, robustness, and trustless authentication to guarantee secure exchange of critical user data among IoT objects. Consequently, blockchain technology has recently emerged as a tenable solution to offer such prominent features. Blockchain’s secure decentralization can overcome security, authentication, and maintenance limitations of current IoT ecosystem. In this paper we conduct a comprehensive literature review to address recent security and privacy challenges related to IoT where they are categorized according to IoT layered architecture: perception, network, and application layer. Further, we investigate blockchain technology as a key pillar to overcome many of IoT security and privacy problems. Additionally, we explore the blockchain technology and its added values when combined with other new technologies as machine learning especially in intrusion detection systems. Moreover, we highlight challenges and privacy issues resulted due to integration of blockchain in IoT applications. Finally, we propose a framework of IoT security and privacy requirements via blockchain technology. Our main contribution is to exhaust the literature to highlight the recent IoT security and privacy issues and how blockchain can be utilized to overcome these issues, nevertheless; we address challenges and open security issues that blockchain may impose on the current IoT systems. Research findings formulate a rigid foundation upon which an efficient and secure adoption of IoT and blockchain is highlighted accordingly.
2016 7th International Conference on Information, Intelligence, Systems & Applications (IISA), 2016
Smart city applications are developed to facilitate the urbanization and massive development all ... more Smart city applications are developed to facilitate the urbanization and massive development all over the world. This is achieved with real time responses to challenges faced by different sectors, such as health, transportation, water and energy. Smart meter is one of the smart city applied solutions, which facilitates to overcome the increased demand on electricity. This research examines smart meter in the context of energy sector to exploit its related features in the process of Demand Side Management (DSM) to facilitate energy efficiency. A smartphone application is developed that facilitate integration of client in DSM for energy efficiency. The feasibility of such application is reflected on the smart meter business model adopted in Abu Dhabi. Consequently, fundamentals are established to initiate cost-benefit analysis to evaluate the rolling out of advanced metering infrastructure.
2016 7th International Conference on Information and Communication Systems (ICICS), 2016
Humans communication and interaction have dramatically changed in the last century with the intro... more Humans communication and interaction have dramatically changed in the last century with the introduction of advanced technologies. One important form of communication are electronic mails (email), as it is not only used for personal purposes but also used on a professional level. With the increase of electronic communication, spams have widely increased targeting individuals, having a doubtful intention such as stealing personal information to be misused or even to paralyze the Email system by injecting viruses. Therefore, to protect email users from spams and viruses, it is crucial to protect our SMTP server. In this paper, a case study is raised by configuring two SMTP servers and 6 different scenarios, for the purpose of evaluating and addressing email security issues. Various anti-spam and filtering techniques were highlighted and analyzed, along with reporting and visualizing functionalities to further assist system administrators to control and monitor SMTP server.
2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), 2015
Database auditing is a prerequisite in the process of database forensics. Log files of different ... more Database auditing is a prerequisite in the process of database forensics. Log files of different types and purposes are used in correlating evidence related to forensic investigation. In this paper, a new framework is proposed to explore and implement auditing features and DBMS-specific built-in utilities to aid in carrying out database forensics. The new framework is implemented in three phases, where ideal forensic auditing settings are suggested, techniques and approaches to conduct forensics are evaluated, and finally database forensic tools are investigated and evaluated. The research findings serve as guidelines toward focusing on database forensics. There is a crucial need to fill in the gap where forensic tools are few and not database specific.
2016 18th International Conference on Advanced Communication Technology (ICACT), 2016
Business enterprises are competing to get their applications up and running faster with improved ... more Business enterprises are competing to get their applications up and running faster with improved manageability and less maintenance by reassigning the ability to IT specialists to adjust resources in order to meet business fluctuating needs. This can be achieved through utilizing the Cloud Computing Model which is distinguished by 'pay as you go' model. The model offers solutions of storage, convenient and on-demand access to a shared pool of configurable computing resources. As with any novel technology, Cloud Computing is subject to security threats and vulnerabilities including network threats, information threats and underlying infrastructure threats. In this paper, we present a framework by which penetration testing is conducted to highlight possible vulnerabilities within our private Cloud Computing infrastructure, simulate attacks to exploit discovered vulnerabilities such as Denial of Service (DoS) and Man-in-the-Cloud attacks , apply countermeasures to prevent such attacks, and then to exemplify a recommended best practice protection mechanism which will contribute to the Cloud Computing security.
2016 IEEE International Workshop on Information Forensics and Security (WIFS), 2016
This paper highlights the challenges faced due to non-availability of trusted specialized forensi... more This paper highlights the challenges faced due to non-availability of trusted specialized forensic tools for conducting investigation on gaming consoles. We have developed a framework to examine existing state-of-the-art forensic acquisition and analysis tools by exploring their applicability to eighth generation gaming consoles such as the Xbox One and PlayStation 4. The framework is used to validate the acquired images, compare the retrieved artifacts before and after restoring the console to the factory settings, and to conduct network forensics on both devices. The paper reveals the need of specialized forensic tools for forensic analysis of these devices.
Artificial intelligence (AI) is a transformative technology for potential replacement of human ta... more Artificial intelligence (AI) is a transformative technology for potential replacement of human tasks and activities within industrial, social, intellectual, and digital applications. Network intrusion detection is crucial to identify cyber-attacks in critical infrastructures where a dynamic collection and analysis of network traffic can be conducted using AI. In this research paper we develop a novel intrusion detection architecture to mitigate malicious traffic passing through cyber infrastructure of an organization. We propose to design scenarios based on AI for intelligent self-protection or alert system that will facilitate countering actual cyber-attacks. The system will utilize machine learning algorithm - Random Forest - to offer more flexibility to discover new attacks and to ensure training the system to predict them in the future. Moreover, we design spam filtering program on python to detect spam emails as per email is one of the main attacking vectors that threatens the security of critical infrastructures.
2019 4th International Conference on System Reliability and Safety (ICSRS), 2019
The evolution of Internet of Things (IoT) enables addressing problems with limited human assistan... more The evolution of Internet of Things (IoT) enables addressing problems with limited human assistance. It offers communication across various modern smart city applications, for example, using communication technologies like wireless sensor networks that would generate a huge amount of data. It is imperative to maintain reliable and trustworthy interactions over things to guarantee proliferation of IoT applications. As these applications are being rolled out in many fields, sensitive data need to be safeguarded against misuse and/or leakage. Moreover, promptness and real-time responses should feature all IoT services. This paper explores, through an experimental framework, the integration of blockchain into IoT in order to investigate its impact, security enhancements, and limitations or open challenges it might bring. A private fork on Ethereum blockchain platform is developed to connect IoT devices (Raspberry pi) deployed to detect car crashes so, that, the process of insurance clai...