Research & Grants

 RESEARCH INTERESTS

RESEARCH GRANTS

RESEARCH CONTRIBUTIONS

Attribute-based access control : Cloud Computing is characterized by virtual world with unlimited capability in terms of storage and processing power. Cloud computing allows computer users to conveniently rent access to fully featured applications, software development and deployment environments and computing infrastructure assets such as network-accessible data storage and processing with its salient features: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.

    Mobile devices have become the primary computing device for individual and organizational users, and a popular mobile application (app) category is cloud apps. For example, Dropbox, a popular cloud storage app, has between 500 million and one billion downloads on Google Play store as of 16 December 2015. The aim is to ensure that data outsourced to the cloud will be protected from unauthorized access. Attribute-based Access Control techniques (for example, Ciphertext-Policy Attribute-Based Encryption and Key-Policy Attribute-Based Encryption) are the most suitable cryptographic tools to provide the data confidentiality as well as data accesses control in the field of cloud computing. However, mobile devices are generally resource-constrained, and cloud services are Internet-based and pay-and-use services. Thus, one of the associated key security challenges is the design of lightweight cryptographic solutions for mobile clients. 

   Contributions

Hierarchical access control : In a computer system, the information privacy stems from the legal decisions made to regulate proper accesses to the private information. The access matrix model has been used widely in order to produce the access control mechanism for the computer users. Since access control matrix is a spare matrix, storing it directly in the system requires a huge amount of storage space, and thus, it increases the implementation cost of the system. In order to remedy these drawbacks, a hierarchical representation mechanism was proposed in the literature, and such an hierarchy, called a user hierarchy. In many organizations, the personnel are frequently organized in the form of a hierarchy, and the information is distributed over the hierarchy on a need-to-know basis. This implies that the hierarchy represents the personnel relationships among the users in the system. The private information (objects) maintained by the organization are often stored in a database (or broadcast over the system), and the legitimate users in that organization can access those information according to their defined access privileges. Suppose a trusted central authority (CA) is responsible for managing the users and their access privileges. Let the users of a computer system be divided into different disjoint security classes (classes, in short) according to their positions and access control authorities in the system. Assume that the users are divided into n disjoint classes, say C1 , C2 , · · · , Cn , and a binary relation “≥” partially orders the set of security classes C = {C1 , C2 , · · · , Cn }, that is, it forms a partially ordered set (POSET, in short) with respect to the binary operation “≥” satisfying the following three properties:

(i). Reflexive property: Ci ≥ Ci , ∀Ci ∈ C;

(ii). Anti-symmetric property: If Ci , Cj ∈ C such that Ci ≥ Cj and Cj ≥ Ci , then Ci = Cj ;

(iii). Transitive property: If Ci , Cj , Ck ∈ C such that Ci ≥ Cj and Cj ≥ Ck , then Ci ≥ Ck .

The relation Ci ≥ Cj in the POSET (C, ≥) represents that the users in the class Ci have a security level higher than or equal to those in the class Cj . Thus, the users in class Ci can have access to the information held by (or destined to) the users in class Cj , while the reverse is not allowed. For example, Xm is a piece of information that the CA desires to store in (or broadcast over) the system which is accessible to users in the class Cm . Then, the partially order relation “≥” on C implies that Xm is also accessible to the users in all classes Ci such that Ci ≥ Cm. 

    

      Contributions

Time-bound hierarchical access control : A time-bound hierarchical key assignment scheme is a method to assign time-dependent encryption keys and private information to each class in the hierarchy, in such a way that key derivation also depends on temporal constraints. Once a time period expires, users in a class should not be able to access any subsequent keys if they are not authorized to do so. It has numerous applications including the Pay-TV systems and web-based subscription services. 

    Contributions

Client-server authentication : In a client-server authentication, a remote server verifies whether a login client is genuine and trustworthy, and also for mutual authentication purpose a login client validates whether the remote server is genuine and trustworthy.

    Contributions

Authentication in Telecare Medicine Information System (TMIS) : In TMIS, the patients at home and the doctors at a clinic or home healthcare agency communicate through public networks. In order to safeguard patients’ privacy, such as telephone number, medical record number, health information, the mechanism for authentication and key agreement protocols is extremely required. An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients health. However, in such system the illegal access must be prevented and the information from theft during transmission over the insecure Internet need to be prevented. To tackle such serious problems, the remote user authentication plays an important role.

   Contributions

Three-party authentication : In two-party password authenticated key exchange scheme, the two parties A and B share a password in advance and establish a common session key to communicate securely. However, in large-scale communication environments, the password management can be a challenging issue. In order to overcome this problem, three-party authenticated key exchange (3PAKE) techniques was introduced in the literature. In 3PAKE, the trusted server S exists and mediates between two communicating parties A and B to allow mutual authentication and agree on a common session key.

