Browsing by Author "Hussein, Omar"

Now showing 1 - 8 of 8

Identification of Threats and Vulnerabilities in Public Cloud-Based Apache Hadoop Distributed File System
(Institute of Electrical and Electronics Engineers Inc, 2020-04) Hussein, Omar
Information security issues in public clouds are amplified by Big Data, s unique security challenges originating from its volumetric data storage from a wide variety of sources and structures. Apache Hadoop (AH) framework is driving the Big Data paradigm is for its effectiveness in processing large datasets. AH is a typical Platform-as-a-Service cloud computing model. It is centered on the underlying Hadoop Distributed File System (HDFS). AH was originally designed to run in a well controlled private computing environment. However, when AH operates in a public cloud in large clusters, its built-in security mechanisms are subject to different types of threats. Motivated by such fundamental design concept and deployment computing environment, and for HDFS being a core component of AH, the contribution of this paper is to identify, expose, and discuss security threats and vulnerabilities in public cloud-based HDFS. © 2019 IEEE.
Limitations of current security measures to address information leakage attacks
(International Journal of Computer Science and Information Security, 2014) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
Information leakage attacks represent a serious threat for their widespread and devastating effects. Their significance stems from the fact that they are committed by an organization’s authorized computer users, and/or processes executing on their behalf. The diverse avenues that could be exploited to carry out such attacks add another barrier towards addressing them. Based on literature review, this paper explores strengths of security measures intended to confront information leakage attacks, and focuses on pinpointing their respective limitations. It demonstrates that only few of them are capable of mitigating such attacks, whereas the rest suffer from conceptual and/or implementation-related limitations that render them vulnerable to circumvention. They are basically prone to high false positive and/or false negative rates, complex to apply, inflexible during execution, suffer from degraded performance, or require hardware modification. Most importantly, neither of them provides a remedy for new undete
A Novel Approach to Address Information Leakage Attacks Based on Machine Virtualization
(LJS Publishing, 2014) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
In a traditional non-virtualized computer system the whole software stack is highly vulnerable to security breaches. This is mainly caused by the coexistence of deployed security systems in the same space as the potentially compromised operating system and applications that often run with administrative privileges. In such a structure, compromising, bypassing, disabling, or even subverting deployed security systems become trivial. Machine virtualization provides a powerful abstraction for addressing information security issues. Its isolation, encapsulation, and partitioning properties can be leveraged to reduce computer systems’ susceptibility to security breaches. This paper demonstrates that machine virtualization when employed and synthesized with cryptography would preserve information confidentiality even in an untrusted machine. It presents a novel information security approach called Virtualized Anti-Information Leakage (VAIL). Its objective is to thwart malicious software and insiders’ information leakage attacks on sensitive files after decryption in potentially compromised computer systems. VAIL’s defenses are evaluated against a variety of information leakage attacks including: (1) direct attacks launched on sensitive files from an untrusted virtual machine, and a compromised virtual machine monitor; and (2) indirect attacks exploiting covert storage and timing channels. Based on the security evaluation, it is concluded that VAIL effectively complied with the security requirements, and met its objective.
A Proposed Anti-Fraud Authentication Approach for Mobile Banking Apps
(IEEE, 2022-12) Hussein, Omar
This paper proposes a novel user-transparent unavoidable authentication approach for mobile banking apps. It is called Mobile Device Fingerprinting-Based Identifier and Authenticator (MDFIA). The objective is to detect and prevent mobile banking fraud despite the spoofer knowing the legitimate bank customer user's credentials. MDFIA exploits mobile device fingerprinting to generate a unique 256-bit mobile device credentials hash for each user. MDFIA merges the user's credentials with the user's unique 256-bit mobile device credentials hash to distinguish a legitimate bank account owner from a spoofer. In this context, verification of a user's unique 256-bit mobile device credentials hash acts as a second authentication factor that is transparent to the user, and cannot be circumvented. Thus, through MDFIA and by exploiting a mobile device's unique 15-digit code International Mobile Equipment Identity of the Subscriber Identity Module card slot of the registered bank's customer mobile number, it is completely insufficient for a fraudulent to illegally know a victim user's credentials, and use a similar mobile device as that of the victim. However, it is essential for the fraudulent to illegally know a victim user's credentials, and additionally use the mobile device owned by the victim itself, which is practically very difficult to achieve. © 2022 IEEE.
