Visible to the public Biblio

Filters: Author is Aman, W.  [Clear All Filters]
2021-01-20
Aman, W., Haider, Z., Shah, S. W. H., Rahman, M. M. Ur, Dobre, O. A..  2020.  On the Effective Capacity of an Underwater Acoustic Channel under Impersonation Attack. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—7.

This paper investigates the impact of authentication on effective capacity (EC) of an underwater acoustic (UWA) channel. Specifically, the UWA channel is under impersonation attack by a malicious node (Eve) present in the close vicinity of the legitimate node pair (Alice and Bob); Eve tries to inject its malicious data into the system by making Bob believe that she is indeed Alice. To thwart the impersonation attack by Eve, Bob utilizes the distance of the transmit node as the feature/fingerprint to carry out feature-based authentication at the physical layer. Due to authentication at Bob, due to lack of channel knowledge at the transmit node (Alice or Eve), and due to the threshold-based decoding error model, the relevant dynamics of the considered system could be modelled by a Markov chain (MC). Thus, we compute the state-transition probabilities of the MC, and the moment generating function for the service process corresponding to each state. This enables us to derive a closed-form expression of the EC in terms of authentication parameters. Furthermore, we compute the optimal transmission rate (at Alice) through gradient-descent (GD) technique and artificial neural network (ANN) method. Simulation results show that the EC decreases under severe authentication constraints (i.e., more false alarms and more transmissions by Eve). Simulation results also reveal that the (optimal transmission rate) performance of the ANN technique is quite close to that of the GTJ method.

2020-11-02
Aman, W., Khan, F..  2019.  Ontology-based Dynamic and Context-aware Security Assessment Automation for Critical Applications. 2019 IEEE 8th Global Conference on Consumer Electronics (GCCE). :644–647.

Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.