   Contributions

Authentication in Near Field Communication (NFC) : In the NFC environment, the Trusted Service Manager (TSM) is responsible to distribute user keys to the registered users based upon the requests from the users and it does not involve in the authentication process. The authentication protocol involves only two parties, namely, an initiator user and a target user. The initiator user generates a radio frequency field and starts the NFC interface. After receiving communication signals, the target user sends a response message to the initiator user through the radio frequency field. After mutual authentication, both the initiator user and target user establish and agree on a secure session key. Due to the shared nature of wireless communication networks, there are several kinds of security vulnerabilities in NFC environment including impersonation and man-in-the-middle attacks. Thus, the security is one of the prerequisite for NFC applications. Moreover, transmission capacity of NFC technology is limited as its operating frequency is 13.56 MHz with transmission speed ranging from 106 Kbps to 424 Kbps up to 10 cm. Since the widely use of mobile devices, such as smart phones and personal laptops, in combination of NFC technology, authentication protocol must ensure high security along with low computation and communication costs.

   Contributions

Single Sign-on mechanism for distributed computer networks : Due to the portability and availability of mobile devices, such as smart phones and laptops, the usage of mobile devices is largely increasing in the real-life applications. The mobile user can use the mobile devices to access multi-services, such as process online payment, order goods, receive/reply electronic mails, or download music, etc., from the different service providers in distributed computer networks. Thus, the distributed locations of service providers make it efficient and convenient for subscribers to access the resources. In a single-server environment, a user needs to register with each server separately and keep different identity/password pairs for accessing each service provider. Thus, when users have to keep so much secret information, security problems can occur and increase the overhead for the networks. In a unidirectional identification scheme, an entity identifies the other party by challenging some secret information, and then, mutual identification can allow two communicating parties to verify each other. However, it is impossible to directly apply two-party authentication methods for a single server environment to a multi-server environment. To withstand these security drawbacks, several multi-server authentication schemes have been presented in the literature. The single sign-on (SSO) authentication is a good remedy to this problem as it allows a user with a single credential to access multiple service providers. In a multi-server environment, there are three parties, namely user (U ), service provider (S), registration center (RC). We can divide the multi-server authentication schemes into the following two categories: 

    The user privacy is also a desirable in distributed computing environment since the information exchanged might be abused by some other organizations for marketing purposes. Thus, the authentication schemes become the trusted components in a communication system in order to protect the sensitive information against a malicious adversary by means of providing variety of security services, such as mutual authentication, user credentials privacy and session key security.

   Contributions

Authentication in Smart Grid : Recently, the smart grid technology is recognized as the next generation of power grid. It uses two-way flows of electricity and information to create a widely distributed automated energy delivery network. A smart grid usually contains four components: sensing, communication, control, and actuation systems. The smart meters (SMs) are 9the important components of a smart grid, which are composed of sensing and communication modules, and the service systems from service providers (SPs) contain communication, control, and actuation modules. The use of SMs is rapidly increasing in the homes to monitor energy consumption in real time and SMs provide power pricing information to consumers. Due to the wireless nature of SMs, a malicious adversary can eavesdrop, modify, and interrupt the transmitted messages between SMs and SPs. Moreover, SMs are installed in the close proximity of houses are usually protected by the physical locks only. Thus, there is a possibility to compromise physically the SMs by an adversary when he/she breaks the physical lock, and also impersonates those SMs by capturing the secret credentials stored in its memory. The information of energy use is stored at the SMs and distributed thereafter acts as an information-rich side channel; it reveals the customer behaviors and habits, for example, the activities like watching television have the detectable power consumption signatures. Hence, the credentials’ privacy is also another important issue in the smart grid. As a result, SMs are most attractive targets for an adversary as the vulnerabilities can easily be monetized. Since the rapid growth in the smart grid technology, designing a secure and efficient key distribution mechanism for smart grid environment becomes an emerging research topic.

    Contributions

Key management in wireless sensor networks : An access control scheme in wireless sensor networks consists of two tasks: node authentication and key establishment. In node authentication, a deployed node needs to prove its identity to its neighbour nodes and also to prove that it has the right to access the existing sensor network. On the other hand, in key establishment, the secret shared keys need to be established between a deployed node and its neighbour nodes to protect secure communications among them.

    Contributions

Authentication in vehicular ad-hoc networks : Vehicular Ad hoc Network (VANET) is considered as a special type of Mobile Ad hoc Network (MANET), which allows the vehicles on roads to form a self-organized network. VANETs provide multiple benefits, such as the in-built warning system which warns the driver about the accidents so that he/she can take quick decisions on the basis of provided information. The vehicles further share the information with each other. It also provides information about 10traffic congestion at the different roads so that driver can take decision on the basis of this information and can select alternative roads. In summary, VANETs help to improve the road environment, infotainment dissemination, and traffic safety for drivers as well as passengers. Recent studies reveals that the market for vehicular communications will reach several billions of euros in the coming year. Therefore, considerable research efforts are needed in this field.

    Contributions