A proposed approach to detect and thwart previously unknown code injection attacks
(IEEE, 2015) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
This paper presents a proposed approach called VAIL System Call Monitor (YSCM) to detect and thwart previously unknown code injection attacks. The idea is based on the fact that any process needs to correctly invoke CreateProcessO system calls, otherwise child-process creation will fail. YSCM intercepts and verifies CreateProcessO system call invocations from a monitored process. In case an unknown executable is detected in the first parameter of a call, this indicates its maliciousness. In response, YSCM encrypts that parameter value to render the call invalid, thereby thwarting adversaries' attacks by preventing the operating system from loading and executing the new malicious child process. YSCM runs in a microkernel-based virtual machine in order to achieve two-fold advantages: (1) isolate security-critical information from probable adversaries' attacks; and (2) exploit security-related and performance-related advantages associated with thin virtual machine monitors. The expected effectiveness of YSCM is high since it is circumvention-proof, and precise in extracting the normal behavior of applications chosen to be monitored.
A Proposed Approach to Secure Automated Teller Machine-Based Financial Transactions
(Institute of Electrical and Electronics Engineers Inc., 07/12/2021) Hussein, Omar
This paper presents a proposed anti-spoofing third-factor authentication approach for Automated Teller Machines (ATMs). It is called Keypad Typing Rhythm Identifier (KTRID). The objective of this novel user-transparent transactions from spoofing attacks via identity theft. The main motivation to conduct this research is that in 2020 ATMs were the top compromised asset that was successfully attacked. ATM keypad typing rhythm refers to a user's unique keys hits practice that is difficult to mimic by spoofers. KTRID complements the authentication procedure currently used in ATMs in order to hinder spoofing attacks. It is based on exploiting users' unique typing rhythm behavior on the ATMs keypads. It boosts identity affirmation by exploiting the timing variances of keys hits to distinguish a legitimate bank customer from a spoofer. KTRID detects anomalies in the legitimate keypad typing rhythm outlier status of a smart card user. Such that, in case a smart card is stolen or lost, and the accompanying Personal Identification Number (PIN) is exposed or guessed, still the spoofer will not be able to carry out a successful ATM-based financial transaction. Through KTRID, the impersonator will be impinged by the unique typing rhythm behavior of the legitimate bank customer on the ATM keypad. The security evaluation demonstrated that through detecting outliers in a keypad typing rhythm, KTRID effectively prevented spoofing attacks. KTRID is a vital authentication approach, essentially for bank customers who cannot keep control of their smart cards and/or accompanying 4-digit PINs. To the best of the author's knowledge, this paper presents the first proposed approach to employ the typing rhythm behavioral-based biometrics for the purpose of securing ATM-based financial transactions. © 2021 IEEE
A proposed covert channel based on memory reclamation
(IEEE, 2015) Hussein, Omar; Hamza, Nermin; Hefny, Hesham
This paper proposes a covert channel that is specific to virtual machine monitors (VMMs); it is called VMM memory reclamation-based covert storage channel. The paper describes a prospective information leakage attack that can be launched on security-critical processes running in a targeted virtual machine (VM) using the discovered covert channel. This attack exploits a widely adopted VM dynamic memory allocation mechanism called ballooning to breach inter-VM isolation. It involves two cooperating malicious processes: the sender process and the receiver process executing in two VMs: the target VM and the attacking VM respectively. Both VMs run concurrently on top of the same bare-metal VMM. Both malicious processes have access to the dynamically-allocated shared physical memory that is managed by the VMM, and multiplexed between both VMs. The malicious processes exploit the shared memory as a communication medium to leak confidential data. Through VMM memory reclamation-based covert storage channel, the sender process and the receiver process cooperate to force the VMM to reclaim memory pages from the target VM and allocate them to the attacking VM as extra memory space, thereby leaking information from the sender process to the receiver process.
A Proposed Impregnable 256-Bit Hash Producer
(IEEE, 12/30/2019) Hussein, Omar
This paper proposes a robust 256-bit hash producer. The underlying motivation is to overcome security-related limitations of pseudo-random number generators embedded in Linux and Windows, which render these widely used operating systems vulnerable to security breaches. The proposed approach is called Hash Bits Producer-256 (HBP-256). It produces outputs that look like random to an adversary who is unaware of its internal state. In addition, it provides forward and backward security in case its internal state is known to an adversary at any particular time. HBP-256 offers such protection by providing the following capabilities. Firstly, output pseudo-randomness. This is ensured by: (1) seeding and reseeding HBP256 from three sources of entropy input, of which two are non-deterministic hardware sources; and (2) maintaining a high-level entropy input. Secondly, provide forward security. This is ensured by using two one-way irreversible functions: the Secure Hash Algorithm-256 (SHA-256) and SHA-512. Thirdly, provide backward security. This is ensured by: (1) maintaining cumulative entropy; (2) sustaining rapid refreshment rates for the entropy pools; and (3) preserving uniqueness of bits input to the SHA-512 at any particular time. Security analysis is conducted by exposing HBP-256 to external and internal attacks. Based on the security analysis, it is concluded that HBP-256's individual and collaborative defenses successfully address adversaries' attempts to compromise HBP-256 from outside as well as from within its boundary. HBP-256 meets the intended security requirements, and achieves its